Malware Analysis Report

2025-03-15 04:34

Sample ID 241027-1c6pdazrdj
Target http://wallpapercave.com
Tags
defense_evasion discovery execution persistence privilege_escalation spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://wallpapercave.com was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery execution persistence privilege_escalation spyware stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Modifies WinLogon for persistence

Process spawned unexpected child process

Downloads MZ/PE file

Modifies RDP port number used by Windows

Drops file in Drivers directory

Sets service image path in registry

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Reads user/profile data of web browsers

Checks computer location settings

Checks BIOS information in registry

Event Triggered Execution: Component Object Model Hijacking

Loads dropped DLL

Impair Defenses: Safe Mode Boot

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Checks system information in the registry

Drops file in System32 directory

Drops file in Windows directory

Drops file in Program Files directory

System Network Configuration Discovery: Internet Connection Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Enumerates system info in registry

Modifies registry class

Modifies Internet Explorer settings

Kills process with taskkill

Checks SCSI registry key(s)

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Script User-Agent

Runs ping.exe

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious behavior: LoadsDriver

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2024-10-27 21:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-27 21:31

Reported

2024-10-27 21:51

Platform

win10v2004-20241007-en

Max time kernel

1013s

Max time network

1213s

Command Line

C:\Windows\Explorer.EXE

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\MsContainerwinHost\\NW_store.exe\", \"C:\\Recovery\\WindowsRE\\NW_store.exe\", \"C:\\xvirus\\fontdrvhost.exe\", \"C:\\Program Files (x86)\\WindowsPowerShell\\Configuration\\Registration\\dllhost.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\MsContainerwinHost\\NW_store.exe\", \"C:\\Recovery\\WindowsRE\\NW_store.exe\", \"C:\\xvirus\\fontdrvhost.exe\", \"C:\\Program Files (x86)\\WindowsPowerShell\\Configuration\\Registration\\dllhost.exe\", \"C:\\Program Files (x86)\\Google\\Temp\\NW_store.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\MsContainerwinHost\\NW_store.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\MsContainerwinHost\\NW_store.exe\", \"C:\\Recovery\\WindowsRE\\NW_store.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, \"C:\\MsContainerwinHost\\NW_store.exe\", \"C:\\Recovery\\WindowsRE\\NW_store.exe\", \"C:\\xvirus\\fontdrvhost.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Windows\SYSTEM32\schtasks.exe

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 5276 created 3588 N/A C:\Users\Admin\Downloads\MBSetup.exe C:\Windows\Explorer.EXE

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\DRIVERS\mbam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\farflt.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies RDP port number used by Windows

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\xam.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\fast!.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\service.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\Windows\SysWOW64\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation C:\MsContainerwinHost\comagentFontsavescommon.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\Downloads\xam.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\FastSRV.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\Fast!.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe N/A
N/A N/A C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe N/A
N/A N/A C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
N/A N/A C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nsmE01A.tmp N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe N/A
N/A N/A C:\Users\Admin\Downloads\a0b8965f84345db720bf8220c4f848d4027635f7e1837ca5daa6870ba861476c.exe N/A
N/A N/A C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\service.exe N/A
N/A N/A C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
N/A N/A C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
N/A N/A C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NW_store = "\"C:\\Recovery\\WindowsRE\\NW_store.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NW_store = "\"C:\\Recovery\\WindowsRE\\NW_store.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i" C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NW_store = "\"C:\\MsContainerwinHost\\NW_store.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dllhost = "\"C:\\Program Files (x86)\\WindowsPowerShell\\Configuration\\Registration\\dllhost.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dllhost = "\"C:\\Program Files (x86)\\WindowsPowerShell\\Configuration\\Registration\\dllhost.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i" C:\Users\Admin\AppData\Local\Temp\nsmE01A.tmp N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NW_store = "\"C:\\MsContainerwinHost\\NW_store.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NW_store = "\"C:\\Program Files (x86)\\Google\\Temp\\NW_store.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=423FD5C7-8559-4B8C-BF1F-C9D05C9F0FD3X /rid=20241027213308.822240708031 /ver=fa.1092c" C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default" C:\Users\Admin\AppData\Local\Temp\nsmE01A.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fontdrvhost = "\"C:\\xvirus\\fontdrvhost.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\fontdrvhost = "\"C:\\xvirus\\fontdrvhost.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NW_store = "\"C:\\Program Files (x86)\\Google\\Temp\\NW_store.exe\"" C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default" C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=423FD5C7-8559-4B8C-BF1F-C9D05C9F0FD3X /rid=20241027214154.8241233218 /ver=fa.1092c" C:\Users\Admin\AppData\Local\Temp\nsmE01A.tmp N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\V: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\J: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\K: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\S: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\U: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\X: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\F: C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
File opened (read-only) \??\W: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\Z: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\E: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\M: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\R: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\H: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\T: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files (x86)\Fast!\fast!.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files (x86)\Fast!\fast!.exe N/A

Checks system information in the registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.lock C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8f740d9e-ea97-cb41-8721-19613bb82bd3}\mbtun.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8f740d9e-ea97-cb41-8721-19613bb82bd3}\SET67B0.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\ntdll.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\repdrvfs.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\Amsi.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\rpcrt4.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\kernelbase.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{8f740d9e-ea97-cb41-8721-19613bb82bd3}\SET67AF.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\combase.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{8f740d9e-ea97-cb41-8721-19613bb82bd3}\mbtun.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created \??\c:\Windows\System32\lhkpi-.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt1.log C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files (x86)\Xvirus Anti-Malware\database\whitelist.xdb C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Serilog.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\de.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\ig.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Style.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.WebHeaderCollection.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Data.Sqlite.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.inf C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\icons\checkbox-checked.svg C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-string-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-crt-multibyte-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\it\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Prism.Wpf.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\sidebar-btn-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.WebClient.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\it\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\System.ServiceProcess.ServiceController.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\et.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader_icd.json C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\mscorrc.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.TrayNotification.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.provider.e_sqlcipher.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Data.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-crt-process-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.IO.FileSystem.AccessControl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Reflection.Emit.Lightweight.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\cs\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\System.DirectoryServices.Protocols.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Xaml.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\resources.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-crt-math-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.Mail.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\de\PresentationCore.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\it\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Runtime.CompilerServices.VisualC.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Runtime.Loader.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Xvirus Anti-Malware\database\heurblist.xdb C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\hostpolicy.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\hr.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\Microsoft.Win32.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationUI.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\it.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Fast!\ui\images\survey-bg.png C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files (x86)\Xvirus Anti-Malware\quarantine\vk_swiftshader.dll27-10-2024-9-43-33.infected C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Private.Uri.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.ServiceProcess.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Services.deps.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\v8_context_snapshot.bin C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Diagnostics.Contracts.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.IO.UnmanagedMemoryStream.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Diagnostics.EventLog.Messages.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files (x86)\Fast!\nwjs\locales\es.pak.info C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\CSC\MBAMService.exe C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
File created C:\Windows\ServiceState\EventLog\Data\fontdrvhost.exe C:\MsContainerwinHost\comagentFontsavescommon.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\FastSRV.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nsmE01A.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\a0b8965f84345db720bf8220c4f848d4027635f7e1837ca5daa6870ba861476c.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\service.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MBSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\Fast!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\WScript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Fast!\fast!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

System Network Configuration Discovery: Internet Connection Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133745383110440432" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50538523-AA2F-40D3-9B58-DB51D5BD3D4A}\ = "_IMBAMServiceControllerEventsV3" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{23416CFE-018D-418E-8CE9-5729D070CCED} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D8258E71-3A7A-4D9D-85BB-C7999F95B7E4}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{118F4330-CAF5-4A54-ABB0-DC936669ED2F} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF153224-DA64-41F1-AA87-321B345870FA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B860FC17-5606-4F3A-8AE5-E1C139D8BDE3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0468FE5A-FFDA-4F57-83F5-79116160E9B8}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D10B0F61-43AA-40F4-9C6C-57D29CA8544E}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4D6484EE-AA00-472F-A4F0-18D905C71EA3} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F3968E6D-3FD5-4707-A5A8-4E8C3C042062}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}\1.0\0\win64 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{738848E2-18E4-40F8-9C08-60BC0505E9E9}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18C5830A-FF78-4172-9DFB-E4016D1C1F31}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E423AF9-25D2-451E-8D81-08D44F63D83F}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{81701AB9-0B9C-49FE-9C79-C3C4DCA91E7B}\ = "ICleanControllerV7" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{738848E2-18E4-40F8-9C08-60BC0505E9E9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{767D2042-D2F6-4BAA-B30E-00E0CD4015BD} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A574BA8-3535-41F9-AB73-FA93F8A7DC3B}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2D611EAD-3FEE-4343-98B7-DB35565577CE} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090D2E82-C71B-414E-AF6A-6681A92FF2B3}\ = "IRTPControllerV7" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E4BDE5F8-F8D4-4E50-937F-85E8382A9FEE}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}\ = "_IMBAMServiceControllerEventsV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E0F1EE6-E7CA-4BEE-8C08-0959842DA615}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC97FF29-5CE2-4897-8175-94672057E02D}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46AEAC9A-C091-4B63-926C-37CFBD9D244F}\ = "IRTPControllerEventsV5" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B243B0B7-0567-4DA5-B8E4-A4CE22A4F2B6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F967173-2B83-4B7F-A633-074B06FD0C64}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE7ABFE9-8F8F-4EDD-86BD-9209FD072126}\ = "IScanControllerEventsV11" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E41AC038-1688-417F-BE23-52D898B93903}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36BABBB6-6184-44EC-8109-76CBF522C9EF}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72F290D5-789C-4D8A-9EBE-63ECEA150373} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E95BF32A-DE84-4E41-B836-E2A7BAB962AF}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{698A4513-65F0-46A3-9633-220A6E4D1D07}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4412646D-16F5-4F3C-8348-0744CDEBCCBF} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F81B1882-A388-42E5-9351-05C858E52DDC}\ = "IPoliciesControllerEventsV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C367B540-CEF4-4271-8395-0C28F0FDADDA}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CE9646CD-EB6F-4835-9BE1-364F8896D71E}\ = "IMBAMServiceControllerV12" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{560EB17C-4365-4DFC-A855-F99B223F02AF} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A0F9375-1809-45ED-AFE0-92852B971139}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DEBAD4E-3BAF-44F0-9150-BCCCC3801CF9}\ = "IMWACControllerV14" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34544A67-823A-484D-8E18-371AFEAEC02E} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{02E9FB91-8E7C-46BF-958D-EAF5002A59B8} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MB.MWACController.1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\ProgID C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B3DFEA6-6514-42CF-A091-C4DFFD9C2158}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F3822FA-CCD5-4934-AB6D-3382B2F91DB9}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CC4D9C86-78F2-435F-8355-5328509E04F1}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3F967173-2B83-4B7F-A633-074B06FD0C64}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B44D50B8-E459-4078-9249-3763459B2676}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B860FC17-5606-4F3A-8AE5-E1C139D8BDE3}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\Downloads\Setup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\nse8124.tmp N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\Watchdog.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\Downloads\xam.exe N/A
N/A N/A C:\Users\Admin\Downloads\xam.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\download\SetupEngine.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\FastSRV.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\nwjs\NW_store.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Users\Admin\PCAppStore\PcAppStore.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Fast!\nwjs\nw.exe N/A
N/A N/A C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4928 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 5116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 724 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 2648 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4928 wrote to memory of 1740 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://wallpapercave.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff866c5cc40,0x7ff866c5cc4c,0x7ff866c5cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1728 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2184 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2260 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3036,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3040,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3028,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3648 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3512 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5124,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3084 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4944,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5092,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4984 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5380,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5504,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4804,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4820 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4580,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5748,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5756 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5164,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5040,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5724,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5036,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4736,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5332,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5500,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4920,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5072,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5992 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5376,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5436,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5612 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6128,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5984 /prefetch:8

C:\Users\Admin\Downloads\Setup.exe

"C:\Users\Admin\Downloads\Setup.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=423FD5C7-8559-4B8C-BF1F-C9D05C9F0FD3X&winver=19041&version=fa.1092c&nocache=20241027213241.572&_fcid=1730064747984455

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff866c5cc40,0x7ff866c5cc4c,0x7ff866c5cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6124,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=5428,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5508 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\nse8124.tmp

"C:\Users\Admin\AppData\Local\Temp\nse8124.tmp" /internal 1730064747984455 /force

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6096,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=4936,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6152,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6160,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5552,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=5488,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=5240,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6376 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5320,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6508 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5600,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4476 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6492,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6120 /prefetch:8

C:\Users\Admin\PCAppStore\PcAppStore.exe

"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default

C:\Users\Admin\PCAppStore\Watchdog.exe

"C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=423FD5C7-8559-4B8C-BF1F-C9D05C9F0FD3X /rid=20241027213308.822240708031 /ver=fa.1092c

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

.\nwjs\NW_store.exe .\ui\.

C:\Users\Admin\Downloads\xam.exe

"C:\Users\Admin\Downloads\xam.exe"

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x29c,0x2a0,0x2a4,0x298,0x2a8,0x7ff85499a960,0x7ff85499a970,0x7ff85499a980

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x15c,0x160,0x164,0x138,0x168,0x7ff69ee88a60,0x7ff69ee88a70,0x7ff69ee88a80

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1952 --field-trial-handle=1956,i,17175935579408903515,11900268959221369373,262144 --variations-seed-version /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2420 --field-trial-handle=1956,i,17175935579408903515,11900268959221369373,262144 --variations-seed-version /prefetch:3

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2492 --field-trial-handle=1956,i,17175935579408903515,11900268959221369373,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3040 --field-trial-handle=1956,i,17175935579408903515,11900268959221369373,262144 --variations-seed-version /prefetch:2

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Users\Admin\PCAppStore\download\SetupEngine.exe

"C:\Users\Admin\PCAppStore\download\SetupEngine.exe"

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4616 --field-trial-handle=1956,i,17175935579408903515,11900268959221369373,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe

"C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe"

C:\Windows\SYSTEM32\SchTasks.exe

SchTasks /Create /F /XML "C:\xvirus\startup.xml" /TN "Xvirus startup"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installing.html?guid=423FD5C7-8559-4B8C-BF1F-C9D05C9F0FD3X&_fcid=

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8488346f8,0x7ff848834708,0x7ff848834718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4684 --field-trial-handle=1956,i,17175935579408903515,11900268959221369373,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4668 --field-trial-handle=1956,i,17175935579408903515,11900268959221369373,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3200,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:8

C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe

"C:\Users\Admin\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid /instdir C:\Program Files (x86)\Fast! /startup 1

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -command "Register-ScheduledTask fast_task -InputObject (New-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files (x86)\Fast!\fast!.exe') -Principal (New-ScheduledTaskPrincipal -UserId ($Env:UserDomain + '\' + $Env:UserName) -RunLevel Highest) -Trigger (New-ScheduledTaskTrigger -AtLogon) -Settings (New-ScheduledTaskSettingsSet -MultipleInstances Queue -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries)) -Force"

C:\Windows\SysWOW64\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\Admin\AppData\Local\FAST!\Temp\dskres.xml

C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe

C:\Users\Admin\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\Admin\AppData\Local\FAST!\Temp\testfile.temp

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veryfast.io/installed.php?guid=423FD5C7-8559-4B8C-BF1F-C9D05C9F0FD3X&_fcid=

C:\Program Files (x86)\Fast!\FastSRV.exe

"C:\Program Files (x86)\Fast!\FastSRV.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8488346f8,0x7ff848834708,0x7ff848834718

C:\Program Files (x86)\Fast!\fast!.exe

"C:\Program Files (x86)\Fast!\fast!.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1333032805180835731,10103534736416082049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Fast!\Fast!.exe

"C:\Program Files (x86)\Fast!\Fast!.exe"

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x2b0,0x2b4,0x2b8,0x2ac,0x2bc,0x7ff8484ca970,0x7ff8484ca980,0x7ff8484ca990

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2044 --field-trial-handle=2012,i,4432446905295843956,2916576048740532845,262144 /prefetch:2

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2352 --field-trial-handle=2012,i,4432446905295843956,2916576048740532845,262144 /prefetch:8

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2312 --field-trial-handle=2012,i,4432446905295843956,2916576048740532845,262144 /prefetch:8

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=2012,i,4432446905295843956,2916576048740532845,262144 /prefetch:1

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3964 --field-trial-handle=2012,i,4432446905295843956,2916576048740532845,262144 /prefetch:8

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3716 --field-trial-handle=2012,i,4432446905295843956,2916576048740532845,262144 /prefetch:8

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3956 --field-trial-handle=2012,i,4432446905295843956,2916576048740532845,262144 /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=436 --field-trial-handle=1956,i,17175935579408903515,11900268959221369373,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Fast!\nwjs\nw.exe

"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=440 --field-trial-handle=2012,i,4432446905295843956,2916576048740532845,262144 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6572,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1432,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe

"C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe" C:\Users\Admin\Downloads\Setup.exe

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap22421:190:7zEvent18397

C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe

"C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\MsContainerwinHost\XbzxyZcOnpQflcdDpiS9CmpLat40p7m47ZcP1aBzUSB3men3gAnTOw07Azp.vbe"

C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe

"C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe" C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe

C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe

"C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\MsContainerwinHost\XbzxyZcOnpQflcdDpiS9CmpLat40p7m47ZcP1aBzUSB3men3gAnTOw07Azp.vbe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\MsContainerwinHost\pHO8PqclKXULkE03ccrG.bat" "

C:\MsContainerwinHost\comagentFontsavescommon.exe

"C:\MsContainerwinHost/comagentFontsavescommon.exe"

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 9 /tr "'C:\xvirus\dwm.exe'" /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\xvirus\dwm.exe'" /rl HIGHEST /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "dwmd" /sc MINUTE /mo 13 /tr "'C:\xvirus\dwm.exe'" /rl HIGHEST /f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ctlfsvbb\ctlfsvbb.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8006.tmp" "c:\Users\Admin\PCAppStore\CSC7229ECF31CE545F488664294CA102F65.TMP"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dus0jc3d\dus0jc3d.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES816E.tmp" "c:\Users\Admin\PCAppStore\CSCEAFDD75D858A473E848B237E8F7E123.TMP"

C:\Users\Admin\Downloads\Setup.exe

"C:\Users\Admin\Downloads\Setup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pcapp.store/installing.php?guid=423FD5C7-8559-4B8C-BF1F-C9D05C9F0FD3X&winver=19041&version=fa.1092c&nocache=20241027214044.495&_fcid=1730064747984455

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8488346f8,0x7ff848834708,0x7ff848834718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1107544968018399582,6931012724261148286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\nsmE01A.tmp

"C:\Users\Admin\AppData\Local\Temp\nsmE01A.tmp" /internal 1730064747984455 /force

C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe

"C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe"

C:\Windows\SYSTEM32\SchTasks.exe

SchTasks /Create /F /XML "C:\xvirus\startup.xml" /TN "Xvirus startup"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6620,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6776 /prefetch:1

C:\Users\Admin\PCAppStore\PcAppStore.exe

"C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default

C:\Users\Admin\PCAppStore\Watchdog.exe

"C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=423FD5C7-8559-4B8C-BF1F-C9D05C9F0FD3X /rid=20241027214154.8241233218 /ver=fa.1092c

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

.\nwjs\NW_store.exe .\ui\.

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --monitor-self-argument=/prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x294,0x298,0x29c,0x290,0x2a0,0x7ff850e5a960,0x7ff850e5a970,0x7ff850e5a980

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ff738358a60,0x7ff738358a70,0x7ff738358a80

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1908 --field-trial-handle=2212,i,9247180632878327680,488974009205986388,262144 --variations-seed-version /prefetch:2

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2420 --field-trial-handle=2212,i,9247180632878327680,488974009205986388,262144 --variations-seed-version /prefetch:3

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2460 --field-trial-handle=2212,i,9247180632878327680,488974009205986388,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2496 --field-trial-handle=2212,i,9247180632878327680,488974009205986388,262144 --variations-seed-version /prefetch:2

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4540 --field-trial-handle=2212,i,9247180632878327680,488974009205986388,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x324 0x2fc

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4876 --field-trial-handle=2212,i,9247180632878327680,488974009205986388,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6900,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3068 /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4904 --field-trial-handle=2212,i,9247180632878327680,488974009205986388,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4888 --field-trial-handle=2212,i,9247180632878327680,488974009205986388,262144 --variations-seed-version /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6916,i,13753889364828467229,306782819924289917,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6072 /prefetch:8

C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

"C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4340 --field-trial-handle=2212,i,9247180632878327680,488974009205986388,262144 --variations-seed-version /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap12861:190:7zEvent28034

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7900:190:7zEvent29690

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap3859:190:7zEvent14973

C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe

"C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe" C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe

C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe

"C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe" C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe

C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe

"C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe" C:\Users\Admin\Downloads\a0b8965f84345db720bf8220c4f848d4027635f7e1837ca5daa6870ba861476c.exe

C:\Users\Admin\Downloads\a0b8965f84345db720bf8220c4f848d4027635f7e1837ca5daa6870ba861476c.exe

"C:\Users\Admin\Downloads\a0b8965f84345db720bf8220c4f848d4027635f7e1837ca5daa6870ba861476c.exe"

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM firefox.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM chrome.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM msedge.exe /T

C:\Windows\SysWOW64\taskkill.exe

taskkill /F /IM opera.exe /T

C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe

"C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn MyApp /tr C:\Users\Admin\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Users\Admin\AppData\Roaming\service.exe

C:\Users\Admin\AppData\Roaming\service.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn MyApp /tr C:\Users\Admin\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe

"C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\MsContainerwinHost\XbzxyZcOnpQflcdDpiS9CmpLat40p7m47ZcP1aBzUSB3men3gAnTOw07Azp.vbe"

C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe

"C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn MyApp /tr C:\Users\Admin\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe

"C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn MyApp /tr C:\Users\Admin\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff866c5cc40,0x7ff866c5cc4c,0x7ff866c5cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1824,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2332 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3412,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4564,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3708,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4020,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5112,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4660,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3468,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4608 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5004,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5272,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5276,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5292 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5544,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5548,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5508,i,8642059207731717174,15569156050386402659,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:8

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000138" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe

"C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe"

C:\Windows\SysWOW64\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\MsContainerwinHost\XbzxyZcOnpQflcdDpiS9CmpLat40p7m47ZcP1aBzUSB3men3gAnTOw07Azp.vbe"

C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe

"C:\Users\Admin\Downloads\c658854ae75c8f001ab83644793d6c692f50aeddc29d2c593d6c02c5361add51.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /C schtasks /create /tn MyApp /tr %APPDATA%\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /tn MyApp /tr C:\Users\Admin\AppData\Roaming\service.exe /st 00:00 /du 9999:59 /sc daily /ri 1 /f

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\MsContainerwinHost\pHO8PqclKXULkE03ccrG.bat" "

C:\MsContainerwinHost\comagentFontsavescommon.exe

"C:\MsContainerwinHost/comagentFontsavescommon.exe"

C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe

"C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe"

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "NW_storeN" /sc MINUTE /mo 12 /tr "'C:\MsContainerwinHost\NW_store.exe'" /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "NW_store" /sc ONLOGON /tr "'C:\MsContainerwinHost\NW_store.exe'" /rl HIGHEST /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "NW_storeN" /sc MINUTE /mo 7 /tr "'C:\MsContainerwinHost\NW_store.exe'" /rl HIGHEST /f

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tlhdxhzl\tlhdxhzl.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES97D7.tmp" "c:\Users\Admin\PCAppStore\CSCE1F308A6F13247AD847C9ACDCA46A331.TMP"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe

"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\jor2dszy\jor2dszy.cmdline"

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9CA9.tmp" "c:\Windows\System32\CSC656D626A24FE46149452B57F8B0E95B.TMP"

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "NW_storeN" /sc MINUTE /mo 11 /tr "'C:\Recovery\WindowsRE\NW_store.exe'" /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "NW_store" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\NW_store.exe'" /rl HIGHEST /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "NW_storeN" /sc MINUTE /mo 5 /tr "'C:\Recovery\WindowsRE\NW_store.exe'" /rl HIGHEST /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 12 /tr "'C:\xvirus\fontdrvhost.exe'" /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\xvirus\fontdrvhost.exe'" /rl HIGHEST /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 11 /tr "'C:\xvirus\fontdrvhost.exe'" /rl HIGHEST /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\dllhost.exe'" /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\dllhost.exe'" /rl HIGHEST /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 14 /tr "'C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\dllhost.exe'" /rl HIGHEST /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "NW_storeN" /sc MINUTE /mo 7 /tr "'C:\Program Files (x86)\Google\Temp\NW_store.exe'" /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "NW_store" /sc ONLOGON /tr "'C:\Program Files (x86)\Google\Temp\NW_store.exe'" /rl HIGHEST /f

C:\Windows\SYSTEM32\schtasks.exe

schtasks.exe /create /tn "NW_storeN" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Google\Temp\NW_store.exe'" /rl HIGHEST /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\MsContainerwinHost\NW_store.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Recovery\WindowsRE\NW_store.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\xvirus\fontdrvhost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\WindowsPowerShell\Configuration\Registration\dllhost.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"powershell" -Command Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\Google\Temp\NW_store.exe'

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\UzSHyrBt7v.bat"

C:\Windows\system32\chcp.com

chcp 65001

C:\Windows\system32\PING.EXE

ping -n 10 localhost

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\Windows\SYSTEM32\SchTasks.exe

SchTasks /Create /F /XML "C:\xvirus\startup.xml" /TN "Xvirus startup"

C:\MsContainerwinHost\NW_store.exe

"C:\MsContainerwinHost\NW_store.exe"

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe

"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none

C:\Users\Admin\AppData\LocalLow\IGDump\X86_00\ig.exe

ig.exe timer 4000 17300657180.ext

C:\Users\Admin\AppData\LocalLow\IGDump\X86_03\ig.exe

ig.exe timer 4000 17300657343.ext

C:\Users\Admin\AppData\LocalLow\IGDump\X86_02\ig.exe

ig.exe timer 4000 17300657382.ext

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 wallpapercave.com udp
US 104.22.53.71:80 wallpapercave.com tcp
US 104.22.53.71:80 wallpapercave.com tcp
US 104.22.53.71:443 wallpapercave.com tcp
US 8.8.8.8:53 71.53.22.104.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 104.22.53.71:443 wallpapercave.com udp
US 8.8.8.8:53 www.statcounter.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 142.250.200.42:443 content-autofill.googleapis.com tcp
US 104.20.94.138:443 www.statcounter.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 c.statcounter.com udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.94.20.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 104.20.95.138:443 c.statcounter.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 138.95.20.104.in-addr.arpa udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
GB 142.250.178.14:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.178.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
GB 172.217.169.1:443 ep2.adtrafficquality.google tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 216.58.204.65:443 tpc.googlesyndication.com tcp
GB 172.217.169.36:443 www.google.com udp
GB 216.58.204.65:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 1.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
GB 172.217.169.1:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.187.198:443 s0.2mdn.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
GB 172.217.16.226:443 cm.g.doubleclick.net tcp
GB 172.217.16.226:443 cm.g.doubleclick.net tcp
US 104.18.36.155:443 dsum-sec.casalemedia.com tcp
NL 185.89.210.212:443 ib.adnxs.com tcp
GB 142.250.187.198:443 s0.2mdn.net udp
US 104.18.36.155:443 dsum-sec.casalemedia.com udp
GB 172.217.16.226:443 cm.g.doubleclick.net udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 212.210.89.185.in-addr.arpa udp
GB 142.250.178.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 38.200.250.142.in-addr.arpa udp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.avast.com udp
GB 184.26.133.60:443 www.avast.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 static3.avast.com udp
GB 104.103.251.197:443 static3.avast.com tcp
GB 104.103.251.197:443 static3.avast.com tcp
GB 104.103.251.197:443 static3.avast.com tcp
GB 104.103.251.197:443 static3.avast.com tcp
GB 104.103.251.197:443 static3.avast.com tcp
GB 104.103.251.197:443 static3.avast.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 216.58.201.98:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
US 8.8.8.8:53 assets.adobedtm.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 184.26.44.174:443 s.go-mpulse.net tcp
GB 184.26.57.29:443 assets.adobedtm.com tcp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 60.133.26.184.in-addr.arpa udp
US 8.8.8.8:53 197.251.103.104.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
GB 104.103.251.197:443 static3.avast.com tcp
GB 184.26.44.174:443 s.go-mpulse.net tcp
US 8.8.8.8:53 dpm.demdex.net udp
US 8.8.8.8:53 www.nortonlifelock.com udp
GB 184.26.132.163:443 www.nortonlifelock.com tcp
IE 18.203.166.1:443 dpm.demdex.net tcp
US 8.8.8.8:53 mhubc.avast.com udp
US 8.8.8.8:53 symantec.demdex.net udp
US 8.8.8.8:53 cm.everesttech.net udp
US 13.107.246.64:443 mhubc.avast.com tcp
IE 54.73.19.51:443 symantec.demdex.net tcp
GB 172.217.169.36:443 www.google.com tcp
IE 52.30.233.14:443 cm.everesttech.net tcp
US 8.8.8.8:53 oms.avast.com udp
US 8.8.8.8:53 mstatic.avast.com udp
NL 20.50.2.44:443 mstatic.avast.com tcp
IE 66.235.152.225:443 oms.avast.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 174.44.26.184.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.132.26.184.in-addr.arpa udp
US 8.8.8.8:53 29.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 51.19.73.54.in-addr.arpa udp
US 8.8.8.8:53 14.233.30.52.in-addr.arpa udp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 44.2.50.20.in-addr.arpa udp
US 8.8.8.8:53 1.166.203.18.in-addr.arpa udp
GB 23.200.208.174:443 c.go-mpulse.net tcp
US 8.8.8.8:53 znb3hblkjhhpwrz9k-gendigital.siteintercept.qualtrics.com udp
US 104.17.209.240:443 znb3hblkjhhpwrz9k-gendigital.siteintercept.qualtrics.com tcp
US 8.8.8.8:53 siteintercept.qualtrics.com udp
US 8.8.8.8:53 trial-eum-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 trial-eum-clienttons-s.akamaihd.net udp
GB 2.18.190.133:443 trial-eum-clientnsv4-s.akamaihd.net tcp
GB 2.18.190.79:443 trial-eum-clienttons-s.akamaihd.net tcp
US 8.8.8.8:53 rldr2lacck7ikzy6wfmq-ppmpar-3a88b21e5-clientnsv4-s.akamaihd.net udp
US 8.8.8.8:53 138-199-29-44_s-2-18-190-79_ts-1730064729-clienttons-s.akamaihd.net udp
GB 2.18.190.79:443 138-199-29-44_s-2-18-190-79_ts-1730064729-clienttons-s.akamaihd.net tcp
GB 2.18.190.136:443 rldr2lacck7ikzy6wfmq-ppmpar-3a88b21e5-clientnsv4-s.akamaihd.net tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 174.208.200.23.in-addr.arpa udp
US 8.8.8.8:53 240.209.17.104.in-addr.arpa udp
US 8.8.8.8:53 133.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
US 8.8.8.8:53 privacyportal-de.onetrust.com udp
US 104.18.32.137:443 privacyportal-de.onetrust.com tcp
US 8.8.8.8:53 684dd32e.akstat.io udp
GB 184.26.44.174:443 684dd32e.akstat.io udp
GB 142.250.178.2:443 ep1.adtrafficquality.google udp
US 8.8.8.8:53 us-u.openx.net udp
US 8.8.8.8:53 sync.teads.tv udp
US 34.98.64.218:443 us-u.openx.net tcp
GB 184.26.81.115:443 sync.teads.tv tcp
GB 184.26.81.115:443 sync.teads.tv tcp
US 34.98.64.218:443 us-u.openx.net tcp
US 34.98.64.218:443 us-u.openx.net udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 115.81.26.184.in-addr.arpa udp
US 8.8.8.8:53 sync.search.spotxchange.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
GB 87.248.114.12:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
GB 216.58.201.98:443 ade.googlesyndication.com udp
US 8.8.8.8:53 veryfast.io udp
US 64.227.17.224:443 veryfast.io tcp
US 64.227.17.224:443 veryfast.io tcp
US 8.8.8.8:53 csi.gstatic.com udp
US 172.253.115.120:443 csi.gstatic.com tcp
US 8.8.8.8:53 224.17.227.64.in-addr.arpa udp
US 8.8.8.8:53 120.115.253.172.in-addr.arpa udp
US 8.8.8.8:53 repcdn.pcapp.store udp
NL 195.181.172.6:443 repcdn.pcapp.store tcp
US 8.8.8.8:53 6.172.181.195.in-addr.arpa udp
US 8.8.8.8:53 pcapp.store udp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 23.1.32.45.in-addr.arpa udp
US 8.8.8.8:53 pcapp.store udp
US 104.248.126.225:443 pcapp.store tcp
US 104.248.126.225:443 pcapp.store tcp
US 8.8.8.8:53 delivery.pcapp.store udp
NL 195.181.172.5:443 delivery.pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
NL 195.181.172.5:443 repository.pcapp.store tcp
US 8.8.8.8:53 google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net tcp
GB 142.250.178.14:443 google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.178.14:443 google.com tcp
GB 216.58.204.66:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 74.125.133.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 225.126.248.104.in-addr.arpa udp
US 8.8.8.8:53 5.172.181.195.in-addr.arpa udp
US 8.8.8.8:53 61.45.26.184.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 155.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.46:443 apis.google.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com udp
GB 216.58.213.10:443 ogads-pa.googleapis.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 xvirus.net udp
DE 135.125.200.225:443 xvirus.net tcp
DE 135.125.200.225:443 xvirus.net tcp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
US 8.8.8.8:53 225.200.125.135.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 d74queuslupub.cloudfront.net udp
US 45.32.1.23:443 pcapp.store tcp
DE 18.154.63.27:443 d74queuslupub.cloudfront.net tcp
US 8.8.8.8:53 27.63.154.18.in-addr.arpa udp
US 8.8.8.8:53 143.226.173.18.in-addr.arpa udp
US 8.8.8.8:53 27.62.154.18.in-addr.arpa udp
US 8.8.8.8:53 pcapp.store udp
US 8.8.8.8:53 pcapp.store udp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:80 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 repository.pcapp.store udp
US 8.8.8.8:53 repository.pcapp.store udp
NL 195.181.172.3:443 repository.pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
US 8.8.8.8:53 repcdn.pcapp.store udp
US 8.8.8.8:53 repcdn.pcapp.store udp
NL 195.181.172.6:443 repcdn.pcapp.store tcp
NL 195.181.172.2:443 repcdn.pcapp.store tcp
NL 195.181.172.2:443 repcdn.pcapp.store tcp
NL 195.181.172.2:443 repcdn.pcapp.store tcp
NL 195.181.172.2:443 repcdn.pcapp.store tcp
NL 195.181.172.2:443 repcdn.pcapp.store tcp
NL 195.181.172.2:443 repcdn.pcapp.store tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 ev.pcapp.store udp
US 8.8.8.8:53 veryfast.io udp
US 147.182.211.77:443 ev.pcapp.store tcp
US 161.35.127.181:80 veryfast.io tcp
US 8.8.8.8:53 3.172.181.195.in-addr.arpa udp
US 8.8.8.8:53 2.172.181.195.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 77.211.182.147.in-addr.arpa udp
US 8.8.8.8:53 181.127.35.161.in-addr.arpa udp
US 8.8.8.8:53 repcdn.veryfast.io udp
NL 195.181.172.6:443 repcdn.veryfast.io tcp
US 8.8.8.8:53 69.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
GB 142.250.178.10:443 ogads-pa.googleapis.com tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 evcs-ocsp.ws.symantec.com udp
DE 152.199.19.74:80 evcs-ocsp.ws.symantec.com tcp
US 8.8.8.8:53 evcs-crl.ws.symantec.com udp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 64.227.17.224:443 veryfast.io tcp
US 8.8.8.8:53 xvirus.net udp
DE 135.125.200.225:80 xvirus.net tcp
DE 135.125.200.225:443 xvirus.net tcp
US 8.8.8.8:53 repository.pcapp.store udp
US 8.8.8.8:53 cloud.xvirus.net udp
NL 195.181.172.2:443 repository.pcapp.store tcp
DE 135.125.200.225:80 cloud.xvirus.net tcp
DE 135.125.200.225:80 cloud.xvirus.net tcp
US 8.8.8.8:53 repcdn.veryfast.io udp
NL 195.181.172.2:443 repcdn.veryfast.io tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.18.190.80:80 e5.o.lencr.org tcp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
SE 192.229.221.95:80 evcs-crl.ws.symantec.com tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 161.35.127.181:443 veryfast.io tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:443 dns.google udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 veryfast.io udp
US 8.8.8.8:53 veryfast.io udp
US 64.227.17.224:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:443 dns.google udp
US 161.35.127.181:443 veryfast.io tcp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:443 dns.google udp
GB 142.250.179.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 88.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.4:443 www.google.com udp
US 8.8.8.8:53 4.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
GB 142.250.180.10:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.206:443 consent.google.com tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
GB 172.217.169.4:443 www.google.com tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
GB 172.217.169.4:443 www.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.179.234:443 content-autofill.googleapis.com tcp
GB 172.217.169.4:443 www.google.com udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
GB 142.250.179.234:443 content-autofill.googleapis.com udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
DE 18.154.63.27:443 d74queuslupub.cloudfront.net tcp
US 8.8.8.8:443 dns.google udp
US 161.35.127.181:443 veryfast.io tcp
GB 172.217.169.36:443 www.google.com udp
DE 135.125.200.225:80 cloud.xvirus.net tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
GB 216.58.212.202:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 104.248.126.225:443 pcapp.store tcp
US 8.8.8.8:53 repository.pcapp.store udp
NL 195.181.172.6:443 repository.pcapp.store tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 google.com udp
BE 74.125.133.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.16.238:443 google.com tcp
GB 172.217.16.238:443 google.com tcp
GB 172.217.169.36:443 www.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 157.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 delivery.pcapp.store udp
NL 195.181.172.3:443 delivery.pcapp.store tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:443 dns.google udp
US 64.227.17.224:443 veryfast.io tcp
DE 135.125.200.225:80 cloud.xvirus.net tcp
DE 135.125.200.225:443 cloud.xvirus.net tcp
DE 135.125.200.225:80 cloud.xvirus.net tcp
US 45.32.1.23:443 pcapp.store tcp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c73.gcp.gvt2.com udp
PL 34.0.245.166:443 e2c73.gcp.gvt2.com tcp
US 8.8.8.8:53 166.245.0.34.in-addr.arpa udp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 d74queuslupub.cloudfront.net udp
DE 18.154.63.27:443 d74queuslupub.cloudfront.net tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:53 pcapp.store udp
US 8.8.8.8:53 pcapp.store udp
US 104.248.126.225:443 pcapp.store tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
US 104.248.126.225:443 pcapp.store tcp
US 45.32.1.23:80 pcapp.store tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 45.32.1.23:443 pcapp.store tcp
US 8.8.8.8:443 dns.google udp
US 147.182.211.77:443 ev.pcapp.store tcp
NL 195.181.172.2:443 repository.pcapp.store tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
GB 172.217.16.227:443 beacons.gvt2.com tcp
NL 195.181.172.2:443 repository.pcapp.store tcp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
NL 195.181.172.2:443 repository.pcapp.store tcp
US 8.8.8.8:443 dns.google udp
GB 142.250.180.10:443 content-autofill.googleapis.com udp
NL 195.181.172.2:443 repository.pcapp.store tcp
NL 195.181.172.2:443 repository.pcapp.store tcp
US 8.8.8.8:443 dns.google udp
GB 172.217.169.36:443 www.google.com udp
NL 195.181.172.6:443 delivery.pcapp.store tcp
NL 195.181.172.6:443 delivery.pcapp.store tcp
NL 195.181.172.6:443 delivery.pcapp.store tcp
GB 142.250.187.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.130.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 e2c3.gcp.gvt2.com udp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
JP 34.84.111.50:443 e2c3.gcp.gvt2.com tcp
US 8.8.8.8:53 50.111.84.34.in-addr.arpa udp
GB 172.217.16.227:443 beacons.gvt2.com tcp
US 8.8.8.8:53 e2c17.gcp.gvt2.com udp
NL 34.90.241.47:443 e2c17.gcp.gvt2.com tcp
US 8.8.8.8:53 47.241.90.34.in-addr.arpa udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.4.4:443 dns.google udp
US 161.35.127.181:443 veryfast.io tcp
DE 135.125.200.225:80 cloud.xvirus.net tcp
US 8.8.4.4:443 dns.google udp
GB 172.217.169.74:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.179.234:443 ogads-pa.googleapis.com tcp
GB 142.250.179.234:443 ogads-pa.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com udp
GB 142.250.178.14:443 clients2.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.180.22:443 i.ytimg.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 216.58.212.206:443 www.youtube.com tcp
GB 216.58.212.206:443 www.youtube.com tcp
US 8.8.8.8:53 22.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.212.58.216.in-addr.arpa udp
GB 216.58.212.206:443 www.youtube.com udp
GB 142.250.180.22:443 i.ytimg.com tcp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 static.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
GB 216.58.212.230:443 static.doubleclick.net tcp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 230.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 api.weglot.com udp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 cdn.weglot.com udp
US 172.64.149.114:443 cdn.weglot.com tcp
GB 79.127.237.132:443 plausible.io tcp
US 104.18.38.142:443 cdn.weglot.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 54.83.239.11:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 pixel.wp.com udp
GB 79.127.237.132:443 plausible.io tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 104.18.87.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 114.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 142.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 11.239.83.54.in-addr.arpa udp
US 8.8.8.8:53 42.87.18.104.in-addr.arpa udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
GB 172.217.169.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 172.64.149.114:443 cdn.weglot.com udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 downloads.malwarebytes.com udp
BE 18.239.208.106:443 downloads.malwarebytes.com tcp
BE 18.239.208.106:443 downloads.malwarebytes.com tcp
US 8.8.8.8:53 data-cdn.mbamupdates.com udp
BE 18.239.208.77:443 data-cdn.mbamupdates.com tcp
US 8.8.8.8:53 106.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 77.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 52.38.159.216:443 api2.amplitude.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google udp
GB 216.58.213.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 216.159.38.52.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 34.237.251.91:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
BE 18.239.208.127:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 91.251.237.34.in-addr.arpa udp
US 8.8.8.8:53 127.208.239.18.in-addr.arpa udp
US 34.237.251.91:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
BE 18.239.208.106:443 cdn.mwbsys.com tcp
US 34.237.251.91:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
BE 18.239.208.127:443 cdn.mwbsys.com tcp
US 161.35.127.181:443 veryfast.io tcp
US 34.237.251.91:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
BE 18.239.208.106:443 cdn.mwbsys.com tcp
US 34.237.251.91:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
BE 18.239.208.76:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 76.208.239.18.in-addr.arpa udp
DE 18.154.63.27:443 d74queuslupub.cloudfront.net tcp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 18.209.182.66:443 holocron.mwbsys.com tcp
US 18.209.182.66:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 66.182.209.18.in-addr.arpa udp
DE 135.125.200.225:80 cloud.xvirus.net tcp
DE 135.125.200.225:443 cloud.xvirus.net tcp
DE 135.125.200.225:80 cloud.xvirus.net tcp
US 52.207.119.97:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 voodooshield.database.windows.net udp
US 20.40.228.131:1433 voodooshield.database.windows.net tcp
US 8.8.8.8:53 97.119.207.52.in-addr.arpa udp
US 8.8.8.8:53 ussouthcentral.services.azureml.net udp
US 8.8.8.8:53 crl.comodoca.com udp
US 104.18.38.233:80 crl.comodoca.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
US 8.8.8.8:53 131.228.40.20.in-addr.arpa udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 192.0.66.233:443 www.malwarebytes.com tcp
RU 80.66.89.37:80 80.66.89.37 tcp
US 8.8.8.8:53 iris.mwbsys.com udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 234.193.25.184.in-addr.arpa udp
US 34.234.192.192:443 iris.mwbsys.com tcp
RU 80.66.89.37:80 80.66.89.37 tcp
US 8.8.8.8:53 37.89.66.80.in-addr.arpa udp
US 8.8.8.8:53 192.192.234.34.in-addr.arpa udp
US 8.8.4.4:443 dns.google udp
GB 142.250.187.234:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 34.193.31.41:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 41.31.193.34.in-addr.arpa udp
US 8.8.8.8:53 cdn.mwbsys.com udp
BE 18.239.208.45:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 45.208.239.18.in-addr.arpa udp
DE 135.125.200.225:80 cloud.xvirus.net tcp
US 34.193.31.41:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 34.193.31.41:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
NL 18.238.243.16:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 ocsp.trust-provider.com udp
US 104.18.38.233:80 ocsp.trust-provider.com tcp
US 8.8.8.8:53 crl.trust-provider.com udp
US 104.18.38.233:80 crl.trust-provider.com tcp
US 8.8.8.8:53 www.intel.com udp
GB 23.211.239.194:80 www.intel.com tcp
US 8.8.8.8:53 certificates.intel.com udp
GB 2.18.190.79:80 certificates.intel.com tcp
US 8.8.8.8:53 ocsp.thawte.com udp
DE 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 optimizationguide-pa.googleapis.com udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 16.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 194.239.211.23.in-addr.arpa udp
RU 80.66.89.37:80 80.66.89.37 tcp
US 8.8.8.8:53 csc3-2010-crl.verisign.com udp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
US 8.8.8.8:443 dns.google udp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 veryfast.io udp
US 8.8.8.8:53 veryfast.io udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:53 dns.google udp
RU 80.66.89.37:80 80.66.89.37 tcp
US 8.8.8.8:443 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 161.35.127.181:443 veryfast.io tcp
RU 80.66.89.37:80 80.66.89.37 tcp
US 161.35.127.181:443 veryfast.io tcp
GB 142.250.187.234:443 optimizationguide-pa.googleapis.com udp
GB 142.250.187.234:443 optimizationguide-pa.googleapis.com tcp
GB 172.217.169.4:443 www.google.com udp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 crt.sectigo.com udp
US 172.64.149.23:80 crt.sectigo.com tcp
US 8.8.8.8:53 veryfast.io udp
RU 80.66.89.37:80 80.66.89.37 tcp
US 161.35.127.181:443 veryfast.io tcp
US 161.35.127.181:443 veryfast.io tcp
US 8.8.8.8:53 www.microsoft.com udp
RU 80.66.89.37:80 80.66.89.37 tcp
GB 184.25.193.234:80 www.microsoft.com tcp
US 161.35.127.181:443 veryfast.io tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
SE 192.229.221.95:80 csc3-2010-crl.verisign.com tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
RU 80.66.89.37:80 80.66.89.37 tcp
DE 135.125.200.225:80 cloud.xvirus.net tcp
RU 80.66.89.37:80 80.66.89.37 tcp

Files

\??\pipe\crashpad_4928_EEWUOXUSSNNNYRSI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 a44cb30f88e535a8fa4e1aa5eeb6bc13
SHA1 fa4c661360d2dafcc96d6088ccac0edc3323a5cb
SHA256 4d20a098921d15b20d0aaa72cfe8fb516a3c604b60db6eef452179bfed67ce54
SHA512 5e9bfc45ba2d4987097e3427664be9d5ba41ebf2997395eb1817508638bf24f43c1cb7cea553a17695e4d2251f43f565d72cf5ebf98e72f801753649c965b876

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 f3279bb8c124379c8b1d2c34404e614b
SHA1 88a6da68920a8fe22f02ac0cbd1feaf163903302
SHA256 a6b331d573c436be8a1f70d22a704088e05984c393c59cff3763cfeaa64eb3b4
SHA512 f848e3d221d4848e494466f7135570cb79f93c5013f5b0bc80ee00223a6660c199e10c504c575bdecbe22aed294848aac468c0754bb6db5bb34ae638e2b440be

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6bfdc14f0e5f1ba70c7e1fdfdbe9576c
SHA1 5b899f59b1c2d932cf590a9cfb144f5b4e59a30e
SHA256 e6be6eeca0325ee2f575a7e669818aa04bee5640ec8e597d8e0c78473ae95a56
SHA512 3fda3377de481e75adae95f333aa26cf5dbe91b7516d9d0f208d783af8462fccadb656a50cd68a1d52ccd568229f6c58c718e3d62d5cafe55ce0ef2a7eba616a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 616da17d762ac1238ae16b5a42396d41
SHA1 c1191627e3dac3d3d6953b84bc7280d7657495de
SHA256 704a2d3c385967cd0b335d07e66033c17f6ee7f3705cf49dd93cbf9b409643c1
SHA512 09be7f7b74a9dc6fd37b83bc67f616dbeb13570a4fe26b4f58cfaf2dabe16fc7fa115fe75f48d25a2dde7ec5ed6d20a7f79baef073ef303fc12f454e5d95ec3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 738151aa359de67a6a846b968caaa54c
SHA1 12ecaa615e7282152b6b7a017caa1df9909fe493
SHA256 282285f2a21ec768d66259d0706d67f2e7d64d1e1ee224e380745e4652bc03ce
SHA512 09ebc600fe29a253e5b4732c62b1fb66ede1f42ec6e18ab25ba5f37de9ada7735e22cfc324ac35c16822f53e57c8c036720f01341e81b521e5c6194a62e63640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d5c4467bfde36a65feb6bf76a7902cc4
SHA1 a6cf6445f8a845e12ebbde366ecabb1820adb275
SHA256 c874d5cfc3fdbaef8e33e0e3304b2f09483002bfe6b35c78b6b35ee6cde0c0f0
SHA512 4c826281baabe1dd1656b15b6171f18da951c8c7eba5345da333bbf5fc78bb7a0f38a4aef596b0aaa090cb046b02be844f76e196dd4780f640e9f322a8fba299

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5ef43740-e1cd-4bd4-a458-7c9447db3ae9.tmp

MD5 41c32b6519820f7d6857031687c9aaf3
SHA1 6fbc7321988458c105eb894fdcef37ae9d9c137c
SHA256 67e647421604bd6ccc3ce8dcca3e9eb26cb2d8bf42740d79b2547906b70baf81
SHA512 8516f15d42226cc093b53ec68a16f640e03f736101060279e044c01fb96ebc9fdc6d18091366726679aa1d882321a3501424c7fdd6580c8433a59067f69803e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 f85a52738e1eecbbd780234b719227d8
SHA1 fcf516cf198dabbe8297ff497a7c56cb436aa950
SHA256 fd104379d8348961292f3730ea6a8663f5aa69e40294f399613d5b6370a9bccf
SHA512 b5b80abe111c8326cc336bd08b3354f7616a9fd0416009da64e608c86e94a9c38ddd92ae94c7e2f00df5c6485a43a302daa51672f671504c792dc6ff0e9276af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 54f20de8a9081fccaa118be5bf3aa347
SHA1 9a6f5952bca06500c4df3f5a26a54955e55ccc14
SHA256 b47847a633f51ffc2135e83796b686532acbb5876025eac6d20a083502315834
SHA512 488522b5d5dc119f11e33f295fc3a2537cfe8360287ba619eae02d70629d6bacf7ea9f8e85a05a1b9d84a0688922e97c7d754c42d5428363253765fee35f6d63

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 5830feed3e34072f13cdbb9c3d433a5a
SHA1 f2f9f9b1912cedb68aca907f320abecdf8303513
SHA256 1e6d79f76ccab623a4f200df039f9f70c02a61f41fd9475f5dbda5a4fc2ff96a
SHA512 009536aeddbb09f2e21cd8c0adaa4bece6c96399f73f93e0cb73919f80c79c959d6c0184636afc56ee197cade57d7d02b9f19a59e18d8b94618dd6c141720515

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 230ab95d87a717be265134072eb17c25
SHA1 71a3d3dd6f952057ba0c6025d39c9792ff606828
SHA256 3fdfeaa675697f08f1c7c0fd6b77512f4bf9465e670637e8e332e65ebb9db068
SHA512 9b0636421ad14161f211e846521149ab0a7c866e77db309dba79718487835204cee3821c9f4678e48e134614be6a02421c155a34b7c9bc424012137705960b11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

MD5 9ab049e4fa2e057058b33715b6caeae5
SHA1 16958cdc71f415bdec24f1359e40f66c4960c767
SHA256 d147489e927ae1eacc5ab01c03e52653593dbc4bf7112c040ce26c370cb6b2d8
SHA512 efedf364b2601eb5e7369f5e2a2b359ac83908a1cd07bbc10e52b76bfccd3339bfa6f4cd5c9f55bf934f477a12da878f3de07971109fbaef341592ef6a62ae70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 be113202fcacd2578148b3616675ba01
SHA1 05eee05e34627b304a4f779dc17596f63065ddbc
SHA256 6c8db365e3454c2ede4c0d840c52ad55ef2776735a8ec25620e43cbfa47beb0d
SHA512 610be30e2675d569731d526191c55a03d58d095c464fb54805ccfde3b5bfe0cbc9622726263a6b93773ebc2acc6c73f4087c35f3b590d037a1ffff9dac8597b3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28ef72b6e7d1f8d62a01e5f20015dffd
SHA1 2bd8a019c77121ac2547a24a6dba5ed2169e4410
SHA256 e63b5a2eebf43e9f19ff04ccc9ee1bd04df4865ba85b2ac82857b0b299ba426d
SHA512 29aaa3876ba72ecf3242850b393cef1037f87adf39f77025b9e012cfcfce97a740e419db0150f228c16a50bff2b59edfb5c764cd722a35ef3d2ebac2667682c6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e4baba006ab1752a8b796ea52a62f86b
SHA1 664ea89dc18ba52fe460ae91799cfb553e431ed8
SHA256 408f330bc4b0af468ecf6918a6eff5c198bfd94e30ff70eaa512c62918dbdf0b
SHA512 95cfc1bbb49f274862ac382db58dc019b971f4c160b344babf74719ce5d3449d0bbc32c591f427d83c1dfde72a4b32e7125cc6aee1d6254e375a124c3aca2957

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6fdd2c4091feffaa58f50528ccdcf6a7
SHA1 e580ec81b7de305b86a1e077fa53fa5d74e8c760
SHA256 29b6b3c1bff5693d8c12dc5d7aab7fcee5330d871bc8024307c703fc99501ef1
SHA512 34632208ba1302bbbfba8080311ec2576e8d5a18a650452bcc4f224872c4c514c256c3d1c4f0786b265491b6df171d36311dc3cbaffcf6e3b4a387a64a83d77e

C:\Users\Admin\Downloads\Setup.exe

MD5 da8990cf87c4d8196842cb0cde07ff0e
SHA1 e1f51d5a5a2515490b1235ee44353f5f4c2d4039
SHA256 1875f6b350be2fe27a03daa54acb5900aa76e36bbb4046c42a971e48fa8f7524
SHA512 0184b555fdd12a9fc3e033af8e7913b78e4c25efadbe55ac9a0c86496456b3c6c6eea2be1c3b364ae75b7e163e348e909a1e5ac0e40fd3f24d0966897f39b76f

C:\Users\Admin\AppData\Local\Temp\nsl6C24.tmp\System.dll

MD5 cff85c549d536f651d4fb8387f1976f2
SHA1 d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA256 8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512 531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

C:\Users\Admin\AppData\Local\Temp\nsl6C24.tmp\nsJSON.dll

MD5 f4d89d9a2a3e2f164aea3e93864905c9
SHA1 4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a
SHA256 64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb
SHA512 dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f3d04fe564dcd95b18357f460ff1372
SHA1 d5847353ea71e4ae811f18d991b348139cd471f8
SHA256 1083364d2dee74150d9bfdfc062a60e05e03882d0437fd9b67b44bb3c095cfa7
SHA512 21ef07ddaaabb6889dd8fe6c91a24774c9592a8ed36b334aad724ce9f6c7edd6aeca6d91b2823c07c30960f5d719a54b59fdd4518f591db67f8c59affc16a221

C:\Users\Admin\AppData\Local\Temp\nsl6C24.tmp\NSISFastLib.dll

MD5 9c7a4d75f08d40ad6f5250df6739c1b8
SHA1 793749511c61b00a793d0aea487e366256dd1b95
SHA256 6eb17c527c9e7f7fea1fdb2ea152e957b50a56796e53ce1e5946b165b82deaef
SHA512 e85235307b85ffd3aab76ff6290bee0b3b9fd74c61a812b5355fe7b854d4c6b77bd521e52638d28e249a43d9ec7aa6f2670af2b1c671091492c7fe19d6f9a4e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2094f121556127ef3a17e90bc63bc7d0
SHA1 e8af02ec0b2bec4089fd9c07a54b1882e018e8a1
SHA256 838e4b8b6bb2e39d05f7b406e64b058735bf40fa854c181ceebf4f6b574e1e6d
SHA512 e6bfdc1ce37308f2aeff0d49caefa8dc62490bad1b00aa5465d02c9adf4e19e16fcc65c3d57c6fd9db88b2e93ed1fd9b61133ddfd7af938ef0b323d52ec4b2c7

C:\Users\Admin\AppData\Local\Temp\nsl6C24.tmp\nsDialogs.dll

MD5 6c3f8c94d0727894d706940a8a980543
SHA1 0d1bcad901be377f38d579aafc0c41c0ef8dcefd
SHA256 56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2
SHA512 2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

C:\Users\Admin\AppData\Local\Temp\nsl6C24.tmp\inetc.dll

MD5 a35cdc9cf1d17216c0ab8c5282488ead
SHA1 ed8e8091a924343ad8791d85e2733c14839f0d36
SHA256 a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df
SHA512 0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 980ebd34ef8cdfa9900dba4fe367d2f7
SHA1 35955645e6324fce99a971a5a80ecae0fc21d971
SHA256 d5384308d29f2f9478f0d1354e9f94053300496f3b7cd2f88f5f8d00dbe1482e
SHA512 470cce060f4dcca34b26c8c3b2d3d4024c12fb4631ed8251e942e7e992149a422f30526b27f9f55c13d5d9581f022d3b18439893c6b0455180ae70c0fb24430a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 2e89d90bb4277c662e5a2a704983ab26
SHA1 25df811cabea24fbc6647fc36c088dc99195f00a
SHA256 755b3281e5b0c6b201ee29e511a5059b63e705447a352b6643a23d3b884213d8
SHA512 8f77f3b9700d3c626c2254229059ad087faf3fe8edc8d4f652d682de2accca78dd092a2e6b1e02e684cf2887e8c311f86ee7771c47a8eb4b2418461adbbeb429

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8dc89706ac7229aed5f3c5261b3ce862
SHA1 54cc2c3d72e0422edd189cce06bc58eb0bc8fadb
SHA256 96a016370977edbdca5f0252054ed4fe9ce067b2c18e25e0c9e9b1d4c2c4e1e1
SHA512 245ca3cf108fdcffe4873084a156644be52951bbe9970491b934edb2bceb193705dd62aa130e0221fe27e372776d272c1b8236dc8350e970f6e31c85dbd7c98f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 72a3bd330cd058174fc4f12b2d68467b
SHA1 de8952bf3d1bc95fc778975f298c98be3a03fe52
SHA256 6ee8a6320563d218387b5695cc6677d9c89c96aac637f2f5992fb58bc4ac39a6
SHA512 1d99853eab0ad1d969fa38bd3fb328e421d80d4e76c1776406f0e52f8f0bb2b2730813ec973699e0fa171e32373d72bd680313f9090eb6721af7e785bb3896b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 220694d3acc7c2093811d7aec3f51bea
SHA1 2a8525170e719a0a53f67bd593267c52b09b42b3
SHA256 ec201403cfd24431b7ce52d080c7d095c4ac69bffe11bf6cbc95849512ccc68c
SHA512 4f9c4593037069953fada53634c7b33ec4de31c484136d4b9c3b015bd6556ea8587e59414cd2bb20ecfff168132385ccbd39097799cf92e8ff06b67afff81d20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

MD5 2095762aa9c5c3723d18eda58a5bbc11
SHA1 b8a3b066838f7155919e91f11e369704669b43ed
SHA256 f52aec49b34cb91ad7d9cf965c4fc2dfaeafc683eeeec17578f5b86ad1d8528a
SHA512 b7babd5d015cc18c0c3fb2156b508128a7f27b436149dcff1aa46691ac2d98e9ad09232f7597183512de9f8f26885d6dc84aa61e0cb6003e898ec5d6f8afa6d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 9fa74727e591b0483a3be81ebbff35be
SHA1 27e632e8dfa3b0ff66c7934462f3524277dd65a9
SHA256 e8ebedfce0fcf0a4067ec146ebab178119595729a4f3702bfe114e1a06022732
SHA512 8f2667297d8112cbd99e15265e0e948c4d8e76a150a8b4c9f97449923c0da22e74bdf7906e8bb13f05a4b62e6cdb089590973a4aaccab3db9dc6d88176e2b737

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

MD5 c9874f32b7c63c19a0ada11cea60bf93
SHA1 d47d2ce81fd229dcec877918c8469a356dc67038
SHA256 80166ce9d1951e1e8b23bafcfd9070fb700445ad60226d6949971223f3c861fe
SHA512 e2bc86fecc472fedec2b91a959eab1f43842d96b91e57e4d4a9566dc501365689cea5931c406ab3de667df43dcfa44f13c59c41abc92505875981be113ba50b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3ea6778c45e6f5e3c57747cd61e0634c
SHA1 e731c49fb06be12491f5ae0d93084517a1e39386
SHA256 3085e4b05979784de134252e45ecde3741df5b0277a999118664347704447dea
SHA512 e58b3cfa7d56507a69c1d09daf1758c14943924cfe4cd5e6c7eb6fbdd4607963ce9aed3ba11cfb04d0710cde84c478a858ed65abd7ff6b071c3e27433c0cc236

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 80e1ebe03793d5350782a21276591a71
SHA1 7d08279001d268400d68a839d4912832d41d21bb
SHA256 0bef4e51c4da890cd6e49906388010a36673478b55b23d700de1e868ef2592ac
SHA512 e000376ea5c5b5bf200f9d678d208f78aec946078ee61b19f67a94408d5ef608d8a85ca46a942cee0c3b0f77b123664e45bdd48dafad662d445e62e014748343

C:\Users\Admin\Downloads\Unconfirmed 523354.crdownload

MD5 ee826a11eec5f15201aa12168ab8f6b1
SHA1 de92d7e6c70439e283801a592ff200eae0ca781f
SHA256 c0e2e1e4d71c468132bab2cb332f3bf7b16aaa2a032e47ca88065e05ff7e2724
SHA512 7719f5581e5b3e351beab5ae0c75d47ad5d433d77f60767a263307bc2288dd280fec132a243e081d3ce9fef4fa5bca1fbde0728c86e72a65f26b86fa7c339812

C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

MD5 82d7ab0ff6c34db264fd6778818f42b1
SHA1 eb508bd01721ba67f7daad55ba8e7acdb0a096eb
SHA256 e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db
SHA512 176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77aa4969dabe976b6cb9221f8c217fec
SHA1 02b772a8d18b03580b36492baf86b8d22f74faaf
SHA256 90aa410676848c1e4d50691609b84a926b52c3c67644e0cea7c368d641eafc66
SHA512 8afc141b6eff3b64673bb4284c9187dd42576d1f0645fc141af0734e2326029559ecbfddb672cfe06a8a8cd6089934b0b7652309440ca5a30e4fde4c4fb4aae4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 919a8d35f976791803c4b96b3b6ebca1
SHA1 3439536d6763f1b954fb0eee233a85c320a35176
SHA256 e78b0da1c8dd1e8d811a1a89ab40d642c7ccd3ee76cc76f25e3ab54bc879f256
SHA512 95022cdff15c246bfbe942b725edfa0dc59ad4f2f9c0b16c600bd739bbde49d80b6226e94cf24c4f911080490a5a69075d17e462186635a3a5116f5573684b09

C:\Users\Admin\AppData\Local\Temp\nssB0A0.tmp\Math.dll

MD5 85428cf1f140e5023f4c9d179b704702
SHA1 1b51213ddbaedfffb7e7f098f172f1d4e5c9efba
SHA256 8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a
SHA512 dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 621d6aeb0e1365b4c7acc8333f648685
SHA1 7f296c69043f95eba5de20f9495aa829d86d7d21
SHA256 42899b09f27e11d0f25ce2bfbb43886a69ac7f3885d389a935db4627ec810e28
SHA512 928b41fbd116d9d011d5b968562a0f292fe7ac300f3475c2102510e7dfb87397f662675fb534fada0e81278a4465401cf14486c1e377cf9eec67bfce02e0b2f3

memory/4568-1052-0x00000229723E0000-0x00000229726C0000-memory.dmp

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Extension Rules\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\b1dfcd8a-8156-4159-abbe-da45451079d0.tmp

MD5 728fe78292f104659fea5fc90570cc75
SHA1 11b623f76f31ec773b79cdb74869acb08c4052cb
SHA256 d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20
SHA512 91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

MD5 03e9f614a008075733c76883156b568b
SHA1 5f9cb1b06928487c4b836e9dedc688e8a9650b0b
SHA256 b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416
SHA512 7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000001

MD5 8e433c0592f77beb6dc527d7b90be120
SHA1 d7402416753ae1bb4cbd4b10d33a0c10517838bd
SHA256 f052ee44c3728dfd23aba8a4567150bc314d23903026fbb6ad089422c2df56af
SHA512 5e90f48b923bb95aeb49691d03dade8825c119b2fa28977ea170c41548900f4e0165e2869f97c7a9380d7ff8ff331a1da855500e5f7b0dfd2b9abd77a386bbf3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1569e21f47873e7d5b224c4c3e72daf
SHA1 44eeea5f38be924284deadffa20dc7a77c7e3a20
SHA256 957b8cce8850dbab671ceb4373a13dcf1f5948754d911d1a41547100504a4f45
SHA512 c1346004c2afb84a462ad8abd1d25275848cbf633efdf9ef6e1db3c4bc414e694d0578fd4c6e4685570c85ac9f1dbbe85b919263b97fa8f73c5bf6a6a7d5926a

C:\Users\Admin\PCAppStore\download\SetupEngine.exe

MD5 85f2849f25944fc15e58521a52b800ff
SHA1 718d11673de4743835523983ab5e06f88785a03d
SHA256 c4942bad2eaaca0bb5ed7e6900d6c85f12f0db6de790072838ce3f854b9ad677
SHA512 f5723f93695e84fc41f48f0153f024249e9abc9fd03d788af1c31d6084acfbe4c85a76de55ab8be4f68d16807bc0381c269cc3834510d538e9710f528b04beb7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 47e9405d15e058b0d4fdc9c34cf1f6cf
SHA1 d77f74bc3512658f9934c29d76bd36d1f8580456
SHA256 69d50223fade35e11461a20432cb1376bcfb06ed4231d232ab1def3e7472ec8c
SHA512 c3e4e95063921bd1918b37868363c4362b23e8f52d222706b46dc4d57e1ba7fc96bd8708fe3ab0620d9f12bca4bad746d1500fc8d096a788781caa4c0446eb4f

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

MD5 71f5a2da3c6c279c7a5faa412e017c72
SHA1 66d2b28d08312ffa1f1f79315fdc852e73bb87c5
SHA256 49ffaac75f7e3379a46a1303e8dcac5f54fe3bb2b4cc4e959544be2ef255eea1
SHA512 f6bdaacf2a913c376ef0905d301a8ef0fa369a541861e4944720ba33d8c31a5e01d685ea9b42256923f6f6837b2911e20abdec0d2e6f5df6cf11e8d6d1aa1228

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe59163d.TMP

MD5 3e5509c8f6248dfdc68c28637816776f
SHA1 188c90e9910df9edc86f3ad9380196c8e08dadbe
SHA256 82bbea2f055328a792b665d3f364b8c7306e162e98db5127fa3f18b9ec47b4f5
SHA512 65be6e19a03284b7bdba252de4424bfa61984c14274e69a8d96b439173ba835da144fa3bc1b8643354f0168c1861129e7f508255730b5e9d84fe7e83cd46898e

C:\Users\Admin\AppData\Local\Temp\nsfF88.tmp\modern-wizard.bmp

MD5 cbe40fd2b1ec96daedc65da172d90022
SHA1 366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA256 3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA512 62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

C:\Program Files (x86)\Xvirus Anti-Malware\Xvirus Anti-Malware.exe

MD5 c2860b112891395493d548eb362a4619
SHA1 02a560da5f06bbb3a1d6a03e342b32d3eba92367
SHA256 6d4d5525e6cb7626cf689698c14e9284c32ff15af23dd3ae332ccf87c2baa998
SHA512 a7dda102ade086f4b7ea7afd0f34a88c8dae3ba811bc8df76fca368d99b08d42a9ddf6d7cf10e42b83b7e9ade7ac8c6faed2e9e9bfa41eca26d4bd83bafe8a9b

memory/1268-1400-0x000001F5849C0000-0x000001F584BA6000-memory.dmp

memory/1268-1401-0x000001F59EFF0000-0x000001F59F020000-memory.dmp

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\user.config

MD5 2a24b8f30368bc8db7ecfb42c924f0b6
SHA1 32fc2436e948c4976f7a4558e5745a26350df546
SHA256 bc169589538c83b0156934a1c7b14b30e05907ff2f01c11ad21efe58731a38ba
SHA512 60af3872838eab68aab8a63a1a27f39256c8dcb89fe59737dac22c10403da3840c28a7e82e2e08c8548ed7955c481755f0262c594a1ff280ceceef15e5632e02

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\user.config

MD5 08979cd46c82562841cd2235fa5e5d44
SHA1 2169474553f8c3f7b56871f1dffcbc90b365dd5b
SHA256 aa43c711fa80957b4bfd3dd2d73071eef7fd79f861b06de0aaa8712ab1e463fc
SHA512 39af4127d14aac6499f3e6a4820742f6aafd2bc236b0182666d5934730071db0a6abf1a1a75aee01e8c3a81cccf52e4e9299dde5a4479596ff3b33e36177186d

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\user.config

MD5 114f98b99e0f9f565825322141d3558c
SHA1 f151781e33508f93ce0daa2b94a196f24b667e7d
SHA256 f1031050ff6606f81013b6c9d25e97603e4114b801dc4273a14c25d75ba9eaaf
SHA512 69fdb63599af62826e18331c28a2e55ac367d60dbbda2da6213bad7535b9e8c20d2d31504b8a74954caf6c7dd89ad915e5b845f20f246aac93851c76a7759e72

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\ooifu5y5.newcfg

MD5 254d76004c0392ffe2ce42b1919f6bae
SHA1 b8a31763b6d96889a63706b1145ca0679ad9b680
SHA256 191c859919c2b9cb2947aa7b83d4a33c6a3289c576bdc22b32226e9ecf498572
SHA512 912e92c3d0aa7e6ab57daa82657fd6def26e4816547baac629ab03db50669a514c5c08c39d7628438c6266f7007e3afffef0f7d2a3513e643d2f89bc5f13b16d

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\23uzj2my.newcfg

MD5 24dfd63bacf247b04d7f676755e80e35
SHA1 a0e51b32a515f7c636344b4b3e688dd3895a74c7
SHA256 9645e2da8dbdd49ae5ba1de1115c6381f405b6a07cc2b85e3bbc2c1478683db3
SHA512 46c6caae65be42fbb05d4947b0c8ba3db589d03b3bf8ab191623997cc2807ee3c42e46791930f0fbd8c679efe6ca4e372bb13952810f66af836cf32072a51747

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\user.config

MD5 2560f4d21257c7d29263444269356efd
SHA1 1067791b51fb554a68258ca733e41317a604aedc
SHA256 7e51786727d1d6b31a059b69b758e988d1b70eb7f5cf11d1bb1da3040823692c
SHA512 5145f0d15dd21017289d0484068c276e432e1f7c31c38700941c8cfdfc912d31c28d02b63cdc35fb5e491e8891fdb278185ab41ec828463730e72743f8da1a6a

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\csmxegw0.newcfg

MD5 320a8762fca8428c63a5c669c2c9bdc9
SHA1 f5a3146b0c5d6b04697f2715e84e39c5e165ba36
SHA256 eab1a8b8af2addb8ea25ae5827396692b7660e6c0c80b8bedea0796a783d7366
SHA512 5cdc592c7dbf881ed4e6ce35a8642d2899f109b0a236f45a7b338317f465a692ca4d6dded5a34ab3e5e3116651d06480fc4f327064d9dc7a00af0197b089aa6c

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\caz45h1z.newcfg

MD5 06321edfde3617fccfc23e290270f430
SHA1 c6c84f618c721bd2c2f1c7ab94d78f4035a2bc92
SHA256 a4fc6a8aa6a9259b9a3f806d577fa7af16cbef9a9e37c58ebcc506c498154c97
SHA512 38c52b8147d565dd2aad61db0adee38632e4009bf6b2a116209c07c2ef86e2cfbc0db28a7c23e92f3a1e457d92e83f7a56cae27aa9517092e0e671565adfef39

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\gx4iql1f.newcfg

MD5 79484cb4f9dd17af6e57276ed1961383
SHA1 528e88cfa50bc61bea20d51ab4192c59581548df
SHA256 a657f5ef9830a41cf71cf5b3f59e651215d01aad8db3104ff66a65e205758683
SHA512 ab97e9b85ec33db0a0e155ef5e5db216a2440d3a914ee03c0ec386d116598b8c0f39e338b8ce75be4618cd84ad609a8d0fa64f37cbb1e191d87057e50bf76fc7

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\dqv0ousk.newcfg

MD5 6bbbf82e7c208dc670ffac13507097fb
SHA1 8447bf9f100ec2ab8db310a4c98f0b54e78ae27a
SHA256 250cd673a1e0106b69b141f0e127885584c713807d92bf3000e239bace3c891f
SHA512 49383547bf71eefc0d7ec130b247e74e404e34193069242c69163cf31eeef0e90b1cb7c4b0d1058d56bc1ba64d13cacfcb9873b3daeedb66d50fee2889ee26d2

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\tl43rtdw.newcfg

MD5 52dc876de1e687ac628ae4c69a32fa1a
SHA1 194ef9a78ba8a8f00e2e07ffcaa866e5cef1260e
SHA256 5e9e74f44e769566cd3824215975509ea9e4edb5e9718fb1cbd9b71e59442477
SHA512 34842afe108bb6181d9ffee73627254ca119fe2e4f58a0a553d83178ec511c235930e7ced9229e22bdc2b9ac3cbd96332f313c05bdd9b02e627244ff19f10005

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\user.config

MD5 efe39b3b37178cc04ed4e32f967afa95
SHA1 4c2367cdfead578dd19c53b0a39d985c6436e29d
SHA256 32b8f3503cd5dc6de4922ffc271a1d50dd74e9e8885704ae04708f98c08ac487
SHA512 c5a4625632f77ef79243e2eb2b3742132e83bf049f1566b2d8e4cd9050f3fae6919a3e258d473c4d9c2d1fdd09c5db6f1326ad840278f6f8d7ab2461b4e2382e

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\e1xdmztx.newcfg

MD5 bb2eadbf91bb5200a606f811c445c010
SHA1 a4b3e2e2a712e1e76d30ff58f389eb82e4b27901
SHA256 9e5bcffc29c57449754ae867ae9b1e77a6c05f80cba1d068236066d406ad4d80
SHA512 4e4e3acf81f37ebe072643e6ccda6f3edbefd0bf6df1e0d0c2c58c873206f11b7faaa73ee4d8bb6a381c752f80685c2cfa66b0eb56da7770489a58c4f78b1a79

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\kywdahyr.newcfg

MD5 5bbd0bbf6aaa892e11db56f593279d25
SHA1 a48e0e2ed49087271033a0ece5992ade4e815bc6
SHA256 183a120009439dcc7a0b97b284017c27330ef3c03e9ce1a444c8d3b32c28421c
SHA512 c2161c7ceeac1238fa400ba0c3d39065c840f97a70d182a10e8b8bedc87eac6cfbad3cc148bc89d5247c39470dd4e86b49cebfeeddf9bee456b59cbbee449b8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 36988ca14952e1848e81a959880ea217
SHA1 a0482ef725657760502c2d1a5abe0bb37aebaadb
SHA256 d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6
SHA512 d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\rv51hgiy.newcfg

MD5 d4a77a7c3d79b22fc882bb6debc9ea59
SHA1 a75f7eaef9aa746ed9502b3884adb52ca53f6681
SHA256 1ffcaf298a653e2d39e8cde806860cdf136ed8f99613da6bf16f8bb7d8e4a208
SHA512 23fcf58b583b426982a8530d3723532f382a82866d630bdbc73ccb86cc8a7383a65847309d8ee8d0f4a244eee8c89be1f4fc6414a28929f94371ddadafbec919

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\pv1y5dw5.newcfg

MD5 cda88d1196ab98c63d05fb1ef70fddad
SHA1 af18f9255e48a705767c7e086491d4d971a6a2d3
SHA256 9172500c8dc7fd4401c47cc25c4140d7283109ecb1cd11f10cad3f4e8df40e92
SHA512 9d298380410526836ce79543a8d71abf69a7ab1961724d1356d1ed1ff87bb847f7d39636c4362bdfa8a448b346b1cf8237254f109a7f1114971e4fdbe98a850e

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\oosopigp.newcfg

MD5 0d6dfa28e1f32a3b8a920beca3aaa22d
SHA1 2bb007b269e3b6df5b240759984d1ecf22d22547
SHA256 8f417f9cdf29aa3fb57d60d3ead2b9a2b2171854e0b750d120b9e4521d51c71b
SHA512 7aa8d18fc3290e78a75e7d3fdf9e4b2d28ee69479d7976bf823e04f989eed9139a796fa216b82e3ea9b517c389331d035a8e6da05a32e597cff96787ffda3ae9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e40b56bf-ad3b-4099-b217-11e8d1d0a903.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\mb233y3d.newcfg

MD5 91a8b76d86e5adcb3b3d4ea06a5576a2
SHA1 9f897fd728d90165ec6376fd5cc04b2fb3b3b827
SHA256 27e07c949703f9141f4a78afbfa04a91b51d2201c51d9606f9b5d8f7820eb419
SHA512 825055336e394ee91ce3963f0b7eaeff150b4e5a4213ff8f0dfb7d5bc3909157411222f457338743442ae4e710e136c7a9b54bdd53bb0b59d63d5fc4206b1038

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fab8d8d865e33fe195732aa7dcb91c30
SHA1 2637e832f38acc70af3e511f5eba80fbd7461f2c
SHA256 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea
SHA512 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\nyssequp.newcfg

MD5 e6d98b7063827013bede95c6ee0f3ad4
SHA1 865cda5b49808f0e20967159b9fd3bb6116857d1
SHA256 9e8c4ccd006a5e6ca9da403db36784488223beb71d0462e0a9d2ac6d6f514855
SHA512 21153484ad31f088a3fe9e684eff22698ffcbc14e88a5ef618bd5d5b705fbeed3846e647f316c055f8c0eac93043fdf1bb6338a5f352960f75c491a3a1bd2118

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

MD5 c96ddcc4c732d26731ec0be1f858983f
SHA1 04737bcf5df1d6e168a3470194e4b9db72749c58
SHA256 42c981480980507f46bbac16ef31da763fabc4f02c7e57f9ee71fe8acd60c8bb
SHA512 26573c01f84660d94083b9cbcf999ec9e7e995df0763893c4c7c28ee4d7e0706120423c3eca397a82ea70327b83053140a197d6f771c916f55afee92eea3df44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a1297b7bc531fa11e4549ee4fa97ca5
SHA1 5457f344439b8ca549906f6ea8c26571c8767189
SHA256 4036032a294d36b233e9b1f0c6b0ab47420e4f7f9f6170c6c778cb145d9bebb3
SHA512 7c36f64e55cac41ebabb075fbe8d2af40387a570bcb9dba057293bdbfcf90042a9bd3c04d61142ca86c2949e3a0abfdaed3bef0ad793b3a0cef1c6543147d94a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 63a385918e683dfae25f60e18c025ae6
SHA1 bb19e4be5c3a37048bbc584b3bc8d7f3a76aae5c
SHA256 e8e115d3259ce2a4bbe223742fcd2415630745a626ce0b5efbc57db80730a27c
SHA512 87c74a1cd947eca6f1f105e1c5dfaed3df9cf75ddad30955fc0e3b54d68236eb78355e04b78f1f17c4f5003466f47773e261db9a504ddcf308c61d9bfe7d7447

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe594155.TMP

MD5 e6cdc916f391c2f3a9433f8dbf21cb52
SHA1 75b3fc062535e5c1b56bf4354a18294f80d9bac5
SHA256 357534d81c7db1e87c2bbc32e396170d64208b595906999ed37994a9afd6004f
SHA512 d36c0ad17f6d7a0759a15c8ecc68b7f2218298a163e7509eeea7bb0dca5caa3999d090400deb857f1758d874cd9596e946dbc94c942778c05208df56b9c73cf1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0551fa5bccf479739e61131c5ffc481b
SHA1 c218e2d3a1899037fb2934b38c449ae00e77913a
SHA256 ca179cd8420fd7fe0fac786f23a0a7bd558640b547991cae26a7e7561585e991
SHA512 7fe412fa92fbbe7bb242788c802fab58db29d1740c162ac40e3b779b453c6a02929dc62320f65e35ef40927697024af4e60ea1c1570eaafa522d168c0f254344

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 116e3c5f95ee6b4641507206f0701a64
SHA1 344f013b8e5e9e5a2a279b016b4734d494779f20
SHA256 19c35408fc55b12d11cbfef7eba03e557dba9f1774c831cf81929e7c2fc89989
SHA512 9269308bdc02cf7e61358c99e32605579967392399a9d8a985b203c3e436997559e463d46d10a2e61f428bd613d231a4d7f8922191d494376eb34379d0b25ba9

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe594cde.TMP

MD5 38e21cfad04e91a9138edea7bd245db7
SHA1 ccdd6cefe7845ed72e3741b16df0a4efd013f2bc
SHA256 ec52872331e4f014a12d8c1c8b485ca5feee20e723e1da77db67cf79ebad618a
SHA512 de151bf7bd09555a55346260dbbaa30d4ef055b4100b3a73b4938f3abdd6e471adaa1ab77d09bfac5d1f14664e84a172ae41f0bcb011055b315e2d5c8b776691

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ce31f8fff7d16664802d914b744f0293
SHA1 708c091064a5b7397f9915a96c10d842e84317e5
SHA256 e9e7a9f08482417b0c89efa6c874e7fd94cad6ceeb42aba04e1df5342a3a2e9c
SHA512 ba9abdc6266865109b6de1672232bceabe134e8fd7cddb00d4c7e2dda4c5819217d165fee8cf1f16cee99c1511e153eef63195d9de68fa4d50ebc1ab5926d7bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c3850955b5245371f86c66175c021d8f
SHA1 daceb526ea84dd475fc41596a5013589822592aa
SHA256 24d8e388ec9fdc4f70a833b647544988094f9773f1eee976ecb02bf8724cbc86
SHA512 e82a5e605f7493b0b216789e39da420f58ae8ec873316066f0dacd1c8f18aa2e4e64c9f336f3f293731beb0df9d784f64ce09797faf3830fb520a168ed78f029

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d3616a8ca9849537be9634b130462bb4
SHA1 2e1e61534d034c228f370eaa615bc15df2b17034
SHA256 8a72f37aeaab831f23708d94b6e4ea63dca3e3eecbcf52cf20cf350334da4fa5
SHA512 c3c5f61fb33eb9d6aecfd01783810a4b48fe6df5a47d84e6c6f1a5777b0fcd68f39b292f0428331ca162f4ecc5c9e2f71773daca4cd95f0499922b98d050f4e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 523dc1e34093ee182175b1033be05fdb
SHA1 1548d807ab2e041f2fb1d0cd36b9ae4383679421
SHA256 f28ce898a064e13be3bf0f48d483415f449deba449d560b499cb5cb29253f3b6
SHA512 545037abec5b45544b1ad16922d2c5c6796e0c9ed2f52e83ebb2cfc71c2bd3d9d8f7182c1bc7465e7377121435301b4526da28e9aca8e1c130fe62ffcdac4a73

C:\Users\Admin\AppData\Local\Temp\nsfF88.tmp\Banner.dll

MD5 a1b9bdee9fc87d11676605bd79037646
SHA1 8d6879f63048eb93b9657d0b78f534869d1fff64
SHA256 39e3108e0a4ccfb9fe4d8caf4fb40baa39bdd797f3a4c1fa886086226e00f465
SHA512 cd65d18eca885807c7c810286cebef75555d13889a4847bb30dc1a08d8948893899cc411728097641a8c07a8dcc59e1c1efa0e860e93dada871d5b7acc61b1e5

C:\Program Files (x86)\Xvirus Anti-Malware\database\heurlist2.xdb

MD5 79f93d30a3c2951147e12b48c72629c5
SHA1 db8e3db25b94934917d3006686488efa0b487450
SHA256 a2a9a4e8c0de5951fc0a0324380c11a0620b8567a6a43dd416975ed25e30e576
SHA512 52521263eb186c6939efc54e3ed8feb07af542a1b1d336619e5bb17427be8daa0f6a0664438eaf1e68c9ca82069d3660c7c9e0806f730f1b755772e2a8d8f9cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f2f71317814d201ee85a60407d3e6562
SHA1 8b878156a969217670e020db5c45652cd798880d
SHA256 48b9f0d25ce13ff4bddfb4807b9134bba5c30795e14173bf35775e5f3397b62a
SHA512 3e5809d8b90aeb31ac4e15e287ede51b45663b04c45f4e0c33d6c853ab190ca01ff76e18f5bc9f0ceecda721b668033df2a762363beee87e27640ab7803f593f

memory/6496-1903-0x0000000004970000-0x00000000049A6000-memory.dmp

memory/6496-1904-0x00000000050A0000-0x00000000056C8000-memory.dmp

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\4d17f348-d258-429e-affa-6b06514836c8.tmp

MD5 ad335f3b44a26711bb45e9839c504218
SHA1 0bb910264f349451ea7a57249d94732890ceebe8
SHA256 c5e64728391ebd9e4d201e0643bb6fee4656493bbea293dec6b146e8b969222f
SHA512 46b994a6626975b06718d6b863ca346a707536c5193d41e94bbcd69e282852b4f31682061d5e0accc9847d238f99b070cbf78e6ae735b35d62e0ba3dd3dcb2fd

memory/6496-1914-0x00000000056D0000-0x00000000056F2000-memory.dmp

memory/6496-1915-0x0000000005830000-0x0000000005896000-memory.dmp

memory/6496-1916-0x0000000005910000-0x0000000005976000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dhvpqj5u.i0b.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/6496-1926-0x0000000005980000-0x0000000005CD4000-memory.dmp

memory/6496-1927-0x0000000005F40000-0x0000000005F5E000-memory.dmp

memory/6496-1928-0x0000000005F60000-0x0000000005FAC000-memory.dmp

memory/6496-1930-0x0000000073180000-0x00000000731CC000-memory.dmp

memory/6496-1929-0x0000000007100000-0x0000000007132000-memory.dmp

memory/6496-1940-0x0000000006510000-0x000000000652E000-memory.dmp

memory/6496-1941-0x0000000007140000-0x00000000071E3000-memory.dmp

memory/6496-1942-0x00000000078C0000-0x0000000007F3A000-memory.dmp

memory/6496-1943-0x0000000007270000-0x000000000728A000-memory.dmp

memory/6496-1944-0x00000000072C0000-0x00000000072CA000-memory.dmp

memory/6496-1945-0x0000000007510000-0x00000000075A6000-memory.dmp

memory/6496-1946-0x0000000007470000-0x0000000007481000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8115b6205ab2d9eb93a2ec3a2ee6334
SHA1 3d2346f8188267c0da8c179a1a57581d1cd86c79
SHA256 004bec59c72276b6b9dc7933c825068499ae946dcb70c31b4776845f3548389f
SHA512 df6dbad247211b467f0fa3128f18cbca22540632e8dc1d8df23487d0a0ba7697270f26cb950251c0ae676f44ec9f2598439495c5c53a59e80f3996cbad19bf61

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 50008e6195692588f2ecb85761c2677e
SHA1 73ae18d42bc35a60b3de3890558f4d82739a7831
SHA256 22a3613a6490bdf74489baf79ca08306bbca94217db59ed5eddbc49cbe998d6d
SHA512 58433df180a84806f6207c204afac11cc6f4f621807253a272e3e5610526dfe234058c0b3ca0d0feeb233b35ead4599d39aa62297472359fb15d4e0a42c1c29e

C:\Users\Admin\AppData\Local\Temp\nsu8E3D.tmp\nsExec.dll

MD5 675c4948e1efc929edcabfe67148eddd
SHA1 f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA256 1076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA512 61737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 0e5621e4ad1c37555a9d17c177f918f7
SHA1 9dba9620096cf17313406c5a8733d998b22d7d96
SHA256 fc4f3198bf5dbfa3a577fc8a5abd63832279a539790d0d786792b0d944988edf
SHA512 fd1ca81b1e28dc4c75cb9263127ffaa10ca443a2fa018b420c777f808f269e58aee48babcc3ee348733d437796c8d4f70c60d161a3708a100957a3b4b70178fa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2190521df4105d8659272e5f0e33d827
SHA1 8b7443ed49038ff301ebdeaaceaa435d2149bb46
SHA256 627a2cb9ca83fcd5abac58086cc7558e399fce79b5429d420590c5ea6f91dde7
SHA512 30b508370fa2df79cbeb3f3d8ff684d33e4dd95bca27463614e1d6cb95308366917c1e956b005263a29f7ac97b5c5b399905e70da83fcf61f013c745ff562a6c

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 586260b141bebe1a5130a84c3eebf7d2
SHA1 103502d5be6f5b0324c4c0f801d1602091780d8c
SHA256 620d8994dab1d88cc9894258e012a6ea498f9a517fc0c813cdc2576835254b0e
SHA512 e504c4ec0a74a944c4ec209ac462b8b2bf5a9e4cf968728fdc28f8c2aa1613c29a4488cd19157486b10c1d5de27c946f8a2b37f9c88f78b38c6f41e9f7cbb75b

C:\Users\Admin\AppData\Local\Temp\nsu8E3D.tmp\SimpleSC.dll

MD5 7b89329c6d8693fb2f6a4330100490a0
SHA1 851b605cdc1c390c4244db56659b6b9aa8abd22c
SHA256 1620cdf739f459d1d83411f93648f29dcf947a910cc761e85ac79a69639d127d
SHA512 ac07972987ee610a677ea049a8ec521a720f7352d8b93411a95fd4b35ec29bfd1d6ccf55b48f32cc84c3dceef05855f723a88708eb4cf23caec77e7f6596786a

memory/7884-2009-0x0000000003250000-0x000000000336C000-memory.dmp

C:\Program Files (x86)\Fast!\uninstaller.exe

MD5 7b84320c38dec82dd5dd432f2bd40b93
SHA1 9d0050434cf6f3b71bd404eafc77fa9a3e3e1924
SHA256 301d71a9350673254bb2c7e0f2954217b46b876d9af393029bbbfe5f852a41e7
SHA512 8569263ea8e405f11bd0d2d99949ec5f84f593d8a2210c2a82aabad5b98969dd79414f0072cf3b79d6ffd0703dcb73fbf72a2c56a75315fa4d89b50c024fdc28

memory/7884-2198-0x0000000004B80000-0x0000000004C9C000-memory.dmp

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 3777e1d4b387039e95954a1d5a723903
SHA1 11e994df923afd1541a40cf33a6b1b907d8e13cf
SHA256 768cbeb31d9d7f83167babd24a0e7de4f526cd083d55a9ff6035267e0a22548f
SHA512 cf201fcf225780a534834b66d21282b474777fefbf407a573e1a242b459b1f3f5f7318fcc615e7b19b6eeaee90876b5652330cdde4a94a97d9ea7b86ca9320a4

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5a04c4.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 98bb5445dacac20558780576f2ed3c05
SHA1 687b4ff21d7357980048f2416c779dd5b3f08f8e
SHA256 de760c687528df3f59198bc26b1f66c6c964bcd38590c1a25f397bea5a72e104
SHA512 2db994414a018f63f214f25119a682c3a57ec6e397940adb04751036bb8088fe3bad4272e1e086c8a943f31afb4e21e4f63e1913ddba1c3fea9503ff4b199e34

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Code Cache\wasm\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_1

MD5 259e7ed5fb3c6c90533b963da5b2fc1b
SHA1 df90eabda434ca50828abb039b4f80b7f051ec77
SHA256 35bb2f189c643dcf52ecf037603d104035ecdc490bf059b7736e58ef7d821a09
SHA512 9d401053ac21a73863b461b0361df1a17850f42fd5fc7a77763a124aa33f2e9493fad018c78cdff63ca10f6710e53255ce891ad6ec56ec77d770c4630f274933

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b13e5ec429689499ae4d6a4531551c10
SHA1 7660dcd54c817faf960c186c2b87e48bba13c928
SHA256 c86c3e512ba8f67ada9583b14acca0abf4206bf805518662a0f70ec17956dd27
SHA512 65a5ec390fe8c29004e52cca8d2c11b4988cc90ad08298bbdaa6cc878cc88ca64bf080c3677715e64455e023f4afedc872f824d6bf9b7714cdf912851097581c

C:\Program Files (x86)\Fast!\BigTestFile

MD5 1486c3cfa887dd6bf1a9fdf7bb633f40
SHA1 e2808990cad11f3e6c238f937f5ca212690ec9f4
SHA256 0054b3cdc51d141e95cafae7a64fcee1255088f6b2d9bedc8a7e4b49e9adbcdd
SHA512 5567a8353838297a6c1ed7503ebffe486139280f1f9d1dc5af989babc4b502dab7518da2d2857e19db356be25647becb4b847fd7790981def8083860c73c4ac9

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 f3de62c54b22058b62ae0de88072e783
SHA1 1fe15d711a799dafd2c7f47f56e63273c77aa6f2
SHA256 7d9d3df2cb6ed26d083cb05763ec754f9ce63e13a78a1f8b97244114f7f88973
SHA512 d39ef06f0273ae7df0bc7bd273983793f163d7ce2883c5bf11f8cfdcd034c79d4f6c613771a3726e1d62ae1181f722c4f91cdc0f0b20c4b17ba6d87167871551

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe5a1994.TMP

MD5 d86360428ce25eb734b7c2d6689d514d
SHA1 73c4675a993b246e6873eb8ccabda342b3a7ee35
SHA256 f1160b95f11c5323c34e64d62cffd66b09c5c7f917dafe2cbb7e27db00dbc2db
SHA512 eec5fe7651426c0fd9431cbd693918d21e925fd6e8a6a485e1f74219994b57fa989bb031f5ef0f167e7e4ce228f47adc4b4a3f070d0fd347b7f4d3b48e6bfeed

C:\Program Files (x86)\Fast!\BigTestFile

MD5 aa9593c4ac4cea93eb2f720858c9c897
SHA1 ba0669c9ff13a6f2faf77de4bd199ef8164929a3
SHA256 0eaf6a2a293ffb68f4408fd49f5353cc45bfb4383ecd727bdb6ba18de0ebd02d
SHA512 4457ec7384402257c96ddcc2cc9b6fec20522c39c97a09432f924742630888aaf4d9d4e83e11097c6f1262ca9218609bbc7be97907f57dd456143edd54aa106e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c545b22fb5cb6b5b8281fe1727683724
SHA1 ca65dfb1e194fc1682a293d34f27c73955f46d02
SHA256 3781aa2dced657b6257b66fdd41017a06d23e7e65dde02b2e40aacccb0bc5b02
SHA512 250a17ee6d6423fa8042d16f87d459987d4a8aa165d7d1c181238630cc7898711aaed4d7df091ab851cd29c35bec52e0a7736d88a153bdb34126cd0b4e5d42a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6778b7e97fc0b0f610068854fc24232c
SHA1 f79a85e196a5f4a0774f4a6796e5ff0454042e83
SHA256 eb93b9fd239ee5014acae3b957740f6bf32558e90a37b83434e08d8110ba3800
SHA512 ffe0cee0f49cbf852ac507248f0a9ff5b384e60177526415f480b501a4bfc25b252f7c0425246741b01d8c0ff7674cb03a36e162a6cd7e98417ef715da93e7be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a259a.TMP

MD5 8ef837a1fc2418ae37ff04b81398bea3
SHA1 6c4cdd8de9fa4d5867ac8eabb1b1568ca9fdc2ac
SHA256 522b4c399bea7de2c6ffd911c9fd1b7b3499b9f5272a6410afb62f906e1cc4ad
SHA512 54144f8e08f316109fa1f53c3954c23fbcd69f7df5fb40582b17f5e6a8267c2fe130a1fd3e19b867882eb5db1ae3cde5fc6f28a16162ae073a3562a319b3ab93

C:\Program Files (x86)\Fast!\BigTestFile

MD5 83976b6c1b43efdf7b3c714e02481b9a
SHA1 8de4f0f1aaead4f1b4671d417f01ead30976f25d
SHA256 bcea0362e256edf5d4a598f44c5259153f85e0c078c9f1041364eda0ff8f1c7e
SHA512 a23a654752ba60fae8c4fd40dfb8e09692aaf0451cab9192d6f8f8ea6ee198f7c097cb65e1f0ab09d2e84a00a597727133b468e44da46ce26b4f1fa79088a83f

C:\Program Files (x86)\Fast!\BigTestFile

MD5 6c025d3349ee8c429db7cd8b54ba9bc4
SHA1 7fb09a2fe85514f2722940cc1a7f4b402de527b5
SHA256 55f69927d0dbc8932ba4c584d8c892454061374822a43acdaef639c878e9f26f
SHA512 7d2173eb24dc583a98d81fac9a78ee9f8590256c7b8d2ca8fee44dcacf190fb29becd0fc821287c545e2a9318f410c9a205f1704950b53dd942ae10626618c3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1140fbb61ce02f694b0d6ac7068d1c46
SHA1 d118bfd10c1681a27edd444b3532dccaeb202be7
SHA256 1172387dbc8634897c42a653dfb3c5be3af2edc29defb6537879d3c23fc1c98c
SHA512 2df57f72da239ad2c82073ab66631c09e8b17a338b019f34dab9123977b256dd4fa2ef56816eeb98ddd13be27ad267e50fd1558cd71b7aabe496367cf376f1a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d19d50d41ac9d6bfee8c0ad21ab7e0fe
SHA1 042638c86c47dcaaa7045f624b3755d4526a3cac
SHA256 b7fb22282191a1caf2584dc5927bcf7e4093d4c2d96439ec2ed9ba6f98ab3b80
SHA512 de8f89774bebc3e03a2e4513ed9450cda10ccc0e9c583fde7a941302d92164568a53fea83c47c68d58011cbeaa563087197221fdc9a2f59e07230388ca9a1972

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a0cd0839fce2e1b98631838c75976c5c
SHA1 bd7fd0a9a2775b22a1c51e1b0c46274d8be1350c
SHA256 a7712a09b3eaa232b55e56fe5092e5cb99268c49da58802620c88e857e04840e
SHA512 460c1cb46cdf9a8b8b55d4d09ae0cb60032ec8540a5e17adfc42ac96d239b9f17f6f7cadcbc1945d8f9dde7494d5825c67839203f337afb6877ae881d388ad55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4bc74da4f15a67a23a3818f975cfbf56
SHA1 56f42a8ffa2779b42a003e6d9e1a8b98387c6156
SHA256 b90c015a1b3d19ea0976533d915c3a4137b2134d6395dc42e83043c0d9a5447a
SHA512 077daa997d8c1164c945d81a9149d2fddf844eb2a800d9838296f0778ca7973ca82ce860ed6d8816a905f09391feaf33ba4925e2ce69721efa14846fcbaf76fc

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 8697daa1d467544bf5983bcdd7ffdfd7
SHA1 280531b976182872f48f9ac9047af0ad3a79efc5
SHA256 87662e17ec2d0369020dba3ce493027ec8a8a06b2d962b43685b6710ee947a95
SHA512 a28ba993463b10a935ebe171bf3eb6fcdb00add481ab73f56c0bd4c68ccea65332695d4a56fd91c78692fc0948055f5de1c8198267292f51bbcaa1c469f5b122

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

MD5 49784ac8c5d7085e7633767fd88a5943
SHA1 6a551c92abfe2d855949a039a0421e44ed58c151
SHA256 5c2523b5594a33327dfcb7e9294f263a7142cc6c42bc5638e785490e91b92dc0
SHA512 a4eba22410f81038d732fe6ebc91cc822f139cb05ceb0360113c2e4c2646fcf698a3ef9bd72f085135d452906d214e6d4e384f4aa1d942bb07f5eb18cb6b6c39

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State~RFe5a374d.TMP

MD5 89fcf0058de34e86335fb167ad4b5b65
SHA1 a167a61157b4f310b7f39d9b23c953f31073e1dd
SHA256 7109ac8457a5549d45e9e7bb67bd9506d01a4dd35bc8189a0f8278538063ee9e
SHA512 24bd811496f20c5bb7d5456f770f16975e7c4ef2f6d8ea944c6f45f7391fd3fa3983811d829d466cf4286c44d21508f02f319b2378ab4044d282f91841356755

C:\Program Files (x86)\Xvirus Anti-Malware\database\viruslist.xdb

MD5 f7041ab626a0961fdb3c83e2657217db
SHA1 5429ece8fe0cb867f8e858c3b43bcc77867f7c8b
SHA256 317465f02ec0f13cd34414ae606142683f8148b089e3697469c661ab62adc9a1
SHA512 b2ae29d286d291d9dba73978860637ac8094e92e431a59788a361e64f2f0a9a41ed799613a83dcea26b8cdc2327e275b92d9af217c7e58e79b53ada21a6f52d5

C:\Program Files (x86)\Xvirus Anti-Malware\database\heurblist.xdb

MD5 d07377976836df58ce860a1326739771
SHA1 89e1c8d7f3d13063f3928be28c5efd294d71d43b
SHA256 b7f1cdae502506c15151a1bcbc72defa0eb1486347f593109a61d2e3199cee92
SHA512 31a941af50393d497dc68b871876d21fb15f6a813fc4dbefca46f1eb4272c61a9aaa32f7d49b9723521b1a6fc63ba4160d5e1ac9d2c7f38f8890e2ead385bf8f

C:\Program Files (x86)\Xvirus Anti-Malware\database\whitelist.xdb

MD5 b4558fc44e0371fb05b8f0579e7d217e
SHA1 386757c41409f3832f42a8f297976f12223730ca
SHA256 7af7264724e3b8438c9a7c202604e9833d4b707c93df09dee898c14620b360a7
SHA512 ccfb8484fa61e5e01142bd22a23d494fbf37d5265dde1726caa2685ae27db076fa17b57db9ddd60f2895a74b8e72fadd89f67de24e3e4764aa63361457b0c911

C:\Program Files (x86)\Xvirus Anti-Malware\database\dailywl.xdb

MD5 d4179da30d92a12ae24a9a7a135c8d10
SHA1 7ae6c15d888e2b1150c7ae51b1dedfda183fd619
SHA256 ba0b5b1d761610a69c78182a7f1e09d526bb193a6354e2450c0f60fe2af2a9ee
SHA512 724f3b99f3cbdb4c6a034d33063f1c5436ee974bc7ab3e24634a419120448eac2227f6c5c0768159c522d91fb818c3e3054e9c12f76e8e50f6c227d7b93865ca

C:\Program Files (x86)\Xvirus Anti-Malware\database\complist.xdb

MD5 4fddaf72e2c9f534079b8a976e0a741f
SHA1 4311f2268a9df5a814c610f7888c98e0502a14df
SHA256 72f75d6ed4f2ff5ce06e86e2f1308470cbb8c1ffa3f708a7c9aa873485644d27
SHA512 e176593709b59632c5a7db0c2e4289fb6b314ee2266e51f33861b650773d99d077d4e36e219b2ecf6e27c538e6230c9539cfd03937d0f89604ce4c0c3a53b57f

C:\Program Files (x86)\Xvirus Anti-Malware\database\malvendor.xdb

MD5 ec5107c5da71408b827e995902488837
SHA1 ba80987a375a48b328fc296cfdb51442c61be2bb
SHA256 120eca3a8d98f0b15b43cf4c6891606b27107aa869152234a23dd23f06d973e8
SHA512 6347d52ecd73f13285c0fb6b70f08accc90e716e45bc40f9c9fbd38b3cedb13985a335aed14da2dbab97ad224e7a57cd4e4741203a9eb905ec887b0c7d612778

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c3fd75f7da53aa8af754bab5b802b128
SHA1 97326620ef82186671bee014576f2e06a95a5e23
SHA256 f271114d841f79d1a96f3b7986d147ced770b5242a51fffd231864f9f0371ebb
SHA512 7237f52dfc8bd75640be5b9ddb63dcdd8ae09bc0a50a97b72e654ad0e37d4f34d1a63f39532809a11408a44aae68aef978a94d28274234a6d29772fdea5cb831

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 978e207c7d0673f2c9597bbf3a1ff1cc
SHA1 16b10872f2e3cde6357ab45f316e2b5f108cbdeb
SHA256 4e35febe611643af816e824887489531a0413d345b363121e552f0ee2c8c30d2
SHA512 c281c5364ba49fe98118e16afe85193bf55bd92d9964a63d8cc3b6183b668c835b06e2d84ce2f5c53143edac89ee2d5cd161ed09949572f3a31a70623b484572

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d395ed1f019ee47db39ce8cd66044468
SHA1 8afad0a06a61f4e1fdf81e53a344675ea677c869
SHA256 d42a64411f0ac7e9c77bd8f5794e5bef131b4cd99949f55fda8f2b404dbce0d2
SHA512 adb0a5002c026cea9403a8fc1e0d5abcb31c67eab73c0874ef8d9d3303b2feac6d0bd91aeaf9abfe8288fbb2c72ef9a2db92ff46956f97a9d4177a948b4b29fd

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 22019ca8c5ef582f18bc9d2a09b6cd69
SHA1 6a87267dc7e6893107e7ece2bcec54b627dd3f7c
SHA256 82b3b171974b3a37e89b3d1387d0c0dfd1d99cd47d5854716816bd1feb7bcb80
SHA512 1c9cdc0ea3e1e7deb46dfb8b07fead6b44756af2e96845eff1a047f70cf5c375560d1c21d4cd4da23ea9d7d6ea4a223f137ebfd387c30ab675e7317a23c2da62

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences~RFe5a6b9c.TMP

MD5 b32a435fc259f7a62a8da13f082e87e5
SHA1 dac5eb5eff8bc58314b3ca0a381a6a68b7bbd4a2
SHA256 7fc46200eafbe7face15b4090e0c7306e271ace3b3a5ca25e5cbac60237bef9c
SHA512 5c12a799507728b45775e15872380cf9f924bfac74e1bdba7a30727a02021c43df61dd5f287de7d46c4c1fd8ec41260de61f0468ed59f1d9748315360a12b861

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity~RFe5a760c.TMP

MD5 1be00138fae30d74e7f9496d10d14654
SHA1 b26c11f6dabb15cc9fc1d9aeb2f591b8f7f90fcb
SHA256 b52cffcef1b6a9e762ce2da61e9bd9259cb5b078a3bba56325d957a86c4023bd
SHA512 1ce65dd55755daff476c4079938a8974c76eb5e5ee1c2f73f7bd1b3930df575b7c285ae5d0eb7e22c5654ab6d65863d9618a1fb1ebe909f2b685cdf54cd5774d

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 8bffd17147f5d5d78a0e67ee7803e311
SHA1 e3f51d6a819fccc468c011f35d5c9ed9ddf7049c
SHA256 6464d0381e987f0017acb3d9b096228aaf4549340d7ded5d04ef4fb16769d15f
SHA512 62a2cb39260d047bef6d2010914b88a342c9ebfe037c369c8ef6b990d1fa2436b0f82282a021171797d5c2b747559d41c7f34e793b24ee885067ee0ed6cfa489

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 0b9010912e83b8caa70c880b1064cab2
SHA1 e25eb46b225edd83ebb11759c3a49d3cdc030416
SHA256 7831af375d43609ed0a58bc2a5a9be6e114b8deb7ec5b0e360c6590fb974f751
SHA512 7188f102421d6f3f3fe33425346f798ba547c12d6878977b5bd50518e972cbdffb74470b726c3cda485a239b37833ff5e50d5ce7ececbc861d156a2367564f84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ab7f05a1c8294a64d6bc3cd607e4a43d
SHA1 c01c39699127ae0746c920c87d57609a09a1fb20
SHA256 410a753d3e7699f957eda3b4518144b2b3d7c16feeb793ce796408d20399df20
SHA512 462044acbbb5e8392e454c356071995fda781d5fece2b3aad522511e038be09b5bd72f4ff45a51c97aaebb3f81e67a1a7ce048a5fedbd91ae4f00c9b6b13317d

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 f3cc14776db43c58e88c454645fad976
SHA1 c4b6aa742d22294c6065b35dd90c1238ac4d11a7
SHA256 01727336438387863dcb440ab739149d1875494eb3edc8327725683d60ea3c2f
SHA512 8bb7433560ddc690561c43c98c452612ffae87899c2d05be6ef1f1f1745bbe4870bdc5035e541366efb0620e67ad93c6175f1a4aa34baf8a9996fc4790107c87

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 036598238f23c20c8436dce2397227ca
SHA1 ff59bb71ce5b966e1d6a9cd7723944246308c146
SHA256 b2df5b09f655ade1a8c8fb16dd2c9edc1a9f12c15e1ad0b59826e6911296c759
SHA512 4ec6fd63fd0ab1fb023b3a74f3ba4347c6c1eebc47e429cb40f8b9bd7d0e77689cd47adf1a8bdd7ef3f55df7a6c0d07e1fd2479a6b7d895de892738a984a57e5

memory/7804-3080-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

memory/7804-3079-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

memory/7804-3078-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

memory/7804-3090-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

memory/7804-3089-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

memory/7804-3088-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

memory/7804-3087-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

memory/7804-3086-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

memory/7804-3085-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

memory/7804-3084-0x000001D9348E0000-0x000001D9348E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 886cff23375aa6e3e6809df879f1e639
SHA1 d02ca80e1e965a0047ded22c655184195660d5e1
SHA256 83c019bb86dbed80c3b3708d2ee46df5725d2204778948774ae8c19b70f4e4d9
SHA512 74caa2111993a03fd32112efac212e813046df609c8f42123be77526492427401874c7eb0d9dc8d21e5b687c526e22bfbfd51423a3ebfcdc07ea815760b35d17

C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 9d1ae29e454d29cd362b8fe9f0d392d6
SHA1 f351293c38ab12178de41dff5b0aa8bbfe2fdf97
SHA256 9aa79d72f7a5f833ddb3feeeb4aa64aeccb0b614e1ad1304b156b71431364a25
SHA512 5156f68e9801df224e0715c3eb08ccdd34f4496c4923569dfdf5988c73fa766ab353b0ed7ad6f304c4de24f55dcfc6fa1d0c4c71cf7ed9c84b0d62e57cfe220b

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\3hpxflwn.newcfg

MD5 0b5652915a7fee593b7dd4e5e2f1acdd
SHA1 a2629c22741e1774d6f973523c8749f89a4113f3
SHA256 17df5b446179106296b49e20cd672ed0771c9df573aed4783c4143448f3eb06f
SHA512 efc2ce1e4288a39bb29787fd8a37ba4a3c841c0baf29a508a28c66ccc0d540a676a8fbea6f8b61557507b8a1c16af8b806e11a18e28da23f70c3f59b46a1e2a7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 7c3516d3e83c7598fc5a0aa0f8cf0b68
SHA1 e07b628982158621451fd07b6ce5d8f4f39e6154
SHA256 77a43cccc5c99a9971a4af49efde65ddb40b459fe58a5bfb8f4c106089a942d5
SHA512 e05527dad07c75864895a3359f9b9724cfc5102bf22540accd04a8a2a0e90d43d7474a3df7d571a9d4b11d7ed0b5198fcedce589f71df7c51af4a37aee8e8f8d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 756b206bc41013d2cc16ec2a0c460a02
SHA1 a51704d88054207f732bc835d9c7e1a7bdc8c3c8
SHA256 232511d587faf89b65a6f91dbe36404486ff0f6980af05aaca6569b97357747b
SHA512 773fbee24ae9870f781c105e62a3e228d112605ccdce79c73cf331e4a5129de81b98bea9c35fb8a5c2d0e2f8c9d6935b198a0ac2afc7212289ed20a99be0a615

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\user.config

MD5 5d8a7fcb186ff0c0d0518021d528616c
SHA1 e0096493291b121e0ab7e04cbc7ba1734e5a810a
SHA256 60cace242c707013ac5f3ca91c39740ec98ccf723977833665d96fac7d336eb7
SHA512 af620b42e4ec73216c87193d5d93c0efe8e86131a645bf12bd5a0791bd1fae67036fb3ae46d4ddee7bb290d4135de77f61fc4e9d8fb5b22c01738dcd612d5b63

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 facb9a9759aaaec64d4eaf2b6caa3425
SHA1 025100734ae0ac06caba7beedfa7ff2176d5cddf
SHA256 24da3ebc091802463b6acc0ffe46856819b522952970c8fa842ea1c2644282aa
SHA512 e21477d04b7bd2b3865200891094362a781d5ec2b69251b265c8de7ca4a01d1c249985d7996b945e43d9088820112b195ae9fe2f559e792e4a866e468855c23b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 67952eba595b586c175bf424523eeb13
SHA1 e239fa0609e1d5c5fb53fa5ba7862ffc0f50290b
SHA256 4ff4aac20a3338d829cb09e98ed8e50bfd5415d5e86b058d0696a5c1d5592ab4
SHA512 de716dee4761cc7092ded75ac69a4c94d22bfe03fa0aaf83e307c6a7c8c155d3dc3b10e6e0bc12239027f04375c07b1ee711b132ed0b80f2a1c4a638e7bab46e

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 9537771261558a7cbed5467095044ba5
SHA1 deb9ee5f884dcd5f717feb81fa3a58c7e249e766
SHA256 8c02d970e7ec8e08e4566bbaa434b588e941a95e0985971c187b1bcbd7434f0e
SHA512 67869160d82c4bcae0f266539b700064e71d603e002c286299127a84df0e50e9af5a721b40edf4e5a61c9ee9197572d61065bf4d4eb02ec5ab1007563ba9d388

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9047dd1c22872c5d3da501286b765842
SHA1 7bde77f3de39f8324ef36ec00d5eb25155bc670c
SHA256 979119b6646df53803af1df7f490596bfbc401dd3a515bcb0d79da97db38be09
SHA512 791d84c76d13172693747e54e8595c9783843625a0b5b52aa364bc62c029cfa668b9b2e941f485cb6bec3fadf821953dd7148dfb2ade70de272e1f2a61636442

C:\Users\Admin\Documents\xvirusAR.doc

MD5 322b33205a930bd4fc9b23b4e9dceb35
SHA1 80a87948b9321298f3c9da6cd89c4767021a55dc
SHA256 93799737c9501a445a63dc6eed17ad714c7695f2f5d0786c20b8383f496bfa8d
SHA512 6964dc2e7a4d2028ac0db4fcac8a4aa036c67841c427afe05749e41fc98aaa5630b44479ee3bbd641777dd29ec433f4a7203877bdbac032a6053f891ff49fe5d

C:\Program Files (x86)\Xvirus Anti-Malware\currentlng.dat

MD5 78463a384a5aa4fad5fa73e2f506ecfc
SHA1 649df08a448ee3fa90f3746baaf6b0907df42c91
SHA256 ba118bf7fc9c1aedc1edb28a0aa86e0b43b681f222af6616e13c43be87815b06
SHA512 5a4acd4a4031752345b08526d089f78613752ab168d089524052e03e1da17df5b01853bcaee4c352a576a4684ed0b8e874e7665a4c19227269c8a6688d7d8660

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 88268014010071b45d07ffc0ec5d4ea1
SHA1 5c3d77abd17eae3e705b853a985c97f54fecc738
SHA256 91050b4a3b6ae28e89f0627499d7a53c4ec304bbeb54719782be4a3fdeae66e1
SHA512 992d8ff466bd098182c925d22f3406a3814345bec997deb743c32e1d0ed11b741fe3cbee7913c13cc61285c5d4c4780d3a44d7247c468548f3489339d5fc7df4

C:\Users\Admin\AppData\Local\Temp\Tmp4F2B.tmp

MD5 880d1ce466d1bc8f530dcc30713b329c
SHA1 918bf67df54e12d7bcb467d78d6ad7c79a21df25
SHA256 55ec32e302dbb50c530c0bff5d18c5a38f629d93b312053867d43e3b04b84517
SHA512 346cfe5a276fa89c06348c17356fcc79ef0451a7cc7902d927b2ccd18aecf7ed353059437d5e66bf0301c596e92d3151b1ad42aafebc70c847cae0278eace8d2

C:\Program Files (x86)\Xvirus Anti-Malware\database\dailylist.xdb

MD5 eef1f449a6e43d8c9c3fbb0b5c0ece71
SHA1 83a929dd87980a91f02c2ba196bbe0bd0cc71b65
SHA256 71e56e4e835832896cfb05c525d9a48312f42a5db62c4c27c451200fcf5f0da9
SHA512 c6f843d1a42865921c7bf807fc424896892c32b5046535e4bd951f6d81c5d4dec981b764126a8d10d68ff692c14b5b927fc931e73c142fd81f376f9131d8544d

C:\Users\Admin\AppData\Local\Temp\Tmp5047.tmp

MD5 49d01d2bb54cc8ae70bd59e699d846fb
SHA1 7edf56b8de4ac9528c00621671291125a5885827
SHA256 18f4d98ff0638cc308214ca4e22530bbbc95054206f40513cf51ef4b52896620
SHA512 39277022f55b93da13293b40260595d949df9e9507603187e11c1f1429d0ced8e86bd651911e4b1a7447beec54f8205169167f113f167f6fdb8fccf7080b793a

C:\Users\Admin\AppData\Local\Temp\Tmp50B6.tmp

MD5 7a3f40989a178e0836e1b2ffe7e2f0fc
SHA1 b34db2b72d63f33dbef80fb30e094cc0a91d6322
SHA256 28969cdfa74a12c82f3bad960b0b000aca2ac329deea5c2328ebc6f2ba9802c1
SHA512 fff202f312fd00eda106601b2e7abeafe3edf1395753c76a088ddd7de34092dbff7bf054053f837abe555bc7bff7f680cd1ed22bf83b476b6c1812b61fa602a6

C:\Program Files (x86)\Xvirus Anti-Malware\localwhitelist.xdb

MD5 a3c6d5a2c50d2223733d8eb9b346b3c4
SHA1 e8f001970f008d214dca0f48194a4d6c396dd455
SHA256 e1c2b886533f90fcfa26b3bfdefd499736ef9bcc100243e9b0e96e9ef79eda82
SHA512 7bf477fd609908c0901949b427ffbe0e7e44f7f75a39f09f7c0164758846ae3a0e89e5a8c5eb88899856f04305aee9c558402df0828381fe9aabb5a922974523

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 7ddad6ab6f08828a31caae5e31f42d65
SHA1 a1cb88648c202c1f2bb7a68c6222e1ce9b179192
SHA256 b5328554b7b5ddc83ba7357229e0fd8a25ae503834393902a465c39908d759a1
SHA512 5f7cadc76dcbb03c4cdec336dc3d88038ee47c15fd1f2623d5d1e27690f955c5620787a39f80011a0a9b07185e765d557cf5f20863fee8e8805550df656d857b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 abff7c60ae8822d24caf35fb2d334999
SHA1 3a5d7fa53bb3e598566c232da75a2f3a44fbbf7f
SHA256 13973fb5b9c2d5247716a0efc5b4834a7dbd2917fbc0540a350d2854a98899ef
SHA512 bc99b4b34a112fee97ab35e887d9801303863afa50c5b24ede19b2887447ca8bfbafcf90bc31d1159fa5f4e345ec5a5942505e1cd2c6a052634e5e7066d8cdc8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d2395e95d6dbbb2c941419c3951d40e9
SHA1 7bffd207f8253bbf508eabb3a59bcfbbb7c04eb4
SHA256 a57e495e64b8b0cf55845778a5cb8a0527a20066507dd192861bcf4a5611d844
SHA512 809b6fabd218fd659eb1dc3b0932763ea29834c1d9bb36d23fbca57c6f5a7665cc13b1557288aa971e6e4467af192abd3b8d0e816064fad0d08e6642ab30e4de

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 1b20fe7fe439f22d7f60b276f6aa7abf
SHA1 364fa9f1dfac40ff1ccbf04f98526164f5874934
SHA256 21730f6e5617139c4f8f49f2c44691150e6e3b7adcc5d0bfc905b9add8823d6d
SHA512 d9777d23269cf0cfd9928472f611f29ced01844ec6420f4524ee859eb734992466c1d9999cc9ac03c31af89bb998a4ce8e804277dcb615e17253d52750783da7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e5b919ba669db1240b6540f3b1872f8d
SHA1 4fa4d5e192aa1b76842f00cb4e9c5c2767808fd3
SHA256 8df09448ff0e65c82fc56ff1798ff1fce42cb31d5da945757fe84221cbc9addd
SHA512 f8103219c84797d165eb9f53655ed95d05df52d7b667cc40d20e6fcc129affa229f3e03cb491932a76f03a511615d569ed19a67af49589ebfcb475db97412050

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 c8ad04f62b4c4259be51ce4f21982171
SHA1 ad01e57328a2167cd3493b65c5a489f700bc2701
SHA256 e2255d01b7929d4362de90186f0da838999d43bc24e0254f37534047ff2853c6
SHA512 c102d911fd9d594e3dad854c4cf8c0a4ed46635cd80eb43081dbfb475052f38524acb1033210c8f8b74bafe0dea4cafbb76e5195686df16e8fad918c8f01c32c

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 86046ac1cc9a6827ee92b22241d3bfbb
SHA1 5241f1af7c57991533393dc3a5a288c8dfb4635c
SHA256 79949623157c767b8e8096fd357a42d1df8f5926134e32e3f557948a9a0eb8b9
SHA512 0371a5074591acb48d33307ee2eb46bba027c537c4449839fc93bf198b9791b4ee04b85af961ad56aa9e539a397ce8d4a4adba652309a51af249764de2c90cdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 31c564f9febb19eaf01272c32f1829b8
SHA1 bca71337a6d27986df264550c947a2ad699fc3ef
SHA256 970544839daf6cb9390fd4fb1c0bf970bd5d1a0ffee38b7ca80effaccaf49fe2
SHA512 1439a383cf6075be8dc85a4949fd46985d837170ed5f22d139a1f7a196b1e016febff3b38e1aef5fa5f6d55bfb6c21e7afda37ea1dfcc5a4d27ed3dd9f06164f

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 4fdd91f20c76536ab4ffcab7c9ecf777
SHA1 c3238eaef5ef0a48a26006026a40b4147371628b
SHA256 94438b3b722db271e08c36cc9e4369bea25051611a37295b5c25423b6f7250f6
SHA512 3fbeeb60a70fdf4400dc050dd00cf23ef5b361391c16a1bda2595e25e9fa80490a0cb195ee7f3139512d7e83101aef1f0ce4ed8931dee11ddccc51c960a3fc2d

C:\Program Files (x86)\Xvirus Anti-Malware\database\reglist.xdb

MD5 581fc52a4747cde5ac82cbc0326ce1af
SHA1 d4ec8e035adfaffaba3a1a0e32745c5b000be10b
SHA256 41fba7fb50bb1ecb798d26c7d47d64e331d8acc42e31759a0ede169ea975d046
SHA512 f5d9ef7650cdd57c7c7358c19067e9a909adadb2217318328c53e7917c12bd0787b4c1e613956b3b4dce731bd5c97806d292959a943a62f7daf5ec08afd83581

C:\Users\Admin\AppData\Local\Temp\Tmp1FFF.tmp

MD5 fa1395878a522bcf722dee5ce8528bf7
SHA1 d08267e28ebeaf81b86c4630cee85fb9638666bd
SHA256 cb39a4052bd6e8223f2818ac7c853837ad2e6310f4ce3ad2befbb1b1c6bea780
SHA512 15fc67b07eab5d83db2abfc819d18903dd4b60f2677eb1c498b1b58fa392bad882654a0c106830e50de8f99b58cf1ea592cc989a187ec5b09a09028083ad06cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c7d82e2fab76ccb5d1eb8fb1e61d6243
SHA1 71a7b4abc0903222b9026fd5cb730170bfec5141
SHA256 88a90521e42d7cb29b630586406810144fbc2445358133db2c2c869b8c8bc0cf
SHA512 55e3edc1afb81eb31f10d9e1bde2865c7288fe1efce19b81d05f29d363a6e58a4fc97ef2dba662fab8a64b4fcc49d7f641a99d10f15e69907579dc0cd57365aa

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 9c5eb12f591e8edc9967b9f67644fbcf
SHA1 d4bcb6111b80598fdd9f97fa9fdfb6d38eaae5e3
SHA256 5b360ad93f594c84446e4b73f6e971c0dc1006f28dad86ddcff048924dd51cfb
SHA512 0c7439bd371769c6c2c7815bd5a60545ecf88ac9498e7d0409dda5459ca2306e207dd2dcb9b4112670c8e3ccfb09d42b0c751fb5a3f1d9655ec92d8613525bdb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 62a0592922c932c13ff20de96fc7fc1f
SHA1 387122a7d148d0af92159e107c45f378287e125b
SHA256 3d992d1feeccd8122487d859df0a993f090c7e4a60e7883de57c5cd611f696c4
SHA512 98f833cf4ed4e4a2c789610fc2adcc391b1f35310497676b2959bd7be6a522c2a06a9e9c54a26de7b31fd1d9d5380e7ba38afae7c7d4d0ea6438255c6153528d

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 1148537b2e432350f8dfc2683b9bf574
SHA1 8fe2e4ffd9b2b2c84fd5fbfcca3c2dc353b67519
SHA256 6a52c55263d99285adb0517798335fefd1a56edfee60ff733d05412b9f31a157
SHA512 a9aefdd7550badb7a2a0acbc1ec182a8326b98f9a139ea6e041a3d271ad506811c5e889c428351c474e12d9f45054e6c846a421d0ddf9f9d9bfe3d9e28f8f5ee

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 0dfe38d392727f96903f03f681ff71c1
SHA1 5fee9d6625026fa602f846e823fca6b40cea0edd
SHA256 4a61ee3ec4ee5f6b1106bf21cef34929d2a24e843f031b1c3e0a994d024f7b13
SHA512 3b4bf2aa45a3c86eaae53768182a5fe34f974ebbb46234d90c0dd0cb0d47189c8344cfdf8b14835bad55952027b786f027a729df8ffe3ad58b1735ce8227f692

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cbc5ad08f3302f1b6ab693e264bb824d
SHA1 4b25c019830fe6d60f99ef0060e18b672eb0199f
SHA256 b0b0b26a40b66b6c92c52724a59a454423d270b2c95f42a20001671a60f786bc
SHA512 c13fd8402a7fc9771a602bf29d51c6ff04e27551892d1bbb4faefbbab516faf79aad4037b2362b8c09d6e62c5fca6c38b7afb20e850a9445fb96be96cf59343f

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 0d14871f7ca7165f34dd157d209f4457
SHA1 5594a1c0573dac85ded178e1bc745c8482179818
SHA256 9fefac70edc0adbcf255841652b50509afa904b3d66a999f3af6c17e524b20de
SHA512 ea1193feaa2f67a438477d74ac3fcb6e43bcc9444e9f4aecbd90069c9c1e343ce254c4a5db1f27d6b919321490113a29f93fff42a766cbe811dabde339719d80

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 d3309d394b5732cffd1b642b6fadb98f
SHA1 83b5f4c088357398a3fb29e78345591f781b8bab
SHA256 3af6660fdc39041c31931829a362f5a84716a9d400ee2b26fc4573aad846298a
SHA512 4b3b4aef687551cac11818f2d32c9597086f805685417abe9c845269bf5fbcd1668c05c6c52ba94e132979f9b40f3bf255c0751c592b47fa2d7bc3edd9cbcb65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55727003ef2cf8cfca4582b4833790b8
SHA1 98cec891da14d8ffc7c2464a7e91801de815e4b3
SHA256 899ae5fd1fa8511dc3513515b380163b3e4daa061b9a32ca15efd1d74ab85dc3
SHA512 87d0ebc64e7f88f6c6c23b9413dbfe240ecafad916282a6b867901080c03e960900cecd268db480002cb736e4d6e1aeb4960dafb260cfc9ceac07dcadaf4cc77

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e

MD5 0e3d96124ecfd1e2818dfd4d5f21352a
SHA1 098b1aa4b26d3c77d24dc2ffd335d2f3a7aeb5d7
SHA256 eef545efdb498b725fbabeedd5b80cec3c60357df9bc2943cfd7c8d5ae061dcc
SHA512 c02d65d901e26d0ed28600fa739f1aa42184e00b4e9919f1e4e9623fe9d07a2e2c35b0215d4f101afc1e32fc101a200ca4244eb1d9ca846065d387144451331c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 18c9a2e2fb96424531e96af64381e8e3
SHA1 683a74ac8edb9f8d32e7fe9199ab06e2a1d38323
SHA256 d15eeceb533380a7d2cbacc74a623aaf6b6bc995902df0bfe9af6abda7237c33
SHA512 8322ef4de23fb565ddc6c5643a5bae79374dc5301edff4b3dcb5f06c35785b8b9efb618a09f89fa9bbe69d78b252812cd21ec54fdebc2a891372c2b33a49d3cc

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 268ae0a8c7528812ea31efa69fd73d1d
SHA1 15ed5118751ddc653731c268552d71cf389df7b2
SHA256 a58be55ead8fbb95aff15c45ecb35f208004fe3b2aca59c6c501c86c919539b7
SHA512 8e0e737cb234a2d02ad1af5230d0649edc379f821bf0a9cd7b2aa16a24911b3c0ed286a675d38fa3b42c16de1637f4b05ec606fe377343dbd438f8fd39cea9cb

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 9459c3f0c0ce6a712eb8110e5c638d7a
SHA1 7af05a530decab9e7250aaa6701c64514dd2d53c
SHA256 888b99ca7d2fd7b07f662041c00aaa206c099559c718eb8ab6d44ce936130c3f
SHA512 1e6de13857114066d1c53577afbdb3b219c6e7452ee179afc739ea5d006df0eef389f73a71ae088a558bced929a0ae88561fe65808bdf50478a55dff9a1e7f84

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 de0630628e0ec52738785a8620d35bda
SHA1 84bc0cab8142fd845eb9abaae1cc798832db07ce
SHA256 090ff3a37991e1b28ee2ba1e45a9a88638e0673b7d9acdf05a70deee0fafd61a
SHA512 e6db373547b69a179bcacf58eb2c095aef123ef0ccd9187a59867cac01153b2b16748f131572dcf8c5aaf8e737e4733dfff0fdaa192fa38dce5e7d1ea469a382

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 645122589bbdd9cc4485a272f1e13aaf
SHA1 537910e59f0465ec0eb9a33c3684a0949f2d3ef3
SHA256 cc5472777c0ff58c10eff1d0e9527ed24bcaa51713d7cb57ed43bf639193cfcd
SHA512 b617ec49bbe525eb4623a762bdcbd6d41e9f2cf599bc6857b073f569d329d7eec986447f24c48e4a94d0722bfe7489773b0d67a546816343e6950bf7758bce10

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 e6521f44d25de0aa8ceab0adef0c6c98
SHA1 aa9d12ed42d095c6b6c7bb516f3eb5874494d309
SHA256 e977931ce46974e116b13514d844ca002833a87023388a2ed070fc3ce0d541ef
SHA512 5469c4d74ac5d5d52271944c723c010540a86b55ea68ad37533f7fc974287da787b76526fefb1ff0418d8ec7890fb33203a0127ac98720f83615a4e6f97c1d93

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 afa39caedafdf49d43dc297b3341c752
SHA1 23bdd86dd81fa7b89eb727c4fcb20837626fa085
SHA256 ac96f3d6ddb3b50582d3e3b82df64a33c878fda75615900ac10048a1445eafb0
SHA512 325918d4f8561d11936f8c104b285ae0503dd696336962777e623b12b0c6c9fab2e492d656a920a57f2eb0694db448d48ee80e5bb27f88d788452af0478832a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f347d93d3fcbf2281758e12be3b5f067
SHA1 f1957a2aa80dae7ac3cbbcae0a8fd640e4809903
SHA256 225f16a463949c44a228f84cece7833838509336f9d2fdd0e62eadda8660ee66
SHA512 0b92cc9f3017735c22331774d44bc602d5cfbf3093a45ba1b06d75a84689a11d951c08cd34418a39282823fe5cc396648779f55c6ddc01d5529b3e9e46c118ed

C:\Users\Admin\AppData\Local\Temp\Tmp5FE6.tmp

MD5 a0748bcf69ad95b84bafe3992013b4e2
SHA1 d2849c2ef107c41b070c3b1b21c3396591d18059
SHA256 aac59adff9b197f6707e85f4704c654fd60a97c3ed68ee3e6e693e91ed8f576c
SHA512 bbc5460d8eed26488763ac5c564fc38ab83ac94631767282d3db727451fb7736d805fe4c21113cead5b723c915dbbc23151672442e186ced06af0f78d8da5dd1

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 08151f7d35af5e1fec822e437ecfe7bc
SHA1 49b592878d1a4deb2ceb978f368158d76eb73942
SHA256 570276763845671de3b37244a808d31649011ffd5a030432ea1bb9450c0f06d9
SHA512 b790876f3e483b15a83f724698e5237e125b95e216d190febed9708692920561d07f7d7007518d0525c81d23ac34ad860fe131e9800de3b2c3fa37b56495543f

C:\Users\Admin\AppData\Local\Temp\Tmp63B0.tmp

MD5 c45acfeba919eb4b31fac76a8bde8660
SHA1 0d761db561d186704dad45eba83305f1fadd092e
SHA256 1b591a3232a16f394ba15ad5cf847b04ce94d60eb2c053dc50c0c544d8bbbd42
SHA512 b844ae974fcfa7a1a87cb32aa9554b33ad09abdb0328ae241966be6b19677517380f6cf818697b3e70bb7a259ec6e0da37fc4dde6effb59cec0085a5bc215f74

C:\Users\Admin\AppData\Local\Temp\Tmp68D8.tmp

MD5 77d52ba4dfa7c0db55f2d6493503c923
SHA1 843bbd5e823e3063f856351746868495ebd08181
SHA256 23a18681a4a277b9bdc2af37033c7783497a224baf9209ef2309fbd52cf6f053
SHA512 4554c2a376e7d72348e4bcaf331781fe11b052e55fefbff972c21c69080cf152fca805e25424b56ffb21dce8b61073dc7bc38e7dc71c63d4aa669313c2ee8841

C:\Program Files (x86)\Xvirus Anti-Malware\logs\updatelog27-10-2024-9-34-35.txt

MD5 e5c24d93ef66dd3bb805618dceb477a3
SHA1 f13ff17d8931cabf8070c12f203d182b0dd2070c
SHA256 11cc46c2be7d6e53b2c4b8cacb0be9d6582cf4505c3f5263cacdcbcca19f5232
SHA512 e3f09f5de15e1d2126bddafad74b254c970ff1bc16a03a7ae839ff387d8ba1955e3abcebff6983bfd062db1a5d0f4fe405926cf22ab6b1bc49995915518c9985

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

MD5 3b5537dce96f57098998e410b0202920
SHA1 7732b57e4e3bbc122d63f67078efa7cf5f975448
SHA256 a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88
SHA512 c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005b

MD5 9861a206357e3d6f815ad89865611ee5
SHA1 e7b21cb7c33e252040c160f22a99f91f025d89fe
SHA256 dc9312f657eb060b4c9658b536ac6ba53a4030a0aa6aef626b7929461455c7e5
SHA512 b16327d0e3293cbf17d5164cde0c0a51a535d754741d6c421ce38206ea1024118f4b075803f9b83e1af400a97096ad33b2e624a1fdb13d6341944cd16dc1c6fc

C:\Users\Admin\AppData\Local\Temp\Tmp72CF.tmp

MD5 2ddb2963f2fddb480d99bfa60c0accaf
SHA1 9d4c1cc30fe51dd85b45f65c54982feb889397d3
SHA256 d88cc84d5b1c596bc62fb44500efc9d3785d80e2080ffd1eb80b9a31b073e136
SHA512 aef63f4e574d26aad510befbaf6d5103338ca66131122cdeedc1fb75f388e1883eb748e53974d971426a16058699850d8547ea3d0601bf29578aca72ad76eb35

C:\Program Files (x86)\Xvirus Anti-Malware\logs\scanlog27-10-2024-9-36-47.txt

MD5 30d4379e3f094283e775639cd8df511e
SHA1 f37fe686ad1aa756cec8a5ab2e1177970bdb86d2
SHA256 f569a6e013b97a982a2f3a3a81f21dee461ffd733632dde1cec872178d68c4fa
SHA512 f72709ee58739653beb33061c4f50430c0cdbbaaebd652d224b75cf296d562cafdc56a1d72a12198c14f4a9ab81173bfd56dced3a86cd96b2c4959b8dcef2625

C:\Program Files (x86)\Xvirus Anti-Malware\logs\scanlog27-10-2024-9-37-08.txt

MD5 3ec74d0bd38aebcb59cd4ad07d2ea3e5
SHA1 817777d3665219b933a48e84284d315e058e8466
SHA256 b44525c6cd3efd90d1039494c141aa1297d30e8b250c1e1e554a40f060eec735
SHA512 bc80f4ec6ef51b5627f6156c1d58cc8f3ce9c0aae39de1570cb3710acccf00dba9b4c9efa28376c8f355acf9eec0d2e4c090296c96dc0cc6156073fa9429554c

C:\Users\Admin\AppData\Local\Temp\Tmp730E.tmp

MD5 9a05f50d632a171921fad690687f53ac
SHA1 691192672ae2b0b6f15ab94d715401ab783183bb
SHA256 7e23a31ad1c1d5057181e8fa1e199be87a4126fb87a7249989c86ef5eb4ffec8
SHA512 949f8ab067489c46002f38f38b86aaf31e485ef57f881643274fb95b2c5877b6ae6d9600d3908f29b1ad3bfc29768dd6172c257884baaa8c138a3a225118e4e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 febc3cc76c42f6ab4b9a046461414c2a
SHA1 fc68f5b549d2b6e5e4b50216588cb8a18265c12a
SHA256 7d3e2a785dd52221bdaaa389e81264280946e1fefa7cc6bb7d424ce8ede53ed1
SHA512 a0de00dca604056b229c876a03adf26433b3cd72ea18e6a815e76030719ed90dcb42fb9118de9fd73b1c6fe032a6a6b2c72b53ae426c76a7ee3b2cc57c6090b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 504d15333ac58f69efa1685ae617fc68
SHA1 7e006ef594533ddc58eb8b6560b8537eb0d3af6f
SHA256 967f3fbb4b7265258537ca29223bf83f89a264910644044e9584565b01c4cf2c
SHA512 17ebe5853fa84709d7a7047734b9e23e9cabfd16a2efd4deb43be7669a47516bfbbeb3609daf4ea0abba3592d48542e8109bcdfbec9e40f43e626bebabf0a2c5

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\84KCLP1T\p[1].gif

MD5 d89746888da2d9510b64a9f031eaecd5
SHA1 d5fceb6532643d0d84ffe09c40c481ecdf59e15a
SHA256 ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
SHA512 d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 e1015412ef234bb2c4a9a453cbfe46dc
SHA1 34247c5f6efb4af3df9265a799d772cb3517d3fc
SHA256 2b33168ae1c7ebfda606a962a3c098931d7785bc36dc5f6611a13139f6631fc7
SHA512 dd23f18c0fc7c995abfc1f63f70fdc35b7258f62d3bc67fc358a8d7d8e1ed910d3ccd136753fada32f43f96283ed527e53f7a939a44907d810e2e00e2a8f176b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 67f32cdb7f681e7eaeb8c83ba6147ee1
SHA1 817c8f1fb4072179b9bf12c083e9101623e3c874
SHA256 cf5684c4dbda54f7761c8ebe05c65bd571e844de91c8df00d1b0b3faefc9cdc5
SHA512 e94d6884f66047dd6c0692eefaef9c6bece7672e4b9d84de93cce650fbe6b7cbcd72965d61f9635f987161119aa54ef57b2eaa087901a37d79d67294dfe1f47a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2af878ea6a19f0d6417a9e1d944e0ba2
SHA1 d3dccbb246a53470923e86340ed86f88d172ba5a
SHA256 b4863ad5dbdf6c622a8e88accd59094542db6e4d3d1a783486243b69eebaa4bc
SHA512 e3534bb23a9e6d959d5003cb2e7f558cb865f7a621bbb265091b7821914578e47b0508244adb80b34a891ec6c486933a5ec180befa357ca986c4c98fab34aabb

memory/6180-3969-0x000002DB93F40000-0x000002DB93F54000-memory.dmp

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d3ae23f97b75e8f7d754dcfe6b938539
SHA1 3f84d69773013bb2c9d7a3d12dd20e809d7cfd8e
SHA256 4d9b1fa547b9a713e199992065907ec7925b670285cf0e208d626dfe4dcd605f
SHA512 045aa5c1f7b411821aa7cddd91cb8294d0c81a2d2aaa5b7ac458cb4e386c76890a75cabe86e5c1a623565343259799b8d944627f7e6f368cdd4e23ddd9599ce1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 942005daee803d34151f99dec8f6a880
SHA1 de3818e9d71927350ea512e8f72681c49bfa403c
SHA256 2df22e6e3935621cc73f25cde1f329ed6e4c82b7d761a1af0aec9bb1e983a78b
SHA512 d9e089fd5c5d4bd48bb00265a062ce2eab036c8d82702d6c1e7d796597b40b59cae6d2f76394f685e6ec0a1832b8015dcfb29a0aa72059915fe0b0c3928ed90c

C:\Program Files (x86)\Xvirus Anti-Malware\logs\scanlog27-10-2024-9-38-28.txt

MD5 18a20c90202e8e8a7c2956a57a3e4643
SHA1 5eeaf630d3030fe8edeae1e4aebb0d4ab17b9a56
SHA256 b11b6f3ecd792c17f87931e1863d5104151e31457b0c99640df87ced7500dc08
SHA512 bd0a3e171fee609f50cd7b2c9cac8f5552e286f753e076d1d35cad4ed07e84ab166c3d70e9e77622af931ea2f8e3494565791ce85e138f97c07c2a6a7134c326

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 623fc34935cb055ca75c1f126feedaaa
SHA1 c9b4bc912271ec86b6ffda8d2b788d7c248069b9
SHA256 05d9ad78cc632992ed4add225da8e60ee6e4fbd20465144f907cea2c61faf003
SHA512 2ebbc78606199aa56efb9594a110dbd273b894370e2466f3937141151db00e48b4fbc6a3845c67aa842974d45e3982d0d4ff59e4d4e45abe0b4c8cfbcbf13674

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

MD5 565e029e01792b778bfe6a0c24f2308e
SHA1 50dcda6e9ddc819bbebc052eccd61b66fd6c3275
SHA256 ce07bd402fcec563fc16c3e7d82ecdfb4377028ab8bef16ea81b8b9ced3098cc
SHA512 b426f5dce73a721a404cbaf4cf3697ca67654aba08b93e2cf413db7121a784fd3b87ba77f659a2c2582520cfcd967b7394c35ee6a625e79f61afb28d2a1f2bec

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 d8afc348f512fcb6ececb14d7e194f8f
SHA1 3071e98779aca3d1accdcbc48105f63e6c5869d8
SHA256 ccc36474b1227b16525aa3fe4e4ce54becb7f28cf2cf62b0d55a41c22c677afc
SHA512 04aa8cf04914c429cf26870e3e731e8d6f626b262611334ae386ec414198a364a870e8ae5975ea5b633c9a1572c1388cfff3c94cd2c8d84df575a013ac268fa7

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 ca537b74614af1bc5a294ff3a96fa437
SHA1 6c793f478686fdccef0bb15e091f57651a85e8bb
SHA256 ee9706bedb03c3c355dc3945a6fee7e8a2a58f33bca975db878532e427577783
SHA512 ee1bfebda5aa261a08bac0e6b33721e4a488f9b0e2928bad08ddad724a41e9614366482c99054fd852e6ba2d4db78d9b17624c2b353203f9281cce5701feaa1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 193a00ae00e5ced58f57c2b9b44403ed
SHA1 b8355bea682fdcdd70e4dd5bc616e4f894b1538e
SHA256 a456216dd90091cb604774b6fa6303b87b3a2764cfe9e3a2957b8a5346e746e3
SHA512 4df40f2969fc5a855d2a2f58f3f4648412391ee1e1e9954b7af3b28c78e5acf4ef193eb587eba736f400c7cc6dfc3c170677e108e3e3a86ec4e8abba57b9748b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 4135a6e8632fdf46f16f4e5c9b2f3781
SHA1 9b51723257f5bed0058cdd33f8909e9d1966ba4b
SHA256 de8c17a33e1042125d191d3e6967e5988aaad1da36ea42b88267751e56ad40ad
SHA512 794b27cc2f033ce6036788037da37a21a3d7682d8c58971f81c71a71401149082ef860662ed3295a1e42bca7749bd4cc015d0cf897cd838f3daf2c85d06101b7

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 6c3f38f6a5145a197465b93014914fdc
SHA1 7be3159a48202ee9f0e71c334ed54a5521b7e1cd
SHA256 3bdbc9b879c34c0553174444d10220574382249bd4821b82ebdd76a08498d809
SHA512 989f52770207eda9d7944483cc48760cb1d630a8d5cd531fcc0d2211057ae2bdb3e22f0013801be3a4d5c90a6e8c2e59d131754171bc121fcdcd71a1dc14849b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 7f3701cda9559554408216a33f5c0b26
SHA1 0726a9c436e3b4f5a04c1c74f6082197c85fa98d
SHA256 dd0751bc5e5b3d11e91785e7e292461aa0c9c4657a6a97b3976d5bc9e57b308a
SHA512 d26cb4b377815267d1a05a9379ed26d9dcbd9304718698ea7b3aef140de5f09c1282096df1c073cd760e457ab7e052d103b1cb3d04a7d3c2c4672a846147f9d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 331a339d0bbadc9cd5d0694c865a2d1c
SHA1 6b660d777d8586377a000d22b9effcdcd791e0d3
SHA256 1916980020b3b587a1a78721c936567fdcc05607f0640472d9da07df6e596b75
SHA512 d937241090c4afb023a86c9ac89503fa40f936ef9707a2f0c38553c4579e63930819549a7bf65930e45a71881ade988d8a4471945195192fc60a2be7916713dd

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 e1215afa5609a58a784680c3f81c7a7c
SHA1 55d6df8bb4481451f08b92aa6eb627a42cf7d8fb
SHA256 3a2009a0caff7790a81895f29853047dacdfec077c2e451c7082594f953ae4a7
SHA512 57527e66300622adf5c5d99fa6a50c947d977c590b0fba32d39b89b15ccc1db26272ce555dea02c186288322eb9ac6bb8be5e74c3a0227d08d947ee19bc69826

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 61d3bd90872ebe5ab50e49face821db2
SHA1 4445e74e29b19d2c9620993d651c54eabe979a4c
SHA256 6713ec871bada86cde6f522da9c8a14aef3bd800170307f28c97734e1617b5dd
SHA512 c45c99023138907c0db285340a4fd93a0be39050d829ad2648bcfbc1fdad0d73fdcb469c83263ccd8ed765755abdb71d44b98438fb3e85b6bc76ebc11f24cb47

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6c8601e68dc9db3f6f01e2ff87224a5b
SHA1 aa1a2af4b02da638be16c7f9b69bbfb160040c78
SHA256 9e95c0a16f7bdeaea0fe356f05964b5aae83e5054b8664301d1ba5283b406877
SHA512 7719158be7e6a7a849557c1c517ad1d3c162f4785a72dad82caed3643ee6d428770bb59f91c054870a2eee5139ee378308e81adb5249a4a2738698591ccb76b3

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 3800cd48cf8432a9a302c420f1223d6b
SHA1 8216b7c58a6aa52ccc4940d7c311b5717bb03cfb
SHA256 0093f126acfb73c672d5a153d9f56e923600e69f3a2bcc14d1096fe5cee7ba6c
SHA512 f9ab638f8e252ab07e33b0c4ac364530336d88d41b9a8695f4ffb756fcb0c4e30efa3d32472aaee08e4b2a6b50d707bcfab8ef3f58f03051fb92bac13f5523e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dfaedf0b250a6c09a63f633e694dec12
SHA1 333bf67848c00563cf557ba635d3d1d98fb3ed75
SHA256 1126d6f8f6fc6c53c72b03b84155830a9efd9211abbfb417a5c59dc8cf652778
SHA512 4804f0205014d9b868a1a8440961f65eaa47a590bc978f0687a6beb4733d84d358f21dd39e2bca394ffcc33c8ca95f709efc4145ec0a1ffce72305f13dc20f61

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 f4669fa398182fdd8315a6dff7b93aa4
SHA1 e8ced600cf7acf13d701a5e1883a721df5f6519d
SHA256 d71420dbc3d2f0f4252d70194deb99a6c6ec7a0c3e93a3580efb078d93bf4380
SHA512 cb763bf32a3c8edb64054772a73e7454967d9178414ec9c78aebee32c829d26f0359070d80749aafe369d3396c7654554a00f6aedcd31e01cecafac02fe041d0

C:\Program Files (x86)\Xvirus Anti-Malware\logs\scanlog27-10-2024-9-39-34.txt

MD5 bfb8de676737b04c565d0b4d7f69ce67
SHA1 282d8442f135c5813afece71e6e2aec2ee660c6d
SHA256 64a9fcae05c792b2402c84daa9d9944726dc62daeccbf7c67e96c647659360b1
SHA512 f62fd609fddfaf6ab36bb84e13554b7665158698cc2b3e4638c22a22e73106982c08694d9ba1b420fe4fafd9f31a2ad50154b6a58d5086668e2b2c2ff356dab8

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 4c4acf4588d0cd9c020f2cb8d518109e
SHA1 efbc90da8786b39d1a05feedf233cdc03ed0da4e
SHA256 9f5230198e3477a4cf4cae4f2be76c14a5e082087bb1d6bfd1eb8d44156ebf68
SHA512 ad8a29ad52b3fd096e14718d15cbd05ba1e884815cbae15dbfe7913a4dced74bd6c2f8eacc8db618661000c9d6908e4e6239f7eade350f9c364585f431f67abb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6a9ffdaa1fead215908705054271429
SHA1 a9a28a8ac4c468bb2fe71ed21273348be6b42707
SHA256 f4b908ccb20b5b99e21522ce4c8693197ed058c51d5828d1b770fe9009d7dc01
SHA512 25b50bbb708f3a2baf391d2ca650812b574a74ec06fa3f647df4578867f631a7778305468e110e0267c5c67a3dd564495ef9f2c2d562ff81711b4d8f3b2c93d4

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 9d820874241ac34375900f27630b6339
SHA1 7e693453923ac65b03a873972808e500e7edfc74
SHA256 31de481dd8ac4f84306f5e7b2b36d64e639e063ca3b564db2c5a7fa77771887b
SHA512 a45ac940b28f8569f87049d8371f46f791d39808b5e7f972a5783bf2d101c8c3afdea0c6af536e0fdeb72b07a9ac0799cabce87a9e52651319a4ef694fb29703

C:\Program Files (x86)\Xvirus Anti-Malware\logs\scanlog27-10-2024-9-39-48.txt

MD5 3a6917bbc408a83e0f8d7db832f93b4a
SHA1 a0aa38140c5d3235cd9dbfa209ee91f1f375fbd5
SHA256 76e484b009bdf415be25ae1ebda37d52c5f8f7f0fa71f2513f3887cf04688800
SHA512 49f067afa44be35478ead4ea5d855dc042a4841909eef37ee07bbe6c8d94f72fff03b0354da69503cfd4a0864773dfa52437ce212343fbe66bc5f6cdfedb2fe3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6853cad3ead2ce5293f0dfee13e1ae3
SHA1 b53ecad64c39bea41b94dd8f8a8922a38386adcd
SHA256 f48d8f5aab534ee8cc4cbf90e2ab1bfde084c990b1e2dc5c3838f3ad9d66d17f
SHA512 bc4af876149e1f35ef76ca8a3987eef5f4721a91c9393386019636cd2ba23de2f332fdeebe36a7001e77b7734f8b5e3291904d5d73134f6fe3a023732805919f

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 531c2250a0d5c88166f47ed7ff3fc282
SHA1 e3bc28b7dbdd4a47f91336bd9ee4ea2c46df47b2
SHA256 9f4a03db582bc8c1706272d7e2275f8c13fa9945a859921a9eeed000af86860e
SHA512 4539e3e94747629d4907c112239551cd47c8ee7e32c8ed2ef8d9f12b31acb4c4c063edea552cdd184990599a7339003ccb39d4a76881546875be08a2fb9531a6

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 de95be9f59def9266f8b9165ff01c129
SHA1 f30292e86f15bd1c0510bd84d01640153ab29771
SHA256 bde421dcf8ef03484361bfba48026fbbda070b16fa1ede8292324596ec0ed5f7
SHA512 c0e5fbb66cbc5a5f6798deea4d0e5e8cba0042f517958884f63b65f8e592215681b10e796fda60e1d5b14abf8bf07e9b02b23031022f47dcf1ed30c6f0d9d61f

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 0c9b34e6f2368ff793c5e2233ad726a8
SHA1 ca6ae7d461fd40b1e6b2f732db786b0121819d00
SHA256 883a99c02dc1e1d39e8526009cafc11424ead4d4cca6ecc697a9309cf53a967f
SHA512 a40fd66468e469c823c876373c11fc1ee0538bd5de74818c710fe9697e38ab576187fd00b8483ef7da79930278f6d1d44730f7b69d5d2f0008b6c3aa5efcd05a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 e4886d6d16957c1826d52d4c1c126f07
SHA1 c8fdd319c64ee21937c31279d035a6f6bdadcb1d
SHA256 860255664529c0a756dff16f52341f47917351a7e634adc6ab3f09f030ca6bba
SHA512 77ede68b64f0d0087f0c021bb3e375f3b6c62d1e1d6f7b42d0bd9f136c602a3577fb5e60974ba109525e1844ebdc0c7defb8780cb98f3d83e04308d66186bcdd

C:\MsContainerwinHost\XbzxyZcOnpQflcdDpiS9CmpLat40p7m47ZcP1aBzUSB3men3gAnTOw07Azp.vbe

MD5 3c50898e9195eb3c1d7c8cea93468019
SHA1 3b962be0c805f2f2a09c5c1794964c8159429bc4
SHA256 10b09e9cc88f3bd4235046dbf39868d6f7a04fedd84da0d2fafea869dcbba32f
SHA512 d6b15f2f9ba5bcdbefc9089eb3af061be7ccaaefd63ffc452aa394bafd9084d8bcef3c758284fbb4ca44d64a824ff35c74338e4aa366854b6f33e51055d27a1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 916fe001c81b733acaae8b92fea0af03
SHA1 84e3b837de309b5e4faf3ba38062e4cde4aa9f6c
SHA256 74aca4ebb3660981a80a03bd3d1ac0fefc53c24b4a538c195b0ce7a8184096bb
SHA512 7cc29456493b6ea9651e067991cb7a92102411de2331a2572a43a3e07cf36b90625c8ab46e5a0bb8e56054e2b2bb62d991fa6c3d8f70de9380aa0aa3c4d7217a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 e247c3c081d419d033a4f895ca1e2bea
SHA1 244b8f3858d3d8d0d677c9e44828e94357cb8094
SHA256 3a2b49ec9abe2a2d547ad9a195fd3891a32f593eb4e870b34efe34585883beb6
SHA512 a88733c75adb62a7e1dc756d81b077ac924b7aea084cbb60b802bc72b7e45b3758968ae2f43fa3bafd55f9562657a2413c037fa296b50d99e97b34c9187ef2ff

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 39fadfb9fa6e69895ea07bb66173fbd8
SHA1 cddaa7e6fd3a8c299bd03f2ef224a9e63a6d697e
SHA256 62cbe8123fe3c08185d7338ff1575e4bf1993ab5fc01c38403166e736da1e0dc
SHA512 7bc2c403acd8a6108b75fa2dedac82e8cb8b5343707a7be1812156f936e61cb6895100ed319502d4ab81a45dfd05daa84efb1cc7f77d61ec986775aed99ea757

memory/7292-4266-0x00000000007A0000-0x00000000009EE000-memory.dmp

memory/7292-4268-0x0000000002A60000-0x0000000002A6E000-memory.dmp

memory/7292-4270-0x0000000002C20000-0x0000000002C3C000-memory.dmp

memory/7292-4271-0x000000001B880000-0x000000001B8D0000-memory.dmp

memory/7292-4273-0x0000000002C00000-0x0000000002C10000-memory.dmp

memory/7292-4275-0x000000001B850000-0x000000001B868000-memory.dmp

memory/7292-4277-0x0000000002C10000-0x0000000002C1E000-memory.dmp

memory/7292-4279-0x000000001B830000-0x000000001B83C000-memory.dmp

memory/7292-4281-0x000000001B840000-0x000000001B850000-memory.dmp

memory/7292-4283-0x000000001B8F0000-0x000000001B906000-memory.dmp

memory/7292-4285-0x000000001B910000-0x000000001B922000-memory.dmp

memory/7292-4286-0x000000001BE60000-0x000000001C388000-memory.dmp

memory/7292-4288-0x000000001B870000-0x000000001B87E000-memory.dmp

memory/7292-4290-0x000000001B930000-0x000000001B948000-memory.dmp

memory/7292-4292-0x000000001B8D0000-0x000000001B8DC000-memory.dmp

C:\Program Files\WindowsPowerShell\Modules\PackageManagement\cmd.exe

MD5 c1be88dd3db1295cc201b02d8a17e77f
SHA1 45ae6da495be64a0d3d39cd39147a05711b228dc
SHA256 f904ec745306831a78366b38809a00d5b90e9c950f035ee0a1d4154d34191405
SHA512 cd9a0ecefe5566f33656761d9c5d3e7b157f674f5638c0f2616941726580885f2566f93dcb80b4e266aaf9b3a068beb6acd6f32d960090a776065e30d59ae757

C:\Users\Admin\AppData\Local\Temp\nsm8651.tmp\image.gif

MD5 1636218c14c357455b5c872982e2a047
SHA1 21fbd1308af7ad25352667583a8dc340b0847dbc
SHA256 9b8b6285bf65f086e08701eee04e57f2586e973a49c5a38660c9c6502a807045
SHA512 837fa6bcbe69a3728f5cb4c25c35c1d13e84b11232fc5279a91f21341892ad0e36003d86962c8ab1a056d3beeb2652c754d51d6ec7eee0e0ebfe19cd93fb5cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7973000673f32fc803423aa35d139dac
SHA1 aba927d8eb884420d0506dae8f480f6d4a35b75d
SHA256 70dbcbf2e3c270eeddd20230ecd12c2caba5367163c20f7ecc4dadb17b42ae6e
SHA512 9609ef3a1364814e34e6f1c1d8ee96b2c3de213640dbbc04b0ac96d87191cb6d5f48c6fd25ac732275a6b9a69a7aecc6acbb1ee58ec4746d508bab871679aa06

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 c30eb336cabbfca569ec23d8401b78ee
SHA1 927acbe9f4a272b372af5d166815e3e66b9244a2
SHA256 5e36f6bc0f75c3e06ff13c8e3b58b6269e5d2a40551713afdf257679bff135ce
SHA512 c8e34f745cd2186bf8f00ee467622b34c7043f0160e04cd19a7a9e1100e96229febc1e7e6710bb74a2ef8fc751aa658f067f06569aea6008b6dcaa3e0a141a6a

C:\Users\Admin\AppData\Local\Temp\Tmp9BEF.tmp

MD5 474c1ba336dc62eae0fd1536667297e5
SHA1 9d15a9243024c2218fb0765430b4c7ac853d56f0
SHA256 df9b0b8a48d43d8ac38bf4deff1ef18efa987c5c5f5cce67ca5fbaf22ebfe602
SHA512 a1bf85fddc5853717ce86c1156cd04aa102bbe7562017f37b4a6ade3a7c5034c5d3411d222b5d42770b6a32a4c4c06c981800aefa6b5d11cae062ed22c957a86

C:\Users\Admin\AppData\Local\Temp\Tmp9C0F.tmp

MD5 91888f811cc907d3435b09196f19e5eb
SHA1 6c3dbfeccf179c4bb7d051cc09a7ffbf2e6902ac
SHA256 bef477f7e232362f2560ec8810e184fe67865fbb6e9da4fc9b432563f2cec280
SHA512 866f4c616fdfc9e37fda63235c1f98db2c72721c3ded1f864858616d01c83d11946e67e40ce9050230e57b0fd5d87813eb7c32ffd4130da6539ec9cc3cd973ad

C:\Users\Admin\AppData\Local\Temp\TmpB96C.tmp

MD5 eec35ab53b52a285f7a4e348d8987bd9
SHA1 bc9c9d2fcd1ef5039e15ac5ee028be32528eb730
SHA256 5e97f38a409f531ad67de4cc285e2f7d1d5b446ad872f500c599912b13009265
SHA512 8c89b4deb8758e23606e42314dd666368e7984e66d3f237df2cff4ef3ac817bbcee379d132f39c51ca0c3beb063ccafdcef1c43f0b79a688dc09ca2647f806f7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d79a019b90efcca336842c2e8a551bf1
SHA1 852e944370c3da05b8fcf8914aa7802fa8eb994a
SHA256 0654733288a292da43ba9616bfabd8e98e20d5f6591abda81e1e6d4e0631666d
SHA512 7f30b574a4fc190dbddf904b6e09e9a499c0e59550a93298e094d9e5d4e7ab6a544acf0be81a7b845ee256e688e7230d4ac587a7bbe530300b0201f5a097e5f8

C:\Users\Admin\AppData\Local\Temp\TmpC6CA.tmp

MD5 dd1ba69c45fc19d905e7c9d33bb16edb
SHA1 aa4df4635a2639a04192954e686622f7fe3c480a
SHA256 3e412a6f8b28d747ae3e0c308323f6eaf96c6db09928d4049139a4c66131445a
SHA512 12808dd3f6aeb09e96123670a278552984de98e58e0112e83b284a9d7464c83d9fb6c141ff6309bfcb2cf2630026421352a30a9e57a284599358b2e4fcf1472e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1027a0a3b9b986f8fa5a5cd537852537
SHA1 90f308227955b0ed8579afe3f382b2f3dd248c20
SHA256 22144d6a7049245c036851f32920e27ddcb8175eb0d909782ac0bc9796cb6638
SHA512 5c1575e1f5a1c2abab483af42cf06f8e9fa567d11e86d8271fc2c2a6e718050111a8fe12513eb42d6b145a0fa20f44c960e0e5d719d9cffe08dae84da24601f2

C:\Users\Admin\AppData\Local\Temp\TmpD60E.tmp

MD5 40e4cfc1802b8ef56abf0c9d73967e80
SHA1 2cdf6c5628c58c51d0db893e350d81f49c60f78a
SHA256 ec05615c9c5139398972d1d4e5e340a901188a525fc29411049eec081ded07f2
SHA512 9b220f1aeb8ef70fc26da022bb47a26424a4e15eacbfc1f5a256e21acf6621873dd4b07052c0abe2102ed23d21ba41a41900a9f71e18593df6f54950904c4f40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c8bb30e8100687d93d3272d3acc82cdc
SHA1 4eb090b67fb7913e1ce2a2f590b4df9412b3d028
SHA256 78e3320030a6f37d3c8930906b1bdf1427743114ac06611b55aad02c5439af89
SHA512 cf047e733a6f9d70b5b9c4694a16bb1f852e097f1968639eda8ac94dd067926fa245a4124cba6fd674e6e8bccb03329c67b861cc487e6221de1322615644e507

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7fdd7c8d869774aafbcf45ad5c9901e1
SHA1 279583897f79550bbe00202361172e95ce5ab202
SHA256 30058418677797326646b895d36e9df4ba0a626a59b569885b1a3e3cd725bc46
SHA512 da6d4df336d1d3d02767a90940dd4d9ea54e5c4ea78f7971ddd9cae99c0498bf536b981ed8df382f66660178b6b8bdd4689b7ab2d8c2b973834a3893cd61570b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 71f139dd4cf829659b75260edcb437eb
SHA1 703e32930cd68c1436786497984495d2d25acb03
SHA256 6e93fa8813a4c0c0ce1f05d636f9d654cd2387eeb7f10708a7e2e036fd155149
SHA512 0ce107f656a1b759a1c91404784181ea403fa57843b4021bce6a7eeb894b82a9f0c7aa43fa906b32faa18629319e261c5cc7786487d38dc7e2e31c8e6af667b0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 8fd48db6d8aea883f0ad0554be8cc462
SHA1 ba6f8a7a21cf79ed7c455b65f9a12f0975492123
SHA256 d2a82172e5c4fcde2109204f293d653f91639fcf952930882a2a899a26fe90fe
SHA512 6663593e8e0526928c759bef0ae0f13bcd70fac7b03eb27a6dde57a6f37f59b3a3d43de2ebd9416e1aa9e4ab2877dc7ef172566d7dc3eb17692c3c4c124fc277

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9b7c6971e197c3320253f581ded50b5
SHA1 44fc2c34b80c07c2f6a63b11ab5851a44968819f
SHA256 feb2b5d6915682e3a76e6f0522e63ac8054418d9cf129048aa463a2dbdf7a807
SHA512 58223596876a5ac11f8f4b597ed0e71eba7870b444049e4bb9be5ab9217fb4e94d5a6e3abb1896e08c5072b4e269aa1030761b98679f26aefbea2ea7e9aee3f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f8f7dbc5bcafd0ecc91556e856f4ae56
SHA1 a31b9315db8e7d0c512d25dd1f47b4ea2dd32c96
SHA256 021b7dbe19af1075316af3c7579fbbcc175c06383931d556a06a97e13aa9b2b3
SHA512 db40e58e13687ebf6b1d275f852fcd5abb8fd8c5b1a2431e560441ac361860119c83321c6a03d9ef2913741ed7a18a6a783e5def9f8d431a07c94acc0638e71b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e3608c11410dccbfb61ddbc32391e199
SHA1 e3f12017352b456fdfe1a3be0f4e3bccbfd04d46
SHA256 22294b0d0d62c7fd043c06152c784601898311fcf745afbefc5e7311da3f4ef0
SHA512 35c4385f237d1f8843143efe421270c7bd8f4520b6121ce8a53fd6ab653fb354d6cec5b324fb0ba45813bc3547b61709b0ff300b6361dec1719213c06f6130f3

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 4d921d49a76434b1b136dd72ad69e624
SHA1 4030dc840bec8adb94f0a10caf9209222d05e045
SHA256 1bd1c877e59c5c0adbcf862a049575d837e1ec594b060f645a418fdb36b72218
SHA512 5689c0a28691c1dd00ac7ca2acc5443a9db5420cbb50576e6046619e728172604111cff888630cc8630ef16fbafa0f0363a9033cb1b962a442c3eac8a0550b0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 96f88676171c4a0e6e5d194699a9aaa9
SHA1 fcc8550fc1801f195dc2be24ad78e0035fd4bd2a
SHA256 b87d1c4866d29b8be1427476e36cab71534c10c2c0b919488652ce47cf518701
SHA512 2fcb17c75ab9d0152e3ca48b9c027be2f1873c9650a83f603da33f852886b175ce65f39c2635fe1ae1129eec2bc0eb681f2e048a1174d99a183aa6edf330fdb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 380133cc405660de52917f6f5df04126
SHA1 ebcb09a6c684df6d0e45e8197a11ad50ac82015d
SHA256 900246b91c5d7d40297fea0cf594067f4289822568bdaa355354d86bafd2802c
SHA512 40586151876dd1249da45fcf852216bc6aad54e6171f0e30ca3125356c83841f364fc92d6ae9e80bf26fc7828d34437c934d4841bd58962ddd4fab7682a09688

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8f263628f848d3b8de04849f07dfe9f4
SHA1 570ab44083113c909079776cf0afdeadf37db8a8
SHA256 593ec488b5c821a1cb607460ed1420e0c2eb715dd718aae9b223ac63e106cdd1
SHA512 0328baee97663599f1d4f260edf40953b5024db37ffa6825f35b076ce3883b7602f90a2be64b37353901b3ae13594266b2b3b50ce49850bd3c8d8ec38f5aea47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 60543091af6de72b48ec0c5dc7babe12
SHA1 5eba4b19a1ee218f1350ed8e74ed406493def2f3
SHA256 76b0b84b0bb345211b57ddb513b64d8f054897249e9798dbbaf59f36b3c51a51
SHA512 a04997ace5297c464eb72979ae928f5decb1ba86a2167addc17b00eb74686ca22365dff31f8fc0f0d58c1a016b03cf92039041f02d551791697e6ed8fe2a2c99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 00d8db6f9041636d050de4f9568868ec
SHA1 dbd4fcdcf64e871452410d56ecf43546ca109977
SHA256 4a6bc7452e1b778d8c69538ddc4fa0dee0a74ad3c6d4a17a44876503d3c68f41
SHA512 a589743a2ff280e8582f2124a21ce77a0df5e48f3e1319f8696e965aaffbc72f74b9a875b370742e1d957e2309f97d9c484e181aa8079c538a1fbaa55ff4ddb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe605037.TMP

MD5 56c793453969359cf13ef1c9472841ac
SHA1 8e5090dafc662a9e11792105997a8aafb16b9287
SHA256 996026d8931f71c7d775cb4a47c82498b696d54a85367ae0b7b327206cc4c4eb
SHA512 27c1d179384c24f05065c6590048a1a2c574fff8c631ff9e708fbf1a6d8e3096974d013c3a0e0c7091d5088e9b4ae929ca20021700023e9a52092458f6e040e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e75916958d2c49c30262e4fa16d9369e
SHA1 a556b1e2d3c11616319c2f63a34735ff9a634f65
SHA256 8874bd672454eb41610ca145d0df00707ff323856c423d99356df32e0fdc9728
SHA512 9a10d8909f93fb473d2eba4e6a912f132bb49d351a1168453735a364b235b4c27110227c8eb714b538ab01dde26393c983baae23d7389755a6e176a6aa44514d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bc3b41092945088e74074f85ffd245e5
SHA1 b6c472a8bb5c4d1408254efd3c017f7ff881e371
SHA256 1e85b08cefc880fe4706b3bdf5e9ff841f6eef408c168d3ef886d71ed6b1ba44
SHA512 24e5a26d9f514d902fceb297e04c2678cade649383fc96bdd33c38fecab0f2e72219e3d69d909ddd4704a9dee4af575ea23e2f2282a599704702cd3668b20732

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 a9f161b2997b95747b8229cdf1629199
SHA1 43405dcdbcd1df96c28c1e8891490d81d214ac6a
SHA256 2891dd52bad26e3f0cfd73bf1defb9d24d4493446bd12d333fb28921a2a83cef
SHA512 d53ec53a051c025cdda1a86f73e75218f4275f4e609e15683b2df3157ae8d16d112f299932911fcc83caa4f0efc164e76ec871c469810050008c4de494c5e9ea

C:\Users\Admin\AppData\Local\Temp\Tmp92EE.tmp

MD5 b8cbdde6bea6e7f73dfc8c588b1140d3
SHA1 a0625106410e4dc5f9a6e33c8cee03403eff7951
SHA256 fc33993836f87327e6daae8b03352c1b50e844199168fbbec0ce9a4c6d3e131d
SHA512 582b09a0e06f264d828b23cf95e210b5bf15f6adbb98f378a7fbc22b3339cab842e291f3374e23db9a409264d158c5c4337330118ca31ad5dc2bc4f044f12813

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 607eb1557d83d3983477aaeee8597130
SHA1 6db416ab19b66ae2126907df9acf0eb73cf54a1e
SHA256 5d811704e1ebfe84e2025d1746876dc8d2f4a2b6ffc6712da98f71ab61a2c15d
SHA512 a073a5b27fa4c3a86a8f20c796a5c5f84619adc16ab82143776aacaeb92469b0923782173fa237138a7f95870a1c5acd4856721b21de5c95d6bb985d04ed8282

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

MD5 1261a9c0327d933d36c8af80a26c7192
SHA1 97f4b1709ee5d7aa1212b43415cb6d1bd9f95d61
SHA256 b1261d63323fb433da1ebfc56e3d105e728cd6a7916fdbb78f9300afa126a377
SHA512 78735e774374c743f7aea1fba3822b3639eb9089337cf97561fac01007c1aaf88ec7dd83e4d87f79390c356cc42cf22a4559c63db7662a0ad0686bbd54600328

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 f65004a02cf10600cb77ea296e5c62cf
SHA1 9b7d284d081a2c73444b6e714bbe1b33fa9fd08e
SHA256 7ae236ebc0b1a29396b77f5e94fe8c638975e1f8cc35b73b7381d314daca5d65
SHA512 7984d0cc2f8d29b326d4898c54e0eb92a925af778d7facca131d551b7f16df9af7a3a81038f25e78d6310a72ff73cdc8b3a8c997d7f2189f7d40a517226059a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 defdd4ab4fbce345c0099baf9aed71d4
SHA1 83a4196e36c33a571e31f00dde0233959fd71200
SHA256 1a3c902bc800eac8d60d55507e7e8a937bc936200c872f1185f02c2d65fbf0f0
SHA512 211e0b619e63665818450a34149c1774e0d123bc755b9f971d187f224c001b4d90deff9704491b543de2ede11b766316176a771542519a32d34a3ef22a56cfc4

C:\Users\Admin\PCAppStore\PCAppStore.exe

MD5 4b88d8ada8d22622c30d581fc38eaa52
SHA1 0980a7b75db94035a5de1696210648acb95acede
SHA256 d4de255ae1109391e4a4a967a8ad66dfb70fcca7db47777e40815f4e7b19f2a2
SHA512 0f87422498ed3c60ed21cda492d038d10509e3b40e5e9d7614b6cb0ef903e241ad1ba9c2f67b43d9da3980990735a5e0c325002e43e0a41cb12947e2dbecf19f

C:\Users\Admin\AppData\Local\Xvirus\Xvirus_Anti-Malware.exe_Url_niksiz0hk0xusqokokwm101tv00gdthe\7.0.5.0\nqb45who.newcfg

MD5 e256f59af06742c1d395e60f7ef67f19
SHA1 ccf5650a94e4dc5687125b8880ee091a89a98bcc
SHA256 9f778791898573ca996fe8272a9a5280b8c40b35364620d4f614325cb30f356a
SHA512 02f9c9e3a3346fa2fd5a11f937b2f516201e9c7a16047bc71ad71349af505f45119be5bdb9f2fb6ab9e6f6db6e60df0f5d9a36de788a78349cfed7ec8d410705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 16dd8ac9c15a6f809349a1108088649f
SHA1 9cf9eca5aab3de24e67153f2e1a0a9da8ec1d390
SHA256 2d7959c3648e89e50c85ed7b670263819247d48729dc77b9572ed91fdfb925da
SHA512 caa41a8088f4b0f96dd056a718a26e70b16b666d5dd48aeaf9c11c98caa5801db950f6103035182ea4deb45acfd77c55403415bb6be433ac2dce5933f4b76360

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

MD5 c08a913e24c64a6b7b87f1145a0a9559
SHA1 e8844742c52d64ea6f31643fdf665abf13ab7ba6
SHA256 6b34f1fcafc996ffdc637ab0eb71b1f09daf908331aeb9ea48a582f596017be8
SHA512 c6628ff2f05f3b7d1419718062afdf034a39a096e655339acd2fa7ece2fa902a4b0c0710495e4c6f242d4c141ce604ce47efa96b009fe1e69b9e503b689b7d07

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 f2154be0365d20a7e77239e56953aebd
SHA1 031944625097806a2f2be5bc2d03aeea84e34ac1
SHA256 19bb15a9aa5c1a464da53991ee6511fad52526b038ba7720c873504394126c6b
SHA512 49ee230ee5136079a45bd486b93862581f30af03d15db0a23b226864370f78b09152e6c956bb174b2dcd516993ed8a7d4f264412fd64822b87d170d99782f7f6

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Secure Preferences

MD5 896ea97fd15812b91818b8890d06192d
SHA1 4b69c763b8538793082e3860c81b9790e7826ae0
SHA256 b159e319f98039c80b61f09ee922001f3d0330d49dc0a3d321fe1023637ca5f3
SHA512 df63f279a6c95306e0c7518e5644afb539c2a24bce4996b75afc1d077fcc2df1da6e586d167f0e13bc0e97e62f299fdb9195c40d921f7d90267649c7704416f4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7da277c593923caad22131b1c58dbe2d
SHA1 bb00cd66b6b1fa046614f118d845b1d0f64fd455
SHA256 868eefd5e7808ea6f9bc5847633582294717103bbdc18d651e8d5dd53e8d47c2
SHA512 9a27579ea66b09e88e5bc10252a561e99c78bb2b48816b01a1bfd2a80ed0da27b0d3032f586c99cef6327c36c43d1a500618545eee89f66f9019849ea18b1266

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 a7e2dcce4db467e001851fbb8b5305ac
SHA1 d8e72a59dcc1e5fd5fee1378eeaad120366fe01a
SHA256 190e5604cff896068c82d4c2be2764f4c2ba9812290c110fa8f654e9d41d0343
SHA512 4878cdacf60e1c51f1fd54fe75bfe6444ecb5730fa7a714973450e1ee7c351d98f38b285a366a7da19e289bfa0eada32916fb67c067da872c7d3e1c383fa096c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c4cef7017499c92b3decfba1f64fc20b
SHA1 00f421942249b1ba339ee57fe400538a01db90fd
SHA256 3810f086c6a1b1696c0ea0356b14cf320770741225178af26394938284eca503
SHA512 4e2472331efb35f91537cf1085be81777f5edbb5d8f60fa176add0b8b4bb6573be2e3f2cef9351cd6e5f1c441d060d51c339b6b73a85ada95e916e27ba3a8c8b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ed44c8ba65a6b6c59e6f498cdca9d6d
SHA1 2dc57ed37dab11de2bb161d6f665267aa12378ce
SHA256 28850b010a82a3d5891553268fe8b045503ef8ae2be6f64a9e25077cd45f820b
SHA512 4b5b6cc41ad5d93f0aa0417231a44dd476b2cb4f6512e31298e602ab928790b64a3682e9e26cfc9a9d819922c9386f3957e192293eace91f4c6fff9654edc556

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 6c2bf83be5afb6c5ec806a46b1f21689
SHA1 25407f081516f746816ae50acf2a493ddd4a72bd
SHA256 81802bca8f8b9e5d2abd9f6774e3c5c235b32c134fb341e244d09dc37cd982ed
SHA512 3a44b7f82cab77be7a114d649958dfc61c015abcd4c964ad6974bf80a4c022e5bde784f33ecc0e5459a85c22596d3c926cc5aa3fa2d76dd501c73b1769f2e92d

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1c9613414d229b645da5aba955a8fd2
SHA1 5ff623427fd1015e6356f072fc299f2abdf91c94
SHA256 8d783a6077cdcb4763dfd9a75007918b51e2d5a1bcb214b0ba65a88eef409534
SHA512 537ba195dc8d9e677cd91ac663e7acbdf7c8b75cfe96948c2890c3311ae07d5a58cb5d83fb9584062e6034d10bfe2a997457982d3d7423f0e1f257ad6553c9e0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6006fd79accac594492cbbba8fc3b5e2
SHA1 8983119da26d2131a6299e6e73a008adc907253d
SHA256 f5f3e00c68fd120716091cdf6bb2d631ee1a76dc145fdfab399d0062087dcc33
SHA512 1ad3f3a214590bf229055939052b6b5368e8266579d17b14eed4a04a2f784f1ef7270d01ec60203f63ef70ef9e1bb527bb729e50931c8ba20b3bffda5298b470

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 5cb161b2d563e40ffd6adfec87c01e74
SHA1 73bc97237958f70e13a96017e1c025b5851f7a41
SHA256 f5b0271e53850c56324a5025aeaab252282b9daa2eed4a5130a8553715804d99
SHA512 c0371e4c5f12b842650ef5183834e264f87849a45453dde605934b52dbf5b1b57fbf31329677570f175a29aa6e8212a5fa67c40c6303225cb94b4c4342f2f73b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 882aee5a1060257202bb202378f8724d
SHA1 196ed951e218a05c01ee7cb0798071875838f7cb
SHA256 ac2b84e815733fa9d6325526fc7a41ffab2347dbcb957c16e53b00ebadfe5e35
SHA512 32e76b6937e16c8eb4e6a318d82ffcf43cb16df327083110a68559524d9ced8d9ff6926c8849023d0b868ccbb3c87f53ffbedc59f1ab34859cd2aadfb48b7131

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ccc69051c974132d00d4c6993482302
SHA1 6f57382394054e0fc98130b4e46bd8fd85d244f5
SHA256 911e1cc5dda6946ede11d413577570d0dafbadddb36328032513299957afcc6d
SHA512 60ad2f009c2560d93a56ab934881d6416c689fbd4c78fc357b0c13463ba0c8586e6229c7dd6d76b672283b74ad039d1749312d8d6f0a5a66ad8b857ee5dc25ab

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 a2f8e53f53f00892295c3c350c77fcb9
SHA1 47d21864c6c9b2a5e59d1594dd3fb56bb127cb63
SHA256 44239591f82593ca1e0879f50758a69695587b0d4af0b493b6edce963ff773fe
SHA512 2c4d7a1ff7485005f645245c9f169d353d54321d013f553877071b8d5d344e0d2ffd14539f1b129f46fe28a9e2dc3201a12546e9d1a89dbeea870b3c652329dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 611bfe85cf37691e113cee4d161a0e01
SHA1 4e2adcb5289b0d0bd210fa1b2a2ab17ff43a326a
SHA256 cac0e0c850c7023304e69cc5edb626bffc1aad809032f11d9930d2e44ab43cad
SHA512 a1fa9c234d20fe5257102f39579e5e6cc3de4bb1504523eb8f02ad50998b5f154e89d43d44f0f3b1ee3762f7c6ef13d44e543354a07cece9b59a4fd720f6378a

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 21445a32fe74266810eaedb5e4893df9
SHA1 8b09c1514b8a3c22ae4adfb8107ff527e9912ace
SHA256 43a2eb420ed51d0f460f4c4ec4b69e48e532f77db70724b12084f50041389e98
SHA512 ea654b45da9813f543c97037b6da65f0d9c71f978bb1423c9e3090627c35d8080bad52a639c860ecb959e6a709913cc19e9d00f9aca20695881d9b32ebcf9e0c

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d123c3e1aa25d4ef0b72ceb7e2323659
SHA1 9bbea38a638f6af4d94aeb25c249d54d3d259e5b
SHA256 5507ace7fe1e62acc6aabdfc17d366d0e2560393816f49c32ee94c4d02fb828f
SHA512 f4906a0cc83316940f39d6aa6df523b97c2cf2ea553ef02ee59a7d5654ac541616444db42d8ca99d58170ff71bf3fe0652463ec933f001586bf899acb40c742d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0ea395d12ae5b55db0ecdb4854927d62
SHA1 cca73021774027941136c3eb88d9edc475dc2ec8
SHA256 e95915dbfa7b94fd14aa0122fe6216376ef3e2987643873608b4ee5a2cdc913c
SHA512 445a3b3315d4cde0d1c98665193eabb5c02719f4c73cd6851bb18a308b89e2bfed0d3490f8a7924c92a0ac045e96c2072ebf22089c0d7e3ffc3b52d85c79d0ec

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 033f4b3aa31f5d32e0fef08a81c49a44
SHA1 2bce9a38e5587b8d68990cae12fe5fbb07858b85
SHA256 de5eaf253c30494677465c3d6f2c0a98159ec36f8d0cf23dc316aecd2dd67342
SHA512 5199920769eb1a89e2a18ccee032fc0a16376d2f24db1e1d0f9e30fa5570969a1fd97092b9bbd1891854599135dc7d91ec092f1a2c2aed9fec375bbb34ac28d3

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 f4696a0247390bf08c5a57735ea84a28
SHA1 aeaaa60c38cd177b8522df7c70f5809d7eab0e82
SHA256 0dc48b799016ca39f8468952664db31d7ee4c945dbdc7afe23eed323e268d5b0
SHA512 6161ea1450e1b8a7309aba9b1668337f58ebe72d711d40aa459bd022daf967010339b9b0301295917a65c5b98205112b13c34a82e3909362da11ccda56aa2498

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d203af9f2ae80c65d2e418c032e7bcb8
SHA1 cfb6f76ed3d40c91890f4bb5325578a96fc45dc0
SHA256 39627279f77ae516c95f7044c7a88818be93d9b9c11b9aaec3eebf22f698b9c0
SHA512 91df7874f4ee4a66099740a61325f305d46fafed0153ae88e789593ac5a9da753c8668d33ff84a87c5bcd5d32e13c85e1ba15d592165a2c18c7a91267a8db958

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 73edc4ebfa88763d617446de5a723e79
SHA1 6f975f8965800f63424db15174c3d1742fb0deac
SHA256 c7c064036081c88ef2948c95761d518f75f4327b8f9098d14212f8333629e2fd
SHA512 b969e0e219e94ad23036e2d1855f59c461074cd91fcc8e7bb14ba91cbe4270d891dc3d36cece6c7d5c305c52b4c287c04eeb8b168c594480804b38a2edb40492

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 3cf03622a48f7389bb84a4a4d97e67c4
SHA1 4fe2fd524e557c0439ecaeac0682a1c074b7e181
SHA256 0d054022932dacfa9750631bbed7a9962bb0100db41b10c620f00f8a2825e957
SHA512 9b5293a99b1dd6cdf48ecdd7ebea6528266e8f2cb76f31b306047c3edf7af0b56952b6c3539eca00112c93c6b0b7acfe98b6920d7fcbe2395ddcf07126d84fe4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2851712e1b9fbb5951ddee3cc33a7801
SHA1 1beff8f7b70ad02e0a5f886eeb65ed61ce30ddec
SHA256 3cdcccab73888565d8a4b088958013ee61bad9dd51400bac6e216287454c1e5e
SHA512 0fe82b7b3d022d71063281959f7bfafd4cb3e0d89d422640616f3940401ccae1a1d3821c60aa8cf60ad3e2173d5218134af3b24290a3d59ed9e88ebf22870d01

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 e070cf66a448752799cd8a10bb89a6a0
SHA1 47fcd46ae9e279cd1c3dbd62dbab54672545652b
SHA256 e1282396db9c08243b42be835b5899c89502759472e8a0c7b4ba0135770daaa9
SHA512 8e297ab96db24064e48f5cf2254e4a329f998c9c03818e9e91ee2f79c863b5c64e7258449776902c182a036c04a43e822d1e78deba9b1f6dcd328bc163396788

C:\Program Files (x86)\Xvirus Anti-Malware\logs\scanlog27-10-2024-9-41-35.txt

MD5 90f0d19b0ce0e851cac3afceb0c9b013
SHA1 76801d798f35956887e62ec1953453ac8dcf2c2d
SHA256 0465584a86b57e62c686092bb172dd305c18cb48d22230528bf203b7b411dbbc
SHA512 ceb9ebec741e5578b7693b82a892d5d25bdef415eb19c82f80cf68056d7090cbe53219deb6b5ceb61b1dbe9e7cab70aad6a88b8f3a7e799f855f79f96ceee4aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93893673cc2fb7a3c7dd93ffcac7bfff
SHA1 31ddd9c52ffd740541ae3ed6acebbb93d88fe1d4
SHA256 2538af873c772b0ab14f7af932ad6e026b201eb79a7d16c88289d1c1ff397cbc
SHA512 1af68717a5111387e05868d060abe718f12ed9fae3f6c95bf0652f5174c3bf30b79be400a663623036e939d5460bc00cf73f06417ded80f4afbcfb3032b55585

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 0e751ffd18ba073a5352f6edcde7a5b4
SHA1 1b6fd37f82c1de3d81357ad96f17326e566dae63
SHA256 e960fc52b4752f34a4f0d1ee2869980ab6d7e1f0b617abb627639cb930b0a211
SHA512 ccf51c75a17468535a8a5f1e7f04b08ffc6a553862200c6aa4a084f67e5a8b691d1cba0adaf032f640ceb5b074c6417da31d309ef75ba3b885409cedb8986c01

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_00001c

MD5 78b151f06a4e0f5c23ee128bf779c507
SHA1 9b4eee484605fa7cd4a3fcb41ddc140354615f48
SHA256 9760d9bde7fdfeae010de3e38ee6f2851f5b0b9f1974228cf69a296fd5f2be34
SHA512 0aaed169ecf34227aef3fce5ea608b2f9471bc991c3de555aba867a209e6c71f7cd45e5458d03f80ac521abdf045642cd94c0a95d3a030cb856490b2859a21a5

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\fe9867b2-4ae0-447f-8537-42dafadc8fd2.tmp

MD5 26e1f786f29ff30d838a3bd059db9aea
SHA1 97425e347b5e4133e08c9b60c9390c64ced6b34b
SHA256 781cad3fb2f8b95a4043c59bcabd97aa5105a3eb1201e8468f1dbc19504e9a1b
SHA512 dba1f88bebed321e24c35b0c645cf55933dcb9de7ea128a5cce2867a5810e60b94e8193aa74bffd2d1fb1a0e1e6f699e83bfa437cc5c34d550441cfe205581f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 feeb36d51e74efe41fc4de80aa3a5dac
SHA1 5f6efe780055a4539ecdae4772f9adccba35817e
SHA256 e3fc23d491766368b97d778ed937c6ac288f967a138bacde728cf5a9005de23a
SHA512 2197a961247eb759bffff1bb270ad0a95e5a7b3b5439d630ac7669b8d25fa9d56ecbc5f3c00bea3acd626b557618ebdaa494fc93d561ed85c181df966b2ae477

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 aebc7b1d7c17c5cf1d39e2f2cdce8b24
SHA1 c91068a0a5e7e1489d5b774b5607037cdd05e646
SHA256 a9e3ee732116d874a168b015de6cebc278406d4eb2b38065480eb8f95d809aac
SHA512 d6efa30ed6596170439df1f3c070969e667be46318132c8c042fce7d3a6d59a374ed550371bd235e7dff3cbb1477d580a08e1e11a024cb1937a7c1217b45db9f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9849b3fc4fff8de006e2d84eec0097b
SHA1 4d7d6907547af4f7ac8d50dc1fbbe767c4dcb3f3
SHA256 5e231d4f90e1f7e561ebe99b0f0795288188e15889195ff955832c87df858eea
SHA512 bb4096057edfadd2cdff63090b87fdda70b548a5283cce61083a85eac2cffefc7934cde4742d084a32281b9dcbf3d4084ac6ff516acf2020cc3bf988e6eb2f4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 baa4a29f45cbe1ad55d5564a7bae6858
SHA1 c3eacc935c56c2f89fbc4dd259475d0302a6e60c
SHA256 d279257caa025c8f75cf7c9edbc4c4882d0f3fefb22faa5dd4f2d9eaa560ca8d
SHA512 2d305a44d4695f271b23c454f7e865c0b1e828a7d74628cd46eedb66cc3d75f3d6072df9fb3556c58cdca4665e0a0f6bbb0a0778dc8a17ac2e0690e6eef0dc30

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\8870024c-9512-4de5-8da6-6a6732b982fd.tmp

MD5 678282da30e4ab79b4fe2d740e873e52
SHA1 8124c25427f6123977336e3e82968c460cbe3be8
SHA256 2dadfa146d8acb0e6ea01edbc26cabea512818af228a3734860b3209fc2be22b
SHA512 5ebdf6bf557fafb8fe1a89913d1c08f3ca25d20908327a0c282a1d329e360bf6979fb3be7d052ce973a7fdac8dd5dc138819fc84abf9618e667d607b3a5c80cd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1191bbfe2067e0d6943bcc2a130fbf14
SHA1 4bb74c125f2d5c34e6cef356b2d744d0f177e235
SHA256 19cccfc208079fa2e9f864842f18dcc012b2a56fb83b4fd5363e9662163f014e
SHA512 f7a51011be152e45434415bd53cd126a9fa86afd4adff5ede3366d6bb1cff37ee10c36eb02ab223b6e1c18c582c40f17746a999a8ccb514c4fc0af80c45d07c9

C:\Users\Admin\Downloads\12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f.exe

MD5 93adc545175abec10a0925cce209db34
SHA1 dbbca20193db5576e2327fe306f37b154c443e74
SHA256 12137b32413d31781f51a13c09bd541efe0f27f270108d247099434df1d3b37f
SHA512 84e0c90d2f5c7477f0932047b3757108a4b1beabc67391878ea73f401fdb3d25cb8a64a00640773567dfcdbb7cee08c07c57afb36b210e4e58bbf1c2d5b0a483

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 18b9ffe832b70d26f421ded35f2c65af
SHA1 bffd333f904ece7735f59f99b4e9fc63759b08a0
SHA256 b0f02020b561cddfbd8db52a7424a6823273213158a6d7645b5dc2d148af006e
SHA512 b25250e8d41b68b3b5eff3de1f72702754e192230247bbd0cbb711cd662fa0d8733eea7185c44e45c1a3bb91de8bf591f2e60e70c9e9fdf7e7037cc97e5662fe

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fae2e2974942340eb23d0ac757e859e7
SHA1 1c740b241c7516a6debcaf57f4eeed87de834ca7
SHA256 71babe2dbd5bd5b1bcc0940909674111112ab8781a38f40681d489abd8b32613
SHA512 2c9b2a207d91f2f8bb9dbb4fdfe7b8554daf6446ba01f3066a36ba87f37f61629d72311d4905bc86882e0cc31e41e293b43a229fe653094beba8d25fcc788fa9

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 45a778378a8fb4726de712e973ceb8ae
SHA1 7a6c880d1cde7fdc303e074395badbd2274786c6
SHA256 de13cbfbdd493b1d1fc00a85245c24d46ffa9c7d194aff9efd262dc2f4c89de5
SHA512 713abb79239bfd68db0fad9c3f409f2054a1014b3330c7d27eb00f2d15817d6771d43050d4cf341c2d1747dc23e7fd2ca36974c3ce35e4f124cf8c0231ebcdda

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 056c906932e6af7654d546bb544494ca
SHA1 a29660370811b72422a92d33ef82dc0c9355cce7
SHA256 893ad231a874f00b89f0e14cbc6e9d8fb4411a9d9e31b7bc119c3a7558b72f1f
SHA512 c647280872cb78bb7a287676d7f9ba09df1328aad0297a8b5fcc04d86043364e95127b605a79608ded47794d4d507b669102109a867f1aea9361a3d54778d1ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dcbb864946cc4af13024cb25c56cc49d
SHA1 9e0b3e1ae7acfd7541c594a510d7bed2c4adefef
SHA256 40348ed89d0391899514d1248fb6b484f78a6f6f753fc4a3e03502fcaaf5775d
SHA512 77e1463b882690b73da6e3411ea5af097b7b514d939812868c0c0bf6fae24498c72c8dc14e4108803adafcaf05cb7ce1456baaa10a4e90fa1ddc06ac5e460bd8

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d6df25b7d32682bb939d1cfd66bff763
SHA1 68e63b59e594023793a02c0ecfddf26e3caf5b7e
SHA256 a12c43c7ddf1982af38f979dacbeed394eb1fd12b958fcd1104b2ab1c7fe9fd5
SHA512 0297c3f9c805297f3da4537b86c5798aca80f45b249b2f12332ac720807da95b74f6bf12b13b68b0227a4b4407753175491d1205c1bf49c6181a9e2826849fad

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

MD5 1f98563458c87cb8984d83cee35e28a4
SHA1 e483e0657233ddd2f84401dd82d4f26683d730c4
SHA256 b9f8da44cc1cf2ad9cba4b13a88f6ffba07b6484b772fdf24369eaf139f7c199
SHA512 0011a9489108d69455f28fbf6f5c7ce0c11d5ccc986fca5a903a5524b67d5f2d6201dc2129664b5ea2cf81b66c27b8ec9cd1e9fdadb627e87b9b999bf757f606

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 305130738203fb0edc1f99220d4ef29e
SHA1 97a95b891183d84289ebef5d534d9c6470d7bf8f
SHA256 71bd5efe7f1b8d9155ca8801e5ea216538c9a0a82122e37f190984cf60cd8eac
SHA512 f6420e9a6d9485a3680676373e21e3a33eb28248ac90cd99aaeb0c820efd95ecf9caac6090545172c761ce1c22bff7ae79577863118d41bc76c8a53b5954024e

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 abb36ca861c7d64c70846e38dfee5695
SHA1 213e92443d6ebac0c94e5c69f5380839ccf77cf1
SHA256 e99a62657f1c6b5b18631c70bd020f9af8c1ff806124b4a8cba325ccb13729df
SHA512 74a66c9bc26b3e301076d966cedc62499fff4a9f3c4743798f469f087eda7c2a034fccaef9f9625be344c1ce7ee1bd294669ab5cc906e0a28afcefa57e98b6e4

C:\Program Files (x86)\Xvirus Anti-Malware\logs\scanlog27-10-2024-9-44-35.txt

MD5 49b9aebf0fd37d941576ba3afaa63636
SHA1 d918494d5e0ca4945c778a7ca73b5b05fe22c3c1
SHA256 b4632174963462dc6294fe0af92430dd9d754ff75c25f73a0a46848385dbb338
SHA512 c2f8a24f14679a293ab3dab52fd22a873f0bd5c27c2fb102e654c70f2b63390f41c6c1b4519a0d7c8d9bd6faa7902d5fa0de84a0e3b00c2110a3b0a06fefed76

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 b114f7b91bda5b13fe5c207133620b98
SHA1 67f9c8c9c9adb3a633282be90acfe86771b9f812
SHA256 23b83d5aa8f653b232605db1005dc8d9063cc5b1170bf60784ab3a513e435c04
SHA512 9a10042f1087b9537ccce75b32e0dfeddac51d91360e24ed2b6bfdd42d06d519b71358f33ea1f2c981542da230a6032e62721fe2227f88422a9da685c73d14ab

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 6572f72acfb7eb4223b3c82324cfec96
SHA1 93fba4aaaad9936ecf7b0d76764f72ed59294a0e
SHA256 4f7db223ec51d43ed169175740c92ed4db9c8c84054fb4de22871b15ec31d4c7
SHA512 1765d645177693e4d162b115f31b7ee3e3dd52f0f6b5f5ff191ca27846b618d34860dc0032cf32f72af52f0a12b4fd562426357ec8f2437d5d09a214566cbb31

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4aee741df480e485997b92a23b89a77e
SHA1 3ab2904296ed5294c801899e5fef5a0c9b0b8368
SHA256 027320b7d2b82cf6f47a9a34625bd171f2bb32ffb198d1b6f62a8ec5b85ab26c
SHA512 ebe8c5612467649ecbbfb5a955a5f7f1e46a9948888e116441e8d89c5c8d646c11ba847465aa24d3eeda3839506fd74f9ddea2d7f7870c872bd050b7a91ab170

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 885b928244e802195e5052037696b066
SHA1 7d19552c2c46139dc06d26aa3ecef4d333e8d502
SHA256 6da5a4896d44fc47e04c80d5fa07bb4c6e873f324b3c4e465ae87ae9814f516a
SHA512 019421690ffd20e25ec4226bf8c381f18dcf092c93c697e9f2ddaa9f0447114d492502e496b047ad7056b1360560b08874c67345794ff9a1d2e3cd868db38533

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d229723d29ce73d5be73e26e849e45c1
SHA1 172c165eeaf04dd9de957418703e50d1d10e3095
SHA256 f7794f9b5d34c559cde26684fa7da6d0c8a13e2d5d63ce3c9f4fea5ea0a5d9de
SHA512 7fb0a2c5384c11874fd928aa453f1781887207c2e8bba1b127b0f947b12a865777774c98adaedb15d6a4768e2def50de0c31c57c9d7fd20b1d6d8ae0693b7813

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 47654108fccef568646727c99a53f452
SHA1 02c32e689deb6ac0143645cdd5a8dec50e0f3dc2
SHA256 7594f79abe9de8bb7f139a1652355b80768fcd3ee367c8c15a9e1942f3722530
SHA512 f4ab0e0a1f92adc70961531d47d4f5f29a78d601d7569e38b12bd50baad864d24b86b11367a96f8e203df47c6c10d4f091757949de4c3a206cbfc36866946ba9

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 7e6b5737de6848dc7d63184a33e416f4
SHA1 37b1bfc5eca43a32e65427320c153db843fcf273
SHA256 ea5cf98b703c3a520e49846ce9a3c86c4740d29ec9f0c9bd194797d014546c2f
SHA512 134938aaf168b51a31746a6eb9b61d24e304d88ea80c75c54cd73d37d7246a2fc66c01bbeed40222de060aa55dd8c181b6fb13b2f65697c119ea16715abbfd2b

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 e843098af3e1a64dddf050a17ed5c6a7
SHA1 cd57c013d0fc3dbe3c4f5dd755c9e2bf828070d3
SHA256 cfb706e48e456bf45b8bd9c674ae236c2690c42614a299ab39bca3212a110200
SHA512 2a331a325b96f92c5e7ceaefa6cc9fae1f31695b6e8aee63cb1f3aeaa0bda90fe0dc0bf18141f1f7a35b63a78fecfcfe294233905799d48dc252b987fdfcc08b

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 f19ee9be0e1eb252abe9472e2b180c1e
SHA1 e9ed6d78e969fad116ed269299c4488c4cb9da2d
SHA256 348c1cf4e940ce31178f35ad9124f0ccbcae5ba8ad518f68c2f609d7583c3701
SHA512 47593872cf3cf402035e5135501df2e65219e62d75b460f6dce95a8c118b20259ac2f067928c17ca6339f038f56d3d150921505c03c52b0c702340948354dcdf

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 199bb97429d83e0fe09e6c027aa2906e
SHA1 d111bdd05f2cd5ea15f1de9112fbc8e4bf17a421
SHA256 158fa797aba126e8817f186607b373362a6fbbb1f97bbcd25fd58f9cb717c17c
SHA512 e2deb891981477436bd11b2e05386d44ffc529583075fa2a7dfd957022b2817573b2eaf469a215078fe4d85c8c9608ccb4e69a8378cc9efdfec6c64dce5cb611

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 240ec49b47bfc013d699f29ec9a751e2
SHA1 90783a18c95cea4695dfa3c39d1e13fc5c63a95b
SHA256 e871caf4b0d7eeacf6175de424400b72ee5147e28a072d9e7f2128877762a187
SHA512 2e3fec0709c770a267a397ac5b53f78c441394fd78314e86c9b27b1db2933d25f6527d73306ada9cdb9d47b15c723e491f5a9adab632fafbe23777b0f61446bc

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 cf80f69ce7ffe40868468c704b39cd32
SHA1 67d3deb001d75de36ac0b504d38df2751822b508
SHA256 661770e58b3a0af5cd43608efa918a455e2c94da713fa610726862e0a62697ec
SHA512 8f5b968748c4eb4ca1b37e9a69fb6bd2d963ccda5f1a1b2d93df1ab90b4c327d0d5a71b99e37491f8fcd4f4ce04eaa1dd1430d9342b3ad292e73884176c5bc48

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8b6551ab49a93ea350d3e3226966f2ea
SHA1 c9fec7d60571abc19366a8a47673099e9d35671a
SHA256 b2aa26bf915146a98e1830a551a747d20bb3aa95be287a3fe721b874f3b34359
SHA512 cb429db8527a450f2aa46cb7c3e7d5d887b8a77a633f1a96244ca263fcdb055d5c64fa2a54c7c943f4b87a3caf3793b7285d0d1f22b6905ca737da97e59ecc6e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

MD5 568e7e61523398473af556dae2918fb7
SHA1 4091b1e52408b3ab3d34683f0b442fa35e661f9c
SHA256 5a4c156e40caf101ec0a0cc726e631af8baee8c05a74c2822d16a4d9d824f541
SHA512 e58b30b6b81c7992eb7754974941b789b465e9caced2cb4fc27709c77da9eb0ec6375f1f4294ed2d3419abb7d13224dbb96bb93008ef94308670f2daa580cbb5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe647688.TMP

MD5 4ff07c6f6629be31d6621e943e245f76
SHA1 728d73641602832ccb775f8acb554287d0ebbe34
SHA256 54593a613818d373392cdce930839ace96b9f3eb1612adc8c67622509081e37a
SHA512 c035fc2e9f2298f199ab998079541fb745dafb5a2f0d7b298c1ea96bdcae97b05c7d5325837d388ff243aee7d6e61d2a199ab5e80966b8186129dbcc61f0b897

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 0cc3fb533fd7a8195767123139ebeff3
SHA1 29bf7169c4c58bb4b06c07b300688d6e9eb867c2
SHA256 f42b93713cfa910824a60fdf54a8c2990e3a9d33ab3b2468901db75f35c4ec95
SHA512 df500e00e621e72baab80f885514b20974e5d55f8ec82a21f50fb9a16043d99f2d9ca1cb5043d9ca04436bd4858faf37082b66b49bf3296a53e8f9af6f973a64

C:\Users\Admin\AppData\Local\Temp\Tmp82B6.tmp

MD5 67ada8bfae108c165352bd4af7045018
SHA1 f159409899afe0a9994eed317f1b8e149fa63c5d
SHA256 3c6bc9ad887fa91a1f19b6d32535acfb92afab131eeee2ff40a1426b19c43540
SHA512 fdb89cbc79e207473424bc271e5612ffacef385a1f0655e6361a54e25a02d5248d124d5d924bdcd0e44ab11f481f42c6784303d91947006c169a3f8eb49df7f5

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 ac4676558ec525209ab08d98e82f8380
SHA1 923675ab42324ddffbd0cf7600d7de7c726e05e6
SHA256 90c5719fc2dd14044dad3206d117f48ca8a8ac96d68ca12438190d5b51bdf7a8
SHA512 c659c8de53eefe296ccae7d606b093282f39cf530a571d45e13592c390b86688d471370ebe3bdd1d75bbb005901f6d36ba5e5cec6ad41b63d93e36eb1f3a452a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 74202966e49cbd6addd56fc55a27b945
SHA1 73f0a13c82a38a8c0ff990c2de74e68ce6b72cee
SHA256 8ed93f7237b7bf0eb530b3539cd3b05c4dea2b8bac284d8e2a4e057a9509e942
SHA512 539eaceef038bbcc21b448be77d9077814743d68d2154cc3024ffc3f8260d1905d74c001ebca012e5ee5d3648e4bd6dfd582466b5855ca2c1227fcc5ab48a205

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3509f46195b49f50cfd32b6ffacf131c
SHA1 9577b9b4c755998f34ded5be86f7910b67f66e23
SHA256 101e4360e29c1e44d5be6f67e217363fecb06e60461574e7ce8a8a3efe736c4a
SHA512 50b0c79ec23c15d44821ef4282e05ac3c01fa786ce3672d26ac588858123aa9abba0c56668e5e65ec22e923f0661832076acb43dd5624d647ce1fd1e07d8d4b6

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 fbd1f98eb017aeeaadb11a545ebc4329
SHA1 7a257c9fdf1ad5899f2e544c1f46618292474316
SHA256 433b3ec4b6026f3e4dae6d9725954e48565ebe5ac013981c4d5aadfd3cd84f98
SHA512 71c23f9e80fc1b785f56c7a2b1c6ba9a87e1b5073bd7070392bd2297dbf08ebe46dcac85140a46bc47e6beb0864e603c13adec997ea188a3b927b2bfba260ed1

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 9431460979378e66631ce4ce446d861f
SHA1 2e3fc73192d61b0463ff4b5fd0fc2aff95fa0841
SHA256 8b9e6ac613b8a01232022d6b69301fc67d6e98c6e2739f91047dad7aa7f2b9fe
SHA512 b3315b87dfe291db5fb9971d7eafa5a04ce8a8d1d0959f5432e6b9583f517b3ffb9ed789f5a0bf7e63e0352e0f79cd640cd538bc2efd3f5d884c4d9207a9bc97

C:\Users\Admin\Downloads\Unconfirmed 129881.crdownload

MD5 435b598e7b1faa4fd54cf953d1b6fdae
SHA1 c82a7ce12ec12e8ed1a92e2016b494f3e91d6200
SHA256 19d3513c917fd36beae8c1a634bcb1929408130e0ba056a587f711c830a168d5
SHA512 6e7f7c4878e09ce14af326eee65762d6fdbf4256cd64fccbf69264bec8884dcd1423fc9ef190512603e98d9556427795e4aa8169d944d989eefd6337d2f1bade

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2bcbbfc9694acc98d91c80a11660ae75
SHA1 ee6ed3ef44d6993afd52de9fb284edfd336e544a
SHA256 582200e85385435fddb55344c5c1d228e665cab7bc13487f313972aa16554fdb
SHA512 00611eca3117b5fa340e379d4b571321af78d9c6207721c2590de57fecadaeaab0ba34c8ef4c6c718466f79a01395dee18a704c89309c0e5533548e68d3295dc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4fa0604a462b30c140d2f7db38eb1e2c
SHA1 739071020c4f9bc212802066b226a5632ff50836
SHA256 69fc826466349e0b30d9c8b81b1c778cb16b28f42e30ddf31feb629849082c85
SHA512 17e9c367929c1cf8d2f367734aa8804370db3830927ab4d77333e18fc67eb6c65cd30787845e015c012534b7bba63d62969ada94fc378b4a61f813b38759cd34

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 06db065795c6e773cb465a28965d9be9
SHA1 b7703e655af5cc4b86387217dbff08801d002194
SHA256 04a4a9d824e4111fac6312e87a56cfa59aac174d7dca2920ea1fe85c1de1826d
SHA512 20e0239ac37026662ac516521a4f7c77eda51d59514ced828d1a4e1ffcbd1267f2bed04af0c840405b3550c335c4c0e3afccdb2ec7feee58e080ef97eae8c3bc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d23e45d287def6ddfb96700be8d5d014
SHA1 c6dfd8a33fb6fc8cbb270221967b66ff66186025
SHA256 b93c579b9989ff7bdeef92c4effa8e1c43ef4fd49037c4cd48941535d5ef823e
SHA512 5ee839a1d75f23e6447f2cfa6af8395e30709c54bd0df07a0fd7202ec7a8da8cdd0a03b9f698d0ffee9aebc3bb3645f50a7e13c9919ba85298bde75bf07ae7e1

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

MD5 03dff302822b54840f08e132d503e997
SHA1 ceefa070bcbbb89c3d4aa9623b70a7af33591429
SHA256 c357c185407d06835ac2c4d59cccb1b7bc018aa55f610960a74ddda8b61c56bb
SHA512 05358a63b907b71fd3c3bc892d4d462d915de67eea419d451b1a8ab839341a65cdd09dd882ae6a36e1dddfd9cef2d76ec88000c652baf000c2d7cb9ebfda554c

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 48d17b224cce2411d8019a16001e34e8
SHA1 a49b26f6874488e4530c89a3774f62f50aa8b612
SHA256 fd5ad104c3637589cb4d931d98c4f14e13b6a7502c8389f2403bd046a81b9263
SHA512 a35f4b3b1a6e95a9b878806c94bc8789e61280ab0445512bed2de3976eadad6336bc070a0ee676b27b3ac9d49585c7cb6ba5d2e5c8c04839454690e4b29cdde8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ed6ee7d945da20bf3e0a6755293219c0
SHA1 58cca0e32b13d46435e8f10be7d52e04946a281c
SHA256 3775a1dfd1d7c0f9e2170df6d901c64918338c93e2468475e8d103b02491df1e
SHA512 d27eec09a5f125d9daa722a07e5cc80597c97a4231d90a7debcf5d3ab6a4a19f9190a1005946d642b3e8bce11e38080e221d0a70da8da99f92ddf944466b346e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1079cb57643f3ac077ba1d993a2653e9
SHA1 f5f594e90dc1cb21cf70dd70ad73c5d17ba4c7aa
SHA256 7dd6779ea61e4eaa9edb6bbfa8326e120d90863f58e03fb27bfdc979e6ba0077
SHA512 29295dfd7a44748e57b144de7c800a70968798461fe1e93ac23fcc94be456748b7e5ffc5e9ccb635072db445ee754db93ffa7ca98fcaec6fa28fc62f5f6a1f55

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 9e93607fac0b97dfeb2a9debf6d3d340
SHA1 3a8ff0930dafb20a8b3afb871891a1fb4abc4861
SHA256 0131137d3e56b1636e4adcd2cb4b6d3b7a5bb24057124e818fb35b33c79710ff
SHA512 e4ed6df0d111f416de87c97ec17e89f0067bc5d92306624252e1b51ed2cab55826ce6f18457e650f5157c1baca9a91b60858835355834df0ab3f9fb6d1fd7bbd

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

MD5 0655e2eda778673ef459fecb45d23208
SHA1 c3db7008dad7355ff28d64c0b5ac33672807221b
SHA256 d8a548805b05a6588cb0ed245ef9a9fe2b918e95d4f6d1f457e9a3f14c67543a
SHA512 957fe92e4ed582affd376a5e0101559b6ad8b8e686a4bedea1c1c4eb49c5ebb55ec6cbef7a82bcf62f3239fdbbafc1f7030ad26ec1d8600fd38152e3cf623ed8

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 a97b2d584ec2310385665a5c49154032
SHA1 a668b62f6560bbbf904a9ca99dc1acabc0f1bf81
SHA256 fe253ce1498e9818893d2de367f23d38dd702e22f68f5a9d4dcb300497b88fc7
SHA512 56c957695570970f5552773f95661e655d12aceba13ddcb7d5c6ff97ddc419b5aed0eb55adfe161379e27506de7450577eb8152d43d698ee16f8deb8e78b49ec

C:\Windows\Temp\MBInstallTempe68cecf794ac11efbca9caf61997b0b0\7z.dll

MD5 3430e2544637cebf8ba1f509ed5a27b1
SHA1 7e5bd7af223436081601413fb501b8bd20b67a1e
SHA256 bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa
SHA512 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2b7a411fae6dd982361a277bb877df77
SHA1 a5884881ae33324177758a6865703f046bbbdc27
SHA256 115d3c37e362843b3cf033331bdb6d7a641b48ac988fae6810624dbb9029d757
SHA512 25ccfe99b22e0595c6110883295f038406beb5176fa0c63d2668114a0453419cee3310cd48ce8056ea11cb57848e6fdf080abc0bb0a1b5953ebc75b29abd9920

C:\Windows\Temp\MBInstallTempe68cecf794ac11efbca9caf61997b0b0\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.33\mscordaccore.dll

MD5 0377b6eb6be497cdf761b7e658637263
SHA1 b8a1e82a3cb7ca0642c6b66869ee92ce90465b2a
SHA256 4b7247323c45262bbb77f0ef55c177a2211040fa77d410513a667488bf1bc882
SHA512 ff3f6f6d1535e7aab448590fdbdf60d37e64e00d4081853f201c0103d7b7918f388db5469774f32af211e0990bc103bc9ff3708fa44efd868aa312c76ea65600

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 63397e8f4bf4d60855e379e9b8e082ab
SHA1 8c992a29c5c37834c8420604b24b4ce79e2b9517
SHA256 e12bd60c576d476baae2e6aa9971b794638716d060a32f5060ded3ea241f7f8f
SHA512 d82564f65f095df6c533d0a19cd39e390456ec46754d20ad94a4d0a761e266c93dd661c8dfc01c9a2cd4b602617e8527f20a968a0e875346f421b11f906346a6

C:\Windows\Temp\MBInstallTempe68cecf794ac11efbca9caf61997b0b0\servicepkg\MBAMService.exe

MD5 69186998f66f291690f40c3e4e3b9832
SHA1 22ea0106cd46bf4ec55dba7bc674f915017151e0
SHA256 bb088058ee2d51b7d5b146bc8d29463c2e25cdbccbc108763cd0f5f7f4eeeac9
SHA512 56bb14ac7ec4d54940efb874e922d5acf7517fdb42179c6f188c0268a646ddbea857ee33435ce43fc851593d135a3e9f222c6d4d9b0f4db17192ad0984952b31

C:\Windows\Temp\MBInstallTempe68cecf794ac11efbca9caf61997b0b0\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTempe68cecf794ac11efbca9caf61997b0b0\dbclspkg\MBAMCoreV5.dll

MD5 5e84b24b7d4e5d5a161074da559a1b49
SHA1 c5dea018ff9ce1c9a3e0cc90d1363fff57ab10f4
SHA256 b1fdd023dd927099a2991b44f17cf2845cd70e7869c3bdb95fca52424d9a6eb1
SHA512 f962b0022e544dffb722456409e90b3046df07262f7a493188f6e17b26fd8ed16363acb89729615a01361fceea792ad640e51606443a007653c1f269aa805774

C:\Windows\Temp\MBInstallTempe68cecf794ac11efbca9caf61997b0b0\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTempe68cecf794ac11efbca9caf61997b0b0\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTempe68cecf794ac11efbca9caf61997b0b0\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 91ae66a8d2f09adcfbb1e0dc66b80478
SHA1 3fd6c4c0c05d20dca3c9e948febd93b215ee2eba
SHA256 903a82ae359f8872d54b73028eda294653ccd2d1810a2c9786456025d10e0b77
SHA512 f1bb9f991e01c2673b37249f9aec8fb9302c88f506b7ca94a198aeddbea22f3e688abfdca50952ae99de8826f39d5394e14523ef395d95cac9d7ea1a552c8385

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 e23fa7f3048a66d3e026c7548b947c17
SHA1 2f5a4eb5c1ca2ae25720161990b0c4ad45688c5b
SHA256 2f4f62af11a4b3a93c608cf0341807e52e1ec24ff7e415e1c9688b3fa2791444
SHA512 769efdb81be395b0ea3bd7f9aa2570de897885218af790070fd5b5dd250f9e2dc9944a26c397ab7e2da6e6d5d534606bf5b41073bc1b741f9e4cf396b0ddd62a

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 5c69331fcdd5bb9d1075c72de0090e83
SHA1 c0d0282e72821f16c3423a69696646a226475b81
SHA256 3b5abd48bd8c05ec9418ca229378a7d95416022a7aaa0d83fc610a6af57ad0a5
SHA512 164f6fd10c074e75d8c1a664e7ed04b38e06259f61212c3cdb97aef7e9166a48d77632598f9b22e329ebeddcfae40ef633ca4de82e80a52a9941f2b6fc3a10c4

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 6bc57437d8409064b4ecab41f5443dff
SHA1 de27e2b8f490d65b61395558ea7c6985b315324d
SHA256 67267f589fcd41cfb07bc9bf8e1e220e0fec4bdba34f553945506b8c3b261616
SHA512 2952ccc901ba76f9540c3ac282d7abb274aba1512174b18873a1b1a7fe70e08a57eb37b46f7bf2e503b575e06f0dceba161af476122a4f00dc91f07b3d0e72e7

C:\Windows\Temp\MBInstallTempe68cecf794ac11efbca9caf61997b0b0\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 4881ec4dfd1d5cbed3f1fef15b003045
SHA1 c130c442a71bf422b98e2716434843fca88ed46b
SHA256 7160afe7c1ff9fcb3322406fda8ae6f5827741a84da7f414c3fc5b53a1cd5781
SHA512 73fb00a7991b37cc85944e36e4e81efe7a50cae583b3b73915bb18b643f6712d669eec2b59342dccda9ff95f32334ec6c9acfca36c7dfbdc2810b8ec2bca68fc

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 e668bdc475069b7990f5dfbdba3921d1
SHA1 404bce1870fe64a48551d790c2d03d770278af18
SHA256 b267f2511d11e4ec8cb294bae8c236f4bb4a164ccd1a3c70e55bb1fda75570a9
SHA512 e0364eb0efd44ac75aa626ab200cd4e562f8826aa95fd906f066946eab05052fdc9e932444b6104e55a988522248eed7cd3582eea92370b729a5b70f946d804d

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\Windows\System32\DriverStore\Temp\{8f740d9e-ea97-cb41-8721-19613bb82bd3}\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\Windows\System32\DriverStore\Temp\{8f740d9e-ea97-cb41-8721-19613bb82bd3}\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 a9e1299b984d25c878fc28635c1ff0bf
SHA1 adf5a6007291c13840a8a76434619e0f4f0e9b91
SHA256 18d99a7a2913ceda9836197377a98b5f3fc09277e5012336dc82ee80b8ecbb5e
SHA512 d7bc38778be6efec546ab3ae745bf268e99c7294f25cd3350525b515fc564811e77dc4248dbacd006c0ee21955114b49d46bd1c714e0e838c8eaf57cf47714a3

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 ac305892ac51c713a27356680ed4aa48
SHA1 64942155da098c6b928eff92e5e7bacd29cd42fe
SHA256 e9bf110530c8ce8059eafaef824509a7f5bef91f7395fec5c2567f2ffbb7cccc
SHA512 9b543e63e8843286472cb4929c16d5a1ecb513c2a1e7b9484b160d1d54478c281241bbe4c05b7ec484bd0149e5372449818c51942e28ee64a461f0ae1caaf538

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 62b720eeca3c8b1809f7bc2dc6683607
SHA1 3a4c72456a9b8de8c6ec3d731e155e5ba0c3b980
SHA256 6fbcc54c2e9c26a2053ba772673ec3e711502afe9598de4b6f865bd85b474848
SHA512 a4adc4377f7a1ff4ac8d28f8124a59be7accf549c83f592bfd357a64ffc8ba58b7ffdabeb005110fe32a1c75499de303cea9d1bf2eae7f97a16b86a366598eba

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 40138b220d514d867b7788c065097ace
SHA1 80ae9cd612a6672fec7c7032b4bd5332b420bf51
SHA256 fa3d5f1ed01cbfd8f11e938663b7f203ce467e1b08c736144f0021409fa8b176
SHA512 61e884abcf2dfae9af5786cbde19ffbc5906420ca8a8b588f83f71050dc826883e09f03a20769e20cecfd5ff2739a6b54d592405c34316b2a2ba3db8748b619a

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 6fc1aa9991e1368b84b44ed523798b75
SHA1 921fea9691e268d058357d4240170698e57bab11
SHA256 e4ebaa769d93a7df9ff3add74c0576bd97f0ba9d5b744d5491e9d53bf78f8542
SHA512 09c850a60754c766fe6e22eceddcc6a2453f7cd9418bf39ecb61b1714b9912ce2616d45515ffa8b6f5ffdd1d6f101a6349288313c42fd45882d843aa235eec8f

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 e301f2eedd81d91844c4b15177e90c75
SHA1 b297fb035fc9e99687e42e9b106fc0b00a80410c
SHA256 f3c4d96068e8ad15a7e9ac161fb688188d0998eb8411df9f0d86cc1aacc5d1ea
SHA512 14f22297a7065f530240f1c5519fafe29b97c7e4b9c31907eb0305d77abaaa2d201f62a4323bddcf093fc00bcae5eaf8d82840bf561bbc419fb2569c962678e9

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 1a53ea9c3608f027a2c2e3986d5d7ff5
SHA1 c656bc6ee1f55a8ee7dc62aba6aa32072f753717
SHA256 cadda71e68248a68addbad0b0d0d484ca12bd9aaad835c0dde8fbfdc58f8a95a
SHA512 3313dd1ffa6032bef770af32d2d2d6bdb4738ff2b1c22dae4b5ce47fc567b10a2388590d46d0e8ced8781a3bbc871bc53329ebdcdc39601bc5f3fef61c293874

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 e0927b7f9d7ddb05b42d4c3a92a84b2b
SHA1 9eba48b05c82a5ea85b3112155658e9c80306cb8
SHA256 c4bc3023594b45d29cf9310fd8ab444c0d02fcc5127b96ea424b97f5eeabe166
SHA512 7756c3d08405026a65430deb8298b5621a1f91f6dfebe70f0054034da56bbc5915b6630e3b26580cca0ace73e41f407a8d29fa62a5e34b63a9693cf2dee69176

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 ba71c42253a1daa5ba171ae90118156c
SHA1 06982a319888f0128be84ac6ed12751bd4222aae
SHA256 330c8c8848c2347afa7bf2c5f4dad03119883997ce0841da36b40c2d26c25a56
SHA512 7229dfda52945275cdbd2f09df050b0da5c7cf18d2864b87bec9d2bc1978e9ef0167094085029d29b730ea8cd27846c17b6cc0a4fe255c0384267c0a3a967573

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 7a8fd7f98ae707bfeb39e1cfad316ed2
SHA1 41c8eebd29490fa0c1f15c42a8420e24d2b064a0
SHA256 c14c6451788eade1a9d1f0b368a90f4a0738d0625c34bcb8de210b98b0b9360a
SHA512 b3ab4a0e994038dd897f802f3c8ad3c0502e651f9730b3472aab8c2d2c672bb86083e9320eecabbd3347a7f350de4ce0ef5725659f05c5574b6be777e24d387c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 71fee8336d19f0d5be6f0f33b76e03ab
SHA1 58c5f158909bfc4dcf5384bd48f302ad36725e86
SHA256 df3d372fe7770984dad988b9b24347a11326c521423d9e265c097c992e85c24e
SHA512 cdc81179d8d8d63439d1a066459c40ee33920f646f1dedf73c5626eaaa9a5af3e8eaf8fd1c9bb6ed53d007831b48561f2d1f35a04e2e834ee2c85ae56b5c04e6

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 16a6aad848aca7c684b68f94916089ff
SHA1 dc3a936948599dab48b7c27c979a4bb69e8c975b
SHA256 99becb68768c0370ca8f49fec4e1e6bd8fcc9981d928ecab27bee1ba24dd691d
SHA512 d27236da41122881e29e16b257807639c1c74c1bb243684c7411ffd25f54edf093e9caa1e38052a9e665039fef579adde4080bcee816e7b3d571930006f4f508

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 995174301f78f82ae249e0ca88ab3580
SHA1 9243e263e4ed877eca7fada22f57806ef0517ce7
SHA256 62bfcd9b875621912a572abf99b8203bb5ea93aa42168d44dbe546cf15229d2b
SHA512 97d71741c718a2d344affef21628c380337ce05cf2f37392e6c6e3e696e44810d1f7eb07eab8849fd2a0125acdb4ad08f72cec41744c4948806c28230aaa5932

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 956b145931bec84ebc422b5d1d333c49
SHA1 9264cc2ae8c856f84f1d0888f67aea01cdc3e056
SHA256 c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3
SHA512 fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 f802ae578c7837e45a8bbdca7e957496
SHA1 38754970ba2ef287b6fdf79827795b947a9b6b4d
SHA256 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b
SHA512 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 73d9e090df8c59ed78a9cc5cecb8c31d
SHA1 ea0ea996ebd1023b4d3aadff5ba8704ec798d36d
SHA256 85becbc1c5111fbac7634a0d92fe5471c937b6859e39286ddff8a47e60ed4fe2
SHA512 2607f3e2336da6b45bd223ec0324555034bfbfb30bee1a01ad482b791fa429b7a2fb9c2f1a4956657e3fd7b6b1c89bb9b0174b300c457e46ed50cc2d4ca44d27

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 7b4d691ffaeda2587e35fb86935a6de1
SHA1 c73cf4c2c1999b4a163fa6d27b517a765c8389d2
SHA256 602b9eb9bd977d10cc79416d58c6658286f4ea213a1c72ff533b2fe0ff49a5af
SHA512 841c6c1a24e12a5e1a50c441a2f53f0f29aac658d61010a456e837cc5200306ed975fce5c5bc8f1ff0ade6662af49f95d9a2674bdd6f48e9056c9c957dc34968

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 de80d1d2eea188b5d91173ad89c619cd
SHA1 97db4df41d09b4c5cdc50069b896445e91ae0010
SHA256 2b68990875509200b2cf5df9f6bdfcda21516e629cab58951aac3be6a1dd470c
SHA512 7a8f5f83552dbff21be515c66c66f72753305160606c22b9d8a552ab02943a2c4e371d17dce833020d2779c6d9fe184a1e9ef3d1b8285c77aeb17b2bba154b3f

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 e27ba937917dd70eb794ff6441db73f2
SHA1 2aa4fa05a3e83678add2ffdad2f741515ac1b250
SHA256 7f5c6da5f102a6639dd42b3b3eac3c1b534abeaa8966f93938cad8d21f8f1e3e
SHA512 e303ecaf6fde29389dd6539b7a398c33a46250db62544bb82b9a15b45db59aae93ad400f265b6c9abecd0def56133f9653fe68a26d96381b291d5ce0a10afdec

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 46bf4292e3a41a9fe2fbfcb8e486b096
SHA1 418372a1a1bca14fbecf49aa95332133fb3c34d6
SHA256 532b713773e92428a41f6066872a1a12828be9d37eb06df97352d79757d6bb48
SHA512 4a1bb164d11cdce4daa82cc9f98bebf72da2e80ac2caf94874e7f920d4e61ff95a96d5d89e4a4b567c2fe605d00faccfda453a8ce41631daf056677d07d1bda4

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 7ff716c5160fb16ab6ebf01aa4dc05c4
SHA1 ed5687d8622aa9b3c9342c90dcc5309dd548a165
SHA256 27685b33df1370742ae5774a9626e0c6457f0d80ea32c5499b7655c02108719e
SHA512 c32046cdd8c8e0a06cf6334e91cc4779c765dcea027d7056c4136ec017c5e5d3708ab1f2fea70b13c1cf9da01e10f1828a5cf3585beb93983c86ff23d1b0a01d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 9b06f10d63063d4d2a811d45b84bd167
SHA1 17ecae4ae772f4dfa597e872838a313cadd859b1
SHA256 49337535d06983c8098ccdb483a58a45a0dedd7759ddc8944a570107b5029f24
SHA512 4985acfd20d4b8823eeb9e2cbb0c6919b00756b81d48fb89d899132641ca6d816188a605ea5f9de134eb3579b484ebe2754e2106f8407572f59fb2def1b006fe

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 e1395dc221129d7ecc7e3c46a7c73184
SHA1 e2a66d6284ea04579078b99e7bde6d43c4d28419
SHA256 162200ccc86774690a7b585e38f180060c32c620aa3af7a859d0ad7b2974e936
SHA512 269a74872b94425186b58bdba63b1b4a3452b9f06b7d93769332979f79165de8231aeb034475af14b722162afe72c4cfce2a5d2f61e1fc0e232af74da796a190

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 df9371eae3ca5ebb0121bfaec6b7ffc3
SHA1 f64db2a1f14afb944a6b7e472e599b7d2b2575db
SHA256 a932b0d3ed0e0da8d935e5d0f875b5cb3743fce43307937c0d0835b95097d71c
SHA512 df148ee1147fb4b1729e60e879f7486cdb8357113fa0e7b39dcd52172c4fa8598832426565557ef6239752294e1be3c69cbee1a6678bd042d26112e706bbbb8e

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 0ece2b6abfc8f3530378ad0a1b84fa19
SHA1 f3a5c036ae0fb1d097b1150b7162a989c7c28b06
SHA256 82d469f5b241935b853fa1ffeb502359269ff1b15687ff3a3f735f3099fc431a
SHA512 354c4c34979a791cf50ba1b261121da98b52c50f78443d416ed2a435bca9e83964c0423f11be532731d64ddb8bc09985407dee94114d9fb80308998eed33e7a9

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 7c8424d8f3c5c42e3add96cefd410095
SHA1 91bdf31c57abb3f89e03cabe8ad10efd9031b046
SHA256 394c4f66b81f1ea5bc8712989f86d34e3912b30a4e46dcbbd8d2bf67905ddddc
SHA512 a9d9cac366f7b399b88ba20e77089f6f31aca93da301d79374dd20be233874a61a86f2d9dab55c2d2436f974c81d981c555f5a2e20d7a132c72ed0ea54ee3dbc

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 a14391cb35c18f20cb56d5ea5b1f8f7c
SHA1 92cfb8889c6374bdabff0386c0a908448543edad
SHA256 024ac574e353119c5b1f7afe9a32230df28f5fc029d1d58c9049aef77b0e9125
SHA512 49615ca7e4a78be62ea3d19045840c0043e45034a2ca5ac1b2dd7813c3c686988f4cfe8bd388b3e31620336b51ca76612c5a2bd048e505db324f133ce1c3bab1

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 efedee2a3582ea5555aa78c3a7122ab5
SHA1 f8ac3c8a05c5f304d38c9ca1daf7eb5026f41ba5
SHA256 2ea4c650441294043139f66ba4d18af1ced8624bf689eb47e30a7555b0a9ef57
SHA512 47b05a3633218c58b21658d9677993c48f37fa65564ec674f2e4e7038d5b3caf16163d905a33f1eb6ea396472ae5bb977abffc888aa232941c053dd6def1b2eb

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 b38258d9b6b8cc4c80021057e82262a2
SHA1 a4abe9fbd0c80d53caced361af7d90af0d225c14
SHA256 88c7e7bca8e9edb0c95ef6c2da47e820bb94d80da12383f63d2bc4ca18c84941
SHA512 225a9a94073a81ec4fc90da25cc2254baed7a2c0c2cc87335b1104ea1e54b161a6229187ad8fd3803f57f59d61901e284d0b3e3943d77cf1530ca412867db8cf

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 aba4aa3081a09e9ac4b15daf5618b676
SHA1 bc5f7fab0d50ad00810b7de4c02c8ee73d4fde8a
SHA256 b16ae0427d372a54bb663011a8692e2ef4895b508adbcbc046ac0f79a301362f
SHA512 26d3a5951ed5e2f64cfb56f2ab7627932b9639dfc47b01d926ffc9e66cc829404d4b21e16472db9cbf448a82ee0c9b0f44d34f92e429aab7b5bb8e1ffcb3a83c

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

MD5 246a1d7980f7d45c2456574ec3f32cbe
SHA1 c5fad4598c3698fdaa4aa42a74fb8fa170ffe413
SHA256 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147
SHA512 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf

MD5 d87c2f68057611e687bdb8cc6ebea5b8
SHA1 27b1311d3b199e4c22772fa1b7ea556805775d37
SHA256 ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8
SHA512 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat

MD5 ddb20ff5524a3a22a0eb1f3e863991a7
SHA1 260fbc1f268d426d46f3629e250c2afd0518ed24
SHA256 5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a
SHA512 7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 c674468c1b74e69a6d5d1e23a78e79ac
SHA1 1a8cbb88a835f2d5ea2344c2c8f2891238c82d98
SHA256 caf71cc19801b349e05d9bcdda5d0b4d3480d14d7c6fc6f789e38ab23df699a4
SHA512 47f051229dc4db7bc9f6f49f152e1ba4f75873514dbf6398828fc00de72eb8e418db0a32cad9b07f25b6255bbbf19eb65f78d9d0b06b2366a0b826d7ceb3da17

C:\Windows\System32\catroot2\dberr.txt

MD5 232cc852ef006958dc4726ff73058572
SHA1 1d3eb49f8f3ef548e57963779bf72b92c79db3d5
SHA256 88c57020a9f6a52c0d91191a548995f8dcd1bbee9f4c0f641b28a9ab8b6d4178
SHA512 c3bdaaee9ac2e868d22e652f7f618325d857e4ec444186fd203dbefb23928f778afdc0e6ad90406b3a05475a42db83636f0aab6035c18b3fc90da93e33a40183

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 58a746c41c3c15832f43103d3c1d2e31
SHA1 45133263a4376d6ac244c4b0aae417314a677c70
SHA256 2ae7204f4d3a8590c98383c0c920e33c923bbc19308996f7017b36c50dff693a
SHA512 7d5085c3fa810923c294683d3b0b55652d6ba9931fb16ccb59bd0accf4d2a496ee5191522f67760661f814a443857c4e6b9712080abcf6fbd030df2debcd40e5

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 c85697ddbab6e646f301b820271278c1
SHA1 6df5778d21d629393021f003bb08d310d6a64cb1
SHA256 837b827106feedfb40446d633d0e00ed5ec9512785bcba9285c6a5c7e4264d0e
SHA512 71838548deb0dbd0c2ce4d025e9d4d56f1aace5b3a6aa8e0cc88b8805b645a3b1b689de2a183f725b60be52ff3b20fe59ca107b781bda4c735a629b3412e3737

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 5acdf9980f01fc050c1bbc4c00e590bf
SHA1 7479da0437999ddf48a66ccd76298bf9980db8ee
SHA256 4d032f38c796388a1a23c4e9b1efbe1e7aaabeb8ec6f2f7ff1747dcf2591c073
SHA512 96c82980ab0ec625e89fcc3fc879d616c784f9a923b2c6fb942c3b03a8830182052972d96bdd3360d18067cd0351275451c75dfdb14174e07fe0458a3fb94778

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 10c218a08fc14c818acbceee2d5507c7
SHA1 ad513f45cdacc51c4abeb887a340ecba700b89d7
SHA256 40960660f1fe37b84a73131128efe2983fd2c79baccf2273a17b3dd2584f2a06
SHA512 a4290f25965cdc4826ef404e0d567c311df14e14b6bd06741c5708f1ee35c3c9684da96ca9c2faeefbe506b90507d86ab0fe84316fcec152e1d863e9e0ed812f

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 b80d114032d61f88912b1c5a182604bb
SHA1 16892c3f3e2368e5fee8a72b42c5cbe17ccae7b9
SHA256 b1b31d7b391ace153dd6f257a8ec8b72c01619e4dcc25a787f3ee7790eadf46b
SHA512 c12c318bf21aed5a94605af2da907dbe9788f341cfb4dd2d807a30b031d4a4de7f88b01d1877de67b42f4fff1e81637ef8ea44fcd6bffdd22bf014f2010b806e

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 b5cdac46c76a2124989b8d9ea50671b9
SHA1 b9008fba1d59b2331a0eff85755ff2ce633e3f4a
SHA256 9b8e845930cbb88d86146eee5a4a68e99dc961c4414a62a0b65f194f91111568
SHA512 75fa010bab232a3f2160decd8a14ffb6af91cd3f8006e7c4114cc119a402413e167773d753a168b049ca3e233e8ada8b048b33a63831cff49712465edfacd4ad

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 92cc08ddc1553aef474f6d65710b9df3
SHA1 cb4fbebf5c07c45e54a9f060007f5633ee5f4738
SHA256 b5961fb1450d90890363da03bd3c09207f9f70f52eedadf74af2b705e7ff3f05
SHA512 5160e7a5042f8d037c4389cfc65c28392ecea55729c02ae9a7618f4a980c2ae39fd71fa6c67f13035afff70469f3316f846e4ae24295b94a1d74cca2b180c70a

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 e3575e20038afe2d80b7407bc35e3ce0
SHA1 9ebcbdf1d89e97bb842fdaa96b41cd1cb7dce6d3
SHA256 80e22df23509393f054eba669a6fe9417ebe93617d5a6e93afb5bfdcefbd2ae7
SHA512 2bc5d364655710a781595d6f5a126ca6580d3e5fdef224fda7cf95e17bdf8553c6f404409ed115764a24acc7fc6bce4b1c1d2d0fcd6c3b0f8eba5a335b20a545

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 45992e6eae8494519e3693f13400eb28
SHA1 a23e355de1870dc482e124b50f77d5dc722a9889
SHA256 879321636a217e6cebfdec7b5ce22a4b415e6fbb9d585c6c9ccbd9640b4bf8bb
SHA512 54fee2c0cc6e1a9809a0efa030317e97ec2f5bb2f2c34a6a9b4dadaf6bd90f88b465c9beb349b8252e93576fe4ef18e8f1ef1dd067b7992298c4cd19dc539e97

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 1adfedf32662ef984d5d78c2bba9bc51
SHA1 d5779dc0c921e352c4fb93b3315947edb879882c
SHA256 25a42bff897b0a77c5735d21687754979785f1b241ddcda7eba7b796824425ef
SHA512 d5add175bd08c1cd932f5865a9d6f28c438a3aac6a62b597eec82c6cc00354b060552e7ff61c2f688ae4ef743f0605294533bbbe9f20c65add90090b07f8edb1

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 e2342eba6b4c7b0149c1e9c54fd2222a
SHA1 d8dc38cca5a82870c65947dcdc60e256a17fca0b
SHA256 1212f3ef386d6e071a5f22551e114fa8aa3405f61d05af1474f49f91d3934640
SHA512 1d8050986c74f3e433c65c84176c3a27d3e38b3a5cad47b77609e647dee7456e262d96804e75926179fd03132c597cfc4f95868c929215d644863866ee30ba89

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 d9f5077af338f0ced0812314829391b4
SHA1 12f2006975791c0d4a70c459309a1db772653439
SHA256 7ab6722a63767c0d0b5cbcdd50e85b355ad6a62e04eda7df6b2484ac7542accb
SHA512 37ca481302644f9ad5c0a3ced36b379cb75a3136a9568e0f0283431bee4f4818b3057fb1fdfed9f779f2ea430034dd4d63515933ce064b7dc08588f163781051

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 2cda2548a96eb7bcf7719db63e48aea4
SHA1 7adc0b5ad82dc9b6e9f55c36e5e920c4d0cdfc9e
SHA256 2a6359bb4e5e19f28580d7769b3c6ec442606f2bdcf88d126f0ccf3b558f37a1
SHA512 568279183bc1f88b8c4df233f4ed8d6b673567a442e524e0e928d64a2987da24d69af702664fee225868baae5376a4ef23235fb854be9bd3073210527cfc855a

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 fff97d87aeab43984fd661b2001dab2b
SHA1 95a7d1c9267eeb21d8f7b65eb6c6052ae60c4049
SHA256 00633d3f24d1d6062609929363438d80298318f443a3f806c46f55ad779e5f51
SHA512 3b3cc1d0d3fca1f7389c596205cd008c22d1cec578fd163139536fedf9aff26574c1168e991226d014b85950100f97dca155a6fb9ed93028ee3399e4cdb40b26

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 90fb8712a2347a6392470e4e10369614
SHA1 03503a1c83def1e3018bd29a5ac8ed15082074ff
SHA256 e7307778c1870d9ca3d37f80dd49bb39ad586adef3915ac1a1e0b88f32f5751a
SHA512 db8d53c270f52f0dbdc9b70bc3601f637597449c8db15e0fff80ed72ff7cfdff1d460b672a88f38a1d5ce59932e71bfc438e52dc6e22c8174557b65c28da9e97

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 a95ff3f8e62aadc8fa456649ef64abb2
SHA1 a233782a24fc8d18ba22d9e91f71490ed2778c23
SHA256 f2b38b61247ad1c40d19abfc5c2d6681cb0b2eddde6432268e1989cb299fa013
SHA512 7869ceef47d5d97d22bf4283403dc10c1605694199368ecdab72de71fcdd25d0954bb74ce84c195bcb4fcd0d1d3e20cb0ce0e499c669422f1fedcc241e5f965d

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 83b304c07ebf9b2fc1dbac5b3e2840be
SHA1 e67c2a1205d3a2908bc0ed95f2f920005b8d1560
SHA256 ad0e09fce96d9a2fd845514d81c735a0cd91b7994990cfea23c38811f889d341
SHA512 bf49c1d595debb6dd9445d85d5b983e698ee79102d6fa6deb8227080f1acb7830efaa5e02aa6b4d67dc61d5aa17a59c77044bde74f8f066325d3d66d228ba259

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 c852c54a9c8f86883103316cc23d9cb2
SHA1 d667f6a942b94aaaf12389435fecb4c61e21528f
SHA256 070caefde26425106288938bb2872448c98940b11b6687c96b92a69837ba6426
SHA512 d7cf711e552fa7985c5a847cd2fadff8e787d2c7d92a27a5130ea02d91007629de49e24db3d9af1b0168fab60dd83ae00b1841c70e710fe4f75bd934605a5ccb

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 5a9717e1385703e8f06b27aa10a69e87
SHA1 84ee67a9167b5eb6560711b9871de98898ad07a5
SHA256 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4
SHA512 dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 355347a81fd2ac2e10fa7780743683b5
SHA1 9c56cb229a882d07666bca4dfd75e5a26f4ce7cc
SHA256 b76c1d3d3b05d53082fd615214d14d6da55cb5455ca0ec4869c15e5af88983de
SHA512 e9839ac8ccc4168a0e743d1b47aac4b4a37a80c24a13b35c9a258db818544809b92d1cbc624381eab8bb4f47360e3ed2ac68933c26858992de5b1c6a0cc20863

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 7a1e7c2b8ec1f77c6cad92e4c19e68f8
SHA1 1807e8ef7ec1fc3f6882e4c222332c3dafe91cc6
SHA256 adffc66f5383b052689f96b0e3d1d3596afaf53b49003925c8927fa154a7dde0
SHA512 e2532eff33ee789403fd163063f6cf9343791ca857216e49060fb54c3143b4f9c1ea5f9bad083a4ba89d61af340e842c60bf3199a850c243b2276407bc352b8f

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 9c8ae2d96f7d5f29beff913cc4611181
SHA1 7b7d73f14a2787e110fdacdc4d964ac4b6e7fcc2
SHA256 a5e890f59d2ce64c1732abe79b82f595371343707bd2df46e6ea23ca273a5bab
SHA512 d52a85d688543375d06c2332418250013d632b322eeb0860ab7dfd130e2b2a1f7ec116cd9d65c339913762bc40dee840ed709803f6fb8040bfb9b4d8abc76b13

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 02a7031d469c48bceaf2703a8852bd52
SHA1 a1503075ddc4e7a64b42b8f8dcc46559b50fa9c7
SHA256 bc10a2b42ad8f1d20da6de5a0f48064e4e6098eb85209d5e0395c684c6cf0f69
SHA512 038dff053e5f0623f0aad3c6f1b6178d17ea6cde39019b206aa318112e3fa387b41c085b38401d266763ac451cc7bd47e10a02510fa517128c4795f8fc4c94c3

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 42a9832fdccbeb097ea863d580c84c8a
SHA1 f802df41b5a42b2ac86dd6134136dbdb79f80b35
SHA256 265b6121e7c1f69a09efb05c1569a648c03287880f60d6aabe587a0fc0e0b828
SHA512 573ae029cd8f7c0bdedcce7a32391bda6646b242dea3c1931a778d61422176d3a767c2118ea3d9d42d9945e0e2216ce0228c3bb27e996ab01a4551689711a1c0

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 176471506e8539a026f293c9f7d9e168
SHA1 dd80642489c7fc447cac0de1a988f18d387eab27
SHA256 11db75d7f29ec989c251a6b1d45914ae15a838e5d82a96205eec0790dcb3a54d
SHA512 b2e9ad2f8ce0733b99f07a7ca918f6b3183ef104dfb9ae88851b00d5a0e9d2bce8b93a2b52d48a9c29e2dfec9ae3bf60607f08bd73262e36f2a221b9a8aeb3f7

memory/2140-10599-0x000001B62B770000-0x000001B62B792000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf

MD5 358bb9bf66f2e514310dc22e4e3a4dc5
SHA1 87bfc1398e6756273eee909a0dfb4ef18b38d17c
SHA256 ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17
SHA512 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

MD5 954e9bf0db3b70d3703e27acff48603d
SHA1 d475a42100f6bb2264df727f859d83c72829f48b
SHA256 8f7ae468dba822a4968edbd0a732b806e453caaff28a73510f90cb5e40c4958a
SHA512 0e367ce106820d76994e7a8221aaaab76fda21d40aede17a8fe7dedaca8f691b345b95cf7333eb348419bc5f8ea8618949783717100b38ed92544b9199f847f0

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 62d4c00684102e5ff23d385bccf663ea
SHA1 b090402bd9f2d226a2cd696b3249b45a0f9554fd
SHA256 2ad5d23ba508ae498879ac216aa78041994421e9c1f4294db88fc37286bcceed
SHA512 cb23e2faab41109f193db52fad254309259c8b8491cd9b2a1d6df47822376e8ee451448459abbd6efa9fdfd5d81cf289986a24afffe5045475816670bd518151

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 9c8ccbb0e90a3725a3432ae83ac7bccd
SHA1 90a0d20330ec92d3c72639c7343491c05593c1b5
SHA256 db467bb58f85a959cc453f9b27a94245758f522f45a2ab3f730b19f60613ac5e
SHA512 627b74df04aa88f78596d09ee82c64983cf65fefd4d9b381532128b55b86ee6c7a59e7388c2e4cb398042bde6b0c4ad9dadc5cd4ce13698e8a552aecffae37f5

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat

MD5 1c69ac8db00c3cae244dd8e0ac5c880e
SHA1 9c059298d09e63897a06d0d161048bdadfa4c28a
SHA256 02d57ac673352e642f111c71edbb18b9546b0b29f6c6e948e7f1c59bd4c36410
SHA512 d2ec2ff9fea86d7074998c53913373c05b84ddd8aa277f6e7cda5a4dfffd03273d271595a2f0bf432b891775bdd2e8f984c733998411cfc71aff2255511b29c9

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 caeb96e96487134135c47335a24589b3
SHA1 a14d03c055e803f9bb75ff3300342a8b2a021e0c
SHA256 662c6151e5a76aeaa1d00cc2bddbcb408c0267bd0fb41c8ed6513e8b84f30e7c
SHA512 ab3b75289edfdcfe372d921cfdcf75b5933f57c9925703815ed9c31e52622f79146a42ee0202aa622861dfe93f144e038a0447acd2628f60144c43ba3a56cdc4

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 e97123959dfee73a0335c95eeb2ef832
SHA1 3a3bfb6e8ba8d816154cce411a1d828e44ad16dd
SHA256 b9a23861433c1f5162cbc8d56d91fad2e0e22bdc0a4378fe72d75d988f9b2eb3
SHA512 43b40411a3d07237b3606397cf5ca79722f95a7286091d943f818dcfcbcd40f16a648adfcce04c3f22f3462b1ec5c8f27b4a016ecdc1e86e6cddc8127413d05e

C:\Users\Admin\AppData\Local\Temp\TmpBB53.tmp

MD5 f0b609c6b4314bdd07b0c3ef4d8ee8ce
SHA1 55eee6b02fd2a1c3cedcb85d58a7ab51ff5daf04
SHA256 9a7b982a92eb3a6ece3597ae83812b0b80048af1fe56ea83b2c35a32b6ba88a1
SHA512 efc4dd240723b9f6cda5f9bf5ffe9a81a0014230904acf033f96f4d6ef9fa1e8e1b537884ec422625f4274d112429c81d593c4f7cdbc3c909cbf09bdcf5b3c83

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 ea758b91906b857e7976138439f356bd
SHA1 d7d30380c2ff535bac8d06164c054fb355655180
SHA256 4ecff7ab970704fc47586782216f92c752a82a13b84d6af7bc1ce20c82d4685f
SHA512 f7f4cb65f535e2d045328573afffdfc78a029f07859d16c2c856ba83bf4d74f36f93ca84b2dd61149c49c80b98c7f3276219e9c8f37436c26e2d7c1ddebef3c2

C:\Users\Admin\AppData\Local\Temp\TmpBB42.tmp

MD5 db518b3c108cbb742637a4b8b143d97f
SHA1 435c662536fc755195724bb332be717a8c03309a
SHA256 9092af85124de5144ed89df5a43825dea66e073770cfdda9b7aa2eeadd135c36
SHA512 cc56dbe99d14078ca2297911140d3b165d979d9ba1795f7c9506a4eb794877fd4cccbc1d51a27100a6f910b525568e3325b7bbec432491dec0f42b74698e6b3a

C:\Users\Admin\AppData\Local\Temp\TmpBB32.tmp

MD5 79e7b78e59935ed1b24a1100dfd78b9a
SHA1 1fdcb523e94b9a99159949928ecfa8ddb25d032a
SHA256 658136a39a49ff836e42b9c79ea2db8affa12f907c3e44f1f0c3b8aae6050d82
SHA512 4345ad91e261a7f5d92cd064802e08111880c48a2d043f3451946e2c1e86ed5d97d59a64455dd8ce1be7009ad2141145170da8ee7f672c3d86f3f8caeea3a210

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 72936310ec0c96295dbb66455078b0ab
SHA1 4cd88306a05bbaa54950a8815fb4c3d5c4446dc9
SHA256 e856659c512243b8f3618cbe47e40fd3d98bff5582e0f358e78a27c4ad6a5c48
SHA512 f4d206a402f9fea8ab9f4b7fd660b45c78cf2de7a6748734d65091a92e0ff65f9a5111710e9e360c4421554c81b79ebc2bbbf62339b9c52525c8f41845b54051

C:\Users\Admin\AppData\Local\Temp\TmpBB21.tmp

MD5 f51998c56b3139a384098f5d90475568
SHA1 6f6090425ae0406aba9a9be49d04e024e1720f40
SHA256 c5c45af6ac72ff0cf29c366dcd57cbbfa610175dcd854f57131febcf776c3cef
SHA512 39947910bb299371a25c0178de12259a3cca140ad67714c479843243d9b56d263d29d65e79b4c14ce3637a7b60fee3fc5daf380b9bcc67a15f649c77d302a325

C:\Users\Admin\AppData\Local\Temp\TmpBB20.tmp

MD5 6316b72b36e380ad827e2522476137db
SHA1 bdca1f262688e76e864002e796c43505c3d61955
SHA256 f47129aa6a256171b28c0f859ad829221bc57731d4119d037e9fafb68b8c3124
SHA512 49c196f46da4e7255ecd1a0902f0d65235394d00f6dde2723a2d9e0c2fdcd06d7d6462cca5b1e34b4cbcc3b065522ebe6c4b6f1553f79f0422d01780f62db820

C:\Users\Admin\AppData\Local\Temp\TmpBB0F.tmp

MD5 85c7741ec8d014e059d5d3accdbcddc6
SHA1 dc01f3ed3c50479c99ada3c1d4a686c5a7f6cfe6
SHA256 56d6a2c4d43bc6d3663e03682b439d771d319e5fc490fe761da2e2d1eae2005b
SHA512 3e12c9c170e92d1c221f1b244cd28b9efc71e4fc4a42df9f04391266e400ff2372d80d20e3939f4372f879ac5be57a8ef8fb3b2a4393d8e5b6264c0aab3d89b2

C:\Users\Admin\AppData\Local\Temp\TmpBAFF.tmp

MD5 6d40d65de36bb77669286726b457b044
SHA1 8a13b1bac2b4877cdf4aae688d22ae5138bed62e
SHA256 fcb7e6e5add441b8d506dda74e3630d5bbfa0affc160b92df9fb1aa59d96a955
SHA512 284eabaa201368849cd8c31fe24c70a00840d2a327f741ebefea56a4d6352baf36a95a235e6881f309d6aae984ef8c5ab270901d234b3c4f1d5d1d7e8add7ab5

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 30a11702d17b1c2d34d89a235d113239
SHA1 85244847cccc6d8cc068eb7bc0bcae93a0c2599e
SHA256 e64615e6c16274d5198694601678f71d2e09dca4a669db483251d410afa02fca
SHA512 1bb9a27f6040075c438028a3af979c6c5ff3297bd8771a20fb7e5f16e81fae9226d781273a142f36320b5cd2ec15c22775a616b2ba65e47105d166228fa614d9

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 e5bd295850b593f6d7cbd8bbe59e71df
SHA1 c922df2483c7cefbed91b221299c0adb6e5a7db2
SHA256 70cb5eb4c7f600a56e6409f58cf02de1aa2883a33063d89a68f54f28c2209ce7
SHA512 8ff8342df8cbb255c741c42bc14c45309835f74eac8e4a498fd109b10664b788c6f573db709faeae1a781cdec4579691ec309fa66e5656a681ff9adcff3c2b60

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 61bd6a08809d2703f3ff45120e862219
SHA1 8d5f4df8a69af1ed3cf3ceb472b506b0eedde090
SHA256 e8f4b689259603c447bbc4558865034048439c0a6532a894ffd745fd42f25136
SHA512 9eef490621173d33c092a4e796022052139fc884b5d4bd9630cbd26f6dded1ec7b7ad37ba415e9772cfda63584eeb3f527ecc8e0aa9d9b8d0c8556c72f25a0bf

memory/7828-11221-0x000002103CFA0000-0x000002103CFC2000-memory.dmp

memory/7828-11224-0x000002103CFD0000-0x000002103CFF6000-memory.dmp

memory/7828-11223-0x000002103D430000-0x000002103D46A000-memory.dmp

memory/7828-11226-0x000002103E060000-0x000002103E222000-memory.dmp

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 804b0fcb2c6e386d690549c8274e7ad6
SHA1 52b60734b8a4377dd42edbcee7af2d797f4a9c9d
SHA256 9ceaf16127e84fef9561df8d069baa8d448478c9c5639827cde5ca39b2ceb779
SHA512 10b9dcc7330d220f239a1bd52c2cacdf4a8b0d70ed3a3a3256934181f385261f352e0900b0b5cf5f1e01f0c5f7de0221ed9518d832d053e523aa279023003308

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 662abc834650ee668bbdae88f1f792c7
SHA1 ff8c3138544f50b64ced0940e3849d8b84a59930
SHA256 8f72266ca79df71628f50727819c891ca09e1f6250327f15af7245197a8b7d45
SHA512 2e87ad5730b133dde14f4f9ae4f93cff933c43dda641d36c5fa9beb443237e7daec718c1b82d4e03bca530721c6ba1cb2c52eaff6f5d5237698a2ccb961cfc71

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 b442e40589deb4e954d32ce6a0842634
SHA1 9ceaa59818a49542f7119e0c03c826d4591fae72
SHA256 ec51c6902839c84c7bde1762800f8220a63465408fc59b1d5ed43748d2601f52
SHA512 593207ee264d1b18a72888f620c0fdb60ebf35175ebd23f6720e1b94046f75ea5a3986a1d2b1f11ce9b33f81e37e3cd054ed9da3aad3fb1af8c8e5f6a59c1668

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 08411ee239843a06f1fb373519f31645
SHA1 f19b2f345f9ec3f72a21a992523d52dcd701eb97
SHA256 3aa77ec965b4c5e76c9d65aaa394c8a3f6665e2fc18a658624562ab5128eb314
SHA512 683bc34890c7a8aedfa48db7987c5034a3b73e9c2119679d9e135b472ea3f7834c9542107d16900f7483557ff38a4bf1a61f277dfa3dcab82b9af39d8b9ed7ce

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 9cabdb53858f77832825cf1eae32d357
SHA1 aa3cf898a11fa560ed6f2ca9532aa5104d7113e6
SHA256 e7fe899d2b3d192fa6b82c22bb9ead29dcd5760a095c9500db0214a06acbe728
SHA512 243cd180f7f8f7867ccdf158e310257574e38a46b67848ff24800e07cc5548a4959bcef1df72b81ed82b4509eb72a6827015b56d65c00a44ac314df052d52d04

C:\Users\Admin\AppData\Local\Temp\kxjBiUS53Z

MD5 a1877ca6fef34566af96af105f154dee
SHA1 8df5bee9f7e2ece02f854056a3cc1dfdadc7a298
SHA256 ba40b8eb55aeaf252fd740bfed6b2c99b057110f9fe1f684c9694ec0b7bd80f0
SHA512 d82f9fa88583b07df5309086056bab6308304dd4f75f63ca8e769a9938f4fcc8214efc1f7aad78dd437121e1e32829e25e0c2259c28cea385dc0f5a9ba1d9e69

C:\Users\Admin\AppData\Local\Temp\7s5K7w1HOZ

MD5 a182561a527f929489bf4b8f74f65cd7
SHA1 8cd6866594759711ea1836e86a5b7ca64ee8911f
SHA256 42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914
SHA512 9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

C:\Users\Admin\AppData\Local\Temp\OWftDvcZZP

MD5 1c7a79a2c7bc4c1ce2a85460d0dde47b
SHA1 dc9602771db88d98717ee295ca307d1eb2ad6bb9
SHA256 18cbe9ebe8a15f092b100dbf6833e03de88cfea32028d1c4b9bbf600d3938cb9
SHA512 94392e3f68719e3380f0a79f371a31205b8268bb969d68d38be0a7c678cc151114e4d97c8dca5acfaf07ab5d93a67ac3fb01d775897f89abde5421ad9dc39e1c

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 ebd3f42d6e2d5f9288bcf9be170f5105
SHA1 602dda201065ca9b7675a71ca155e0bcb63e0916
SHA256 d21718ae5c0bce63e872da3fac7733e4c3a77e23ebd84addcfff99c6178bfb20
SHA512 9e30289e6e909bbacfa4131d58fc67e53d1f1c5dfabff0fc652e10c48acbaf0769b854c505d854b2eca0d96c391019898e70629b8461865603f1e45f8e3981fe

C:\Users\Admin\AppData\Local\Temp\Tmp8888.tmp

MD5 4657ec70c40eb6c2b6ad490361f786f3
SHA1 f47ebe75a6a99ba1e12fafbe0f983454176e9e72
SHA256 7a5e62fb2c96e7069fada144b68500d47624added3873e35f62f7ed88a026900
SHA512 468aee3700e3b3ce5785e867a873ba3a0542e2590b8c551388315d01d90bb78e674ff149b12da944b2c12e39c97ff1288fc2a353fa9cf64c157312ba512f53c3

C:\Users\Admin\AppData\Local\Temp\Tmp8926.tmp

MD5 729633f67dd2de93e60c0998d38425d5
SHA1 4888389042689eb4b7c7160a5f45105ee6c2c829
SHA256 7b69986d085aba36b02d1cfc82edfd09a02a87d1608e011ca845f8ad6ae5d1f0
SHA512 b9dab3cabdc511220806e0f7af45f94be51a943c71f6539f32f79542871b26ad7f4b68c040b195fd9a16aec4949e673e6ecf7318e31f3d95a8996a8ac421d91f

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

MD5 52c4aa7e428e86445b8e529ef93e8549
SHA1 72508ba29ff3becbbe9668e95efa8748ce69aa3f
SHA256 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63
SHA512 f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 83d7a4291c5edf5f905b422b7d3300fe
SHA1 5a3d5e0245f01b02b1656b517ac410ddb0f09c6a
SHA256 90233e10291f0c04d8ebdedb8750dc7d60ecb28be2b3538b77265744e7f82755
SHA512 24436abccd335d8ceb905618e248c41e8d7a6f0e94dc20325c01ab43da23040198a0a6868166e2f194fa91d77518882056f052249c52347084b43e7ddd99a00f

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

MD5 becfee2afe2efc7830ddf2ee87bf513f
SHA1 6af01f9b215f6956f7184eafd7eafff88327af62
SHA256 70d5b714891a6f244954f4df7b99cd952856d747a62a09837860f061541c3fce
SHA512 26c937d821216871e7de4e9f2e7b821414cc071f583b711335af81fcb390f8b1365e969162d5d230d43305de3461223a3a2ea80defd68e29a274b700b8471f8c

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 867ea8692423f9008587fa5551cde61f
SHA1 e3f659c6909e2a5d9ba0723085635fd31fc7f55c
SHA256 bd0003edc56fa043aa40896b67220b8575bf8824007750b8366f7b1fcbbe7b54
SHA512 2047a7d28ca1eccf3102b7990dd0e899c5713ea6c98cdeefde50cac2478b7be41b97e367180c3a03cd59765f3f8c1d1150c6f4a8256af1bb05d145252719d1e2

C:\Users\Admin\AppData\Local\Temp\Tmp929E.tmp

MD5 a826609383a2e3ca73759387bbae30fb
SHA1 2967c4838988f7406f5b86a958b96babff9a5aa6
SHA256 f757e593c7f3d82f0d9d731dfd3a31fd8df7070fe0266080015db65285bc05c0
SHA512 a6d1d9e7f45eeac2da601065aabb9291a77d055b9a3ad6cabc4e9b9808c8a3bf4cc718eaa31281b8e1231b703ce3770dbe721a94ef63a38e7b8fb619de385bed

C:\Users\Admin\AppData\Local\Temp\Tmp937B.tmp

MD5 5aae8615a39f936b9aa8925148df10ac
SHA1 c7d98a9c8eb7390ae0f5efbdf54f1f168295dbef
SHA256 60e69fc3025aa1aeab048a17b1db4dca7a9aeeb857b8246feed3847c957b32c3
SHA512 cf59dcb5f3a6fa4220c82aa8316df34f0353cdc2d6bb2fecf9d18f26bb211e9f09c8eff249b40b137af234deece7b104560b7dce3ee5a1dee576de6f42f4cc3c

C:\Users\Admin\AppData\Local\Temp\Tmp95EE.tmp

MD5 99dd772474e4171724cb3d30cbdad6ad
SHA1 a7d2f8e54bc0bd4b5dee4bd5cd04986ca27c9bb2
SHA256 8e0c301d16e37beb095e56ceb7733024247d9bd9f85521190020a4ff43d27e2a
SHA512 a9fa9a49841ab709e13445801866dc6628fe577860316c3718a0cce0099041c13cc60a899e6a93c00d0becaf2ebf4ae1fc25a38702e9d9250663eebac5916216

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 15b0c06895136cfae26139846566d55a
SHA1 2e393d020391b0a5bbb9cf2f962aa55866bfc3ac
SHA256 0e879f83ff21dbc19b4c697c5d7b1dc3680b08275190ee9b859dbfd3ad0834df
SHA512 1392733e5ccd02bf7f72f26850161ccec793bd609d3b8ba728e9fa95aadd46d000927e62521fafd65fab971743e1757153e63ed82af777740b12075fe975cb8d

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 81595f42dcbc7b6f24771ffcdde527a4
SHA1 90839c8508fef0f2be89c8d0923a31e52624a33d
SHA256 d0e7942991726ace3f351a7f657a856c312958bff899985c40669f05144a7222
SHA512 83062873cf4ccb4f0fd9f6cd154cfeffc0e5345c715368c14c2885e6b8de0231fac1e1df860936ad62e1b45a3e8eb4789fa254f11458e2c26795d4593c6ed87b

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 6338663c6b841c02831bef236da57bfa
SHA1 d797257776340978363966f9b922fc9bf91dc576
SHA256 98e0b3e4d3e37c641bc5df789459749f064d6cb0a386749800e6a4e53086a9eb
SHA512 e3b4b11dc44702753801b9b8de335a18e2239d817814e6654e414adf70694b09cdb7921c9d46382d9d4ca97bb506eb039a409fa3aed3d1fa7ffb5fa06c414abd

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 fe8add0a5ef3b6731ad1bb06a23482e6
SHA1 4cc71babbf7d1760a26535bceafddd30a35050ec
SHA256 1490df1a097e874613ae25dd3b5afdbdf1dc5b28c5da85535b72425a732012a0
SHA512 a751232d3d7c602e6b21ea9804587527eca1ac7b4a6a79599f8ac805152109855db2386541cf8c0f430b688915ec41f334e57a466c3ab3383f7541342e2b81de

C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll

MD5 c3d54b417bd45333ef58a50ecb79075a
SHA1 e97067da4cf62a527285dff10e1a4fe2fd7e8d9e
SHA256 332a58c088b53a22ac9b51257e09d233138a9c383d3e720da574efee19d484c5
SHA512 5efd199cb52141f3a30aa6187d928413add36961056bcd1f90426d1a122a2cc858e97c2d8a13eb0b6553b2466a0e169783cd3861850b34535baf7514e5ef20be

C:\Users\Admin\AppData\Local\Temp\TmpB35B.tmp

MD5 0410627078cf054703c66f807345cfe8
SHA1 d85da7a2d3436bbea304aa581e13e3953b0c95a0
SHA256 77661a2829db04b3425b6a0dcce1f89c8cb60849e6ddd9f935305a4eb4f3fe0c
SHA512 2ed1fd92d67412dbc8b03b7d132ae5df9b85c939562124fcc8e017968f2f686a745ecfac18c1165d8e9a6e4555c214424683a28b763660063cb01020bf39ea8d

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 24583b2877b37f38ad3d089f91c76e3b
SHA1 cf4bc2aa1ccc28ed74d5819b36ea216239596d94
SHA256 7aedab559b118c23541fef79b84c75000cd9413fb7497753baad308a13e94be7
SHA512 6bab9a1222d7288449d8c1c7a37b6135cc29f17a66889526fe7560a2400b20032078a2ac69e7ac253cfe3e3d45545023a04448b98bb6d6397e8eb196030d9c5a

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 526c3a8c683bd5611096b5cb186ef182
SHA1 1a39fad7862817cb4fdc93536ab1ae3f7c0a40d8
SHA256 98e3769d070a30d222c455ff7e543d5bcc636d4058b553c6979a07b3879917f8
SHA512 20a1ac5683640050a03524c0b9e74295de4a1bfdfddeb1b92ba96de048b77c37c9fabce4a23a9fe46ecaec50415cff19aea09a0028af1d39f06772f1397dbb9a

C:\ProgramData\VoodooAi\Data.txt

MD5 6c94e2c44b4a2881a700a8762556daed
SHA1 34ef3638489a5d4f8ac511c9b6e31a4a04599bcf
SHA256 b50b31c88c546f7b6ea5ba16210ecb1f0317f603799d8848960f3d741e8eca5a
SHA512 c83f92156d6f742ff16fb8e8b9a0d1c476a123ceedb06988516b62336a0701e1a1b3d46e0bbfeb10962356fbe7f719c7d4a417967af9553ee04a069f62578d32

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 7c6f0e05dfd87af3d88c118fe4f251e4
SHA1 6ce0ede9bda686ff267fb02c0e055d1e16985384
SHA256 5b75f9cd7aebcf5a4f152b67bd81acf33c2a7816113d31e9616aad85e70dfdc9
SHA512 1635760bda570c79e8907ab1e3aa54373a00f96a084a0a7e13bae3d708b1fd0def854dc774945f13acec649d2628c5e33d1db7a6b6ec2e8edf1ff498b60dd960

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 9fbb7414a844ab611286f38ea9a4ac98
SHA1 e99183c3223d29ce2dfddbf6de3a9f656de8bbe4
SHA256 0deba454a7d5c019c61777d6e4ff44e8171ac9f461ddc1b62ffd03e067261f58
SHA512 9015dd72549b27f67a89c6b62131bc5a0d8586716ae9bec6f11ffb0320df794da339c7f8ec55ecc743981f2a79e9f8b57e47dc4bed6d3793dbdedd5cb3af15f7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 9f762a1cb31069cb173ecc20e16bcc90
SHA1 862983c96f1ac03fb0acffb8be7f636c9e431e6d
SHA256 64028afd1e4ff8b4236b82307ff710037333e0785e23c6e38043bb11a08d5906
SHA512 49cb4d08bc99aedfbe3340e823b20bfc1b6d949d8212ba2c8e6867f5f424448b65fc8d40550c68182c5b750be072b2ceef6cbe02b4c88a7cbed8963e397eda65

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 4a52286d22cd2ddfd0140ba2e945bdae
SHA1 598e8a91433c88af3d9954e173021a75988199b5
SHA256 4d7b16fa28fd622d49448b319dd44dbb0f579534372a4acd1aed8387b9b7343f
SHA512 152629c96386e4476bdd1b6ec42a807217144a45896e1dd8b41886bff4d25bbd27b7351500294ae507882d456ae696c67bc20d8607a83d6ae1c1eb991621ce28

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 b8964f785fb5751641af138e3672202b
SHA1 3aace5e1da63359e57fd00d10fa7847ecb6e253b
SHA256 6a1afac0e0340c80710749281d57f1c448932aa8987f6316e8f1ef5a93343fcb
SHA512 23ae8703a8dd206ec5a7b387b215abe15f4cab04b69b1e338b81dd1976efc699cc9e6fbc6691def2051757661f23f6bcfa7224a6d021dfd3e3ab9e37f2943f6c

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\Windows\System32\drivers\mbam.sys

MD5 2b6ba2a29aedad09dbbf964b404ca4d3
SHA1 f4740d6bdda9e157fb4e0b8c039117bfe0e147b6
SHA256 76ef1379b03d1cc367e0422cc4688a3a6c697ccee798a750bb3ed53bcd71def7
SHA512 6ead63664db520ff6acc5d28e858197a320353c62fcdc9feba089ec2b09df95b690ed72d67f7b73d658039478e694b6732aec65e398b0c130e6842870abaa190

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4cb86ad0d3b99741b5fb61509befeddc
SHA1 c02b48dbed9cdfa2de53c9a1278168a6f6be02d2
SHA256 65811c0aa87bbc193692e93f41fdff9bb3b5bc730c68169ecc18ece95b462bf2
SHA512 101b275ab44091717c11f2fe391200a911984a7c0d4ae6d9a0a715f4eccb6bb3c8e0c0ce4cba7e4ece8c297ad93b2ec0a47af87798e3abddaa1a6323b2bc3673

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 c04a0e9d4c7362bbc8888c5f36d46c59
SHA1 a91a0467fe2836e646efebea82563de3f937477e
SHA256 6b79b32ecd0ff440d9a92ae1ad10af55ec3c76e8de0fbeb1b06d91ad843d0cba
SHA512 1b748e49352e8441343209e4a0f06aa5492673c67d277207bb3ccbb704d2f712d18da23fb2cac7d67190f1b218902a4967ef2f7d4df5598446979f2a570f3179

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 63ff5b259bca7903de64a5c0d9f96472
SHA1 ad542ec1c3447886b3417b7dedba6321d1b4ee3d
SHA256 7a73aa2b9f8f7da963b8b387cad6b23c645a98188138d43134bbb597ef597085
SHA512 ab79aeb32bedd4387269d87e7b25078f6b691df49e3a0212fefc1ce1e385c528bcab74b15c681b6f170275679a2efb338381e9c13c4b9b7581489677efa612cf

C:\Users\Admin\AppData\Local\Temp\Tmp8E9B.tmp

MD5 42a600349df5b2b0d6df62377cb4409f
SHA1 04fe9604fee97bb8e78684178e2d295d42590678
SHA256 b93746740321c30e876bec99c26f9e3391fc21d13785a5835a70e8711a0a97cb
SHA512 6143941209914da51bdf045bca53a35d82e8abe31d1e0ca21dd47c1eb059a4eb0459f35ceada73b0bce995c0450c04f5917847b951acedfbd677481b5417000f

C:\ProgramData\VoodooAi\Data.txt

MD5 b46f101cf153e40a21987db5ca5933ff
SHA1 6470f00a835c8654e6ec3dec8210f1e98a4b5365
SHA256 a6940dcaad026e2926b5302db043e481723e79bf1fbee453d572a364cbb487f4
SHA512 ca6c9b5a74ea1b7f90e78fd30620fe4192f4e9d2e76d5040c546c63be32ec8e240c8ddabd0a840b702f67e57ec7824b08d5ee6458471c08ed460d967ca0984fe

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 1679636d0386f4b9b5c16840ce9c4491
SHA1 a4841ccfe38929e979b2f5c59328de54f8a5c744
SHA256 e82ed9552e7eccf699d98da9273fb99c981995850408708052ba637e40a0d115
SHA512 20152785e17fced88066a1845e27280eb7de4bf52695b40149b60d07de2373810e58d2f2c729688df9cd9aa5ffcfb59760e22a49e8d627baa80898c5530e7816

C:\ProgramData\Malwarebytes\MBAMService\version.dat

MD5 f7eb2b63892510695b707514b909a847
SHA1 4afe56506e281ac7a42aa0f0e2a246b61b7103aa
SHA256 f1c531c0cf33e5321e9fb227ed584ac95d0e48a0f5962694ecb91126ac0c01fd
SHA512 956e100e6316e0cde70abb383689925967b9221aac0ab96209ae563ea733bec51f7087936a6ed44315f1f4012a9d35b519240758d23b87d2e1c3652c01484a03

C:\Windows\Temp\TmpB037.tmp

MD5 33199b5ff706b64520b813203f1820c4
SHA1 5771d24c4a53a5507f950011903549d5bd7e46c7
SHA256 e1af61d9ec1a145a3e705db67529778bd0c4bf1b77054d21bd9f57bd49eaef58
SHA512 69755fdb6e47e53c0248aab1a46e41e013defe127ae3347caf84d6e812874cd3f04f76ead1f876d71269f8f1d323ba7c8f76c5c21f60315d61d195606cf407be

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 24ff7f858fe8882fdee74ddfb35840db
SHA1 b42b1a71be497d1bc27d4e2fab37f712d775c605
SHA256 6e7dfc85a6e02a4bc91aac7d91839b4f2e9f3a5a10b71816e2fc7bcd51ab1732
SHA512 6d23672e78d90e2c74f9496bb9f0ff2162c1d38fcfefe38cd390980c712b4b64795893fa1c39f16ebe74cf091064a219b970becd075f40cfc9dc05a867a0977b

C:\Windows\Temp\TmpB5D6.tmp

MD5 102b05dceb30106364a7e0d74a87a9d5
SHA1 3d021ce304e9b253b0a2f9c6ba8ad6e31438d8cc
SHA256 28bf87dce0458123e9678645046108f691358abbd9061b3a489e4b329459d01a
SHA512 ac3f250f1f8b8909ef0515fb6f0ea54047a2de3516a1997e59db0e99fe41cb41155633f020b29b7377da91783f511ee51603d26c5eb9e0d3acaf9f9e3abccae4

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 fe2357b08a6ea118777aa0594a9792b2
SHA1 68f7f2392021d5436e4d53d538c5ae42d76dc7cf
SHA256 b47a825027ea473889df58526e0f2b89b41acbe5fdcb215e2d966c6ab0318e30
SHA512 98480bc471f79132280a8b6bfa8e09556d398721d74f182fd2117f29ce01a9cae48790fc915e2995345fdd79f2884aa0b12cdb8c593c0b3bd9f0d25faa67823b

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 081b7d09e307bce760f3c414bbfc8666
SHA1 2528f4790ef2ba9b525f34fd9c61ede6f2352517
SHA256 51ac5898b275e8c0745f973d3914cb1314105c4133b950b8e6878629b2f000e1
SHA512 1cfdfd5efdb7f4c4148fd74d23698c14db8e9c1d5d84de41d517b72d5acfcdc781326dd0b98aa39375299615229a21b7dbfcaba70a82ca487de32264151d6840

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 5c4c9aa70e31946bf1ebace797c683b1
SHA1 c510d2b16005999a46d29cbe0c65ad7a78abbc61
SHA256 0485577eb7eecdc5ef7847a81b7fb8ec014510cdf0a104c526fec6cfa8acd620
SHA512 141ac0724dcb948570d1ff697e5c79c6fa4f288ceffa4c11ec8d1013944edfb6c8ab129dfdf4ce6fc015b11b283d8191c3c06349105af671a05166c91c1ad307

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 dc8206d6817ea8ca43287618d11cf30a
SHA1 986c7825a61bcbdf5111e479b77a2a8555ec4b58
SHA256 8be95df9cd756ac2713874ce40b2f7c3273fc9430dcf59755d1984ab2c932001
SHA512 2b1fdf529d9a203f111a2bdf9251fce26f924db03036dbadfb7ccfa69a143e7e8dfb544f8605e9f98c4f053559de3675d497923bb5f7c5e1a850b6b562465bda

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 023e49f995cccd4d75e272aab3a25e00
SHA1 8d7c5acc155cc47a65ce11ee5feb54cf3b658952
SHA256 5814b4b32bec0748472d3e6f148497b1a406efb8a854b4f2574ba8376d5eadae
SHA512 6ebe02538fc20e624b1fbe2a90dd44e14b4e3b2b7b1ee2895aa867ea97fc1341a0f4801416d283955bc0e86f35a69bf6fa97adf382e61da33e4f448c4e654eb0

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 4274b2b00100dff87e49600d5889d889
SHA1 eb574255836f20c86dd5e66ae996d6629037a821
SHA256 6d985389fe1f4bc5e3b5cdfe9affa64d7338de0c12c0df03151ea6d721a9c1f2
SHA512 bf2432f11c60b374146c1e0e7be659aa5c9055e206935ba2987dfc38ce6c9b02f8f5495587c1feaa2fbd5c042b345130eabba4ab1ef795ac0b507aae1f2117f3

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D41.tmp

MD5 3b337c2d41069b0a1e43e30f891c3813
SHA1 ebee2827b5cb153cbbb51c9718da1549fa80fc5c
SHA256 c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7
SHA512 fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 b48bbd7bf1452e241f353e712610106f
SHA1 50a9b06b4ad35e668c4928b9f791c007bd81554d
SHA256 530a61d58032b4e9c5891bf7fbb7a5078610636ae36bc043cee0d80f1cf5a761
SHA512 8fe50c73f740db5c9984af9d66e986fc97c370719659008ecf1940e5c43f896beef9e44e20704e06483d544290101fad06dbe6e44d50d57c474791a81bb83e06

C:\Windows\Temp\tmp3296baaaaa

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D45.tmp

MD5 b5d0f85e7c820db76ef2f4535552f03c
SHA1 91eff42f542175a41549bc966e9b249b65743951
SHA256 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c
SHA512 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 199bb89c715cb26f244a1715caddd871
SHA1 c1539b8d149b4f7d0aa613f9f49bc737e9b04f0b
SHA256 b2218b1cf24b661daa9a20313e92f8c3c4b1f1ba09ec8c3b2a5348d7db8abc5e
SHA512 7be5beec917bc4833f45a894c878a9b981db0bd0065271305ea5f0e13ee8d84f6c3fd4dd2d92b6cf33f97f3f10d440fded1db9a972187850a87bab482ca8be8f

C:\Windows\Temp\Tmp5023.tmp

MD5 7f632726826d4936ebcbcd3175fe4c41
SHA1 ae951fcf843dbc5f4928c75f577e5e9a1096ccb0
SHA256 76d2e89ba55d2e3fc83b2cf27c9bc20087c888b561330450aab64e330c3dd23a
SHA512 d3667ec756fbaf16c8c5bf8d53ab9517fa5b698a08b5f31778c444587a8b6a90ec08bbca31950e70f77de61a79cec86b32049fc1855c6b3198ca96e36d51ccf3

C:\Users\Admin\AppData\Local\Temp\Tmp598D.tmp

MD5 15c925e9416aba6e5cea0cdc125a475e
SHA1 cbdbcf1905967c5c43c3414b807a7afcd3851b25
SHA256 53c23c9446830e4c20e6e1635f5cd416abb9a8094104c373dafd97372413fd1b
SHA512 3b78cfd096829e57318885c977df9d59e39d9aa3f622f40b08699a0f052b9dc52f12daf519585e75c1331a1378543d95cdceeefa996261dab4a1bb3642a45e17

C:\Users\Admin\AppData\Local\Temp\Tmp59BE.tmp

MD5 783259e18b74994f87e77cc36283dc06
SHA1 e18a97860b461df68725a79738e2ec32763c0906
SHA256 618e2fd76c2ad505d2f68c14e5b66ea404c877251b408bc3d8a9b1f0e0d404ce
SHA512 72e234b30d22225261263895cf15eb4df7294b8b5d9367a95fc2c485230277d0484f2ac732e152ebd0ef5e487562b2d07d80301a2429ce833af42ff408540571

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 51758a91d8fcc45af67c48625ae73ae2
SHA1 e74323ad53b73083eb96d5589b11e8685fa5e0d7
SHA256 28da3fff7052093aacbddcfc0c6b51ae14a5539e271f83a18b01bac1f6f2406e
SHA512 89bdd3b7cb3259f57232281d9f01cc8b957eff173800754a8fb975c147a8e8e00078438917e83c9043c6f49d94a947e421888b0257c12aacf7b2d9433cad0587

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

MD5 76f4b91ec705370491b3c480665c6bf5
SHA1 ff0f42f109d5fec77722fe3e35b521db1758d7fb
SHA256 732f0df15830d27a7895402c4a2fe8df6e254e6022b6a87eccf2056bae23ebe2
SHA512 5192e059f34511fb8520310812e02ab7f5eaf44eebd502cef40864347251ea41df9c569570b9585edf142ef6a0b445a71606da205cc2290409cdb2a9337a0348

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

MD5 78f2fcaa601f2fb4ebc937ba532e7549
SHA1 ddfb16cd4931c973a2037d3fc83a4d7d775d05e4
SHA256 552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988
SHA512 bcad73a7a5afb7120549dd54ba1f15c551ae24c7181f008392065d1ed006e6fa4fa5a60538d52461b15a12f5292049e929cffde15cc400dec9cdfca0b36a68dd

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

MD5 e93cad28dd22479c4c7cda25bd1bbba2
SHA1 e2055a4fc7e70003f2646aae2a2464e7861cb279
SHA256 3f211bcf62e95b2b28f319fe3d29309ffbbdffd5d4e3e1d7762e32c6efa5b2bf
SHA512 e6eb71aca3e5336092c1c74ad926d97669ec82a07a59210cf9a068c5ea7a2f63b97d3440d5078771091213695222c05867782194b1020467af993537a3968e3a

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

MD5 d91299e84355cd8d5a86795a0118b6e9
SHA1 7b0f360b775f76c94a12ca48445aa2d2a875701c
SHA256 46011ede1c147eb2bc731a539b7c047b7ee93e48b9d3c3ba710ce132bbdfac6b
SHA512 6d11d03f2df2d931fac9f47ceda70d81d51a9116c1ef362d67b7874f91bf20915006f7af8ecebaea59d2dc144536b25ea091cc33c04c9a3808eefdc69c90e816

C:\Windows\Temp\Tmp798B.tmp

MD5 1e12a029f899a87dd29463ae34541294
SHA1 61adee505fd5ac82df43a468583a176503bc4e36
SHA256 a55a9c6bd903ff2523c6b1e8f1c63caa593f2763fb142943c576e200d520d967
SHA512 d8897bc0f7ac763953aed8a430d970d0c748b6b819b72d0e3bc68537347f6e5af9663d4bc0fd6815e737b0dcb0a11d1a331a703d02bb964e2128014206ca3590

C:\Windows\Temp\Tmp791C.tmp

MD5 e0a15bc13a2450843208a0490fe81988
SHA1 54bc1dc32681d431a2b64e27245d8a0740cd8256
SHA256 0e6f630393344cee199541d9359b74ef3bf87290f218f48adf3fa33667e6d967
SHA512 acb39fdfa1819fc40a81fc2795d82f06c46bde5a1e16c28d938946e6ad7929ecd1011765526c777eb69061ef43b33d834119c1f3c71937323257a88f4f2b994a

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D68.tmp

MD5 54dde63178e5f043852e1c1b5cde0c4b
SHA1 a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd
SHA256 f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d
SHA512 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 dfa2ff9dca6715c1fabcb2edc87a8ace
SHA1 c57c7f92bb7a44a303deaf6d41bf725f977ac323
SHA256 15e4e0a7180bb31e6e8434e9edd8ec1cbd58d870a237a3a15d1ae01320770704
SHA512 ec280940d662b0c3d546652fe5d8ddb1303f4b2f52f7a584b96b6aeaee1d66f67f8231b0177af4070409cdf5794060085a9b29e96933704a8c26140c8937f870

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 be96480b2dffa954e1453bdaa4d0bebe
SHA1 143dba69aee31035e9025f9012faa10b12caecc8
SHA256 552b22d54475d65886f77fef16b82927e33aa18945a5a56b6eca9985f60a7027
SHA512 9f218362af67dc3ff4170c257a094a5c9c0eaf48ef246ccde08c6c000f39a5bb8a582a721e2f5af0a8ed57a8d6eeed3b347d0ead18e3a3ddbcec8c881afb3617

C:\Windows\Temp\TmpA87C.tmp

MD5 ce1623e807456d0267e984c8f0281c5d
SHA1 bbb468a13554fb38172a638eb5890c9c636c4f61
SHA256 7a8f3a96e7c3e30c80f3bd750fe083b2789f1203ebaf371fbdbf7eae93ea320d
SHA512 4f0cdf69496f352baf58767221589051e5e4a88068a15036787f14700b7359c6e5fb5748eca5e8117465384eb086e41c967f6eb740c8196bd40d9fd845e2d4ab

C:\Windows\Temp\TmpA80E.tmp

MD5 feefb922192972827d8bf65020eafb51
SHA1 a4c20d1207ec742bc3b7e947f6dc19608dbccc83
SHA256 2ec22ec1052ea4d3cb95babf3a024c3a94e031b7a9782b0d638d03289eb787e2
SHA512 55bcabe355b94f4ef59c47954abad396921b371ba456125e0396d5a685109869cc6b03c7ff08f5ee00448a051984a5db8dcc4c39662e78a71871dedd52e22f39

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 f56f88103376bc3f7da41b13881c140a
SHA1 7a9e1992020531972b98e127ee00d5d00c1b4a0c
SHA256 8a655fbf4a7f91028a58fb756ede2e4fd146f46f8396de2cab3282e3418190cf
SHA512 ee6a77b675e8cbb4254529d352b07e010ca0f6329b7365d678ee4187c8a615cb9590cff2b31d97af337f3e1f18d5270460a2aaf183f45b735e1d038c5a17333e

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 b70c7ceb322c6b0d51c48b1fae70451a
SHA1 a75ed5ca96588f7b7d1cbe96e6daca0f88688f8b
SHA256 50cf3f43b7dca71c3a66f562eb3eab7f91a2793df6a013a7bcd03289ab5b4282
SHA512 8b3edba12194865795783417abda73bbc73a42c51a9bd4fcfb976f4eecf81a523922de21c95de3ad768e517d505b07153572373688b4e8b638b4ed4c1acdb772

C:\Windows\Temp\TmpD3A5.tmp

MD5 9cb449667bfe355905e136cdd3e3a907
SHA1 510a9fd18f53a4bbaf41c154aa9e2f0aeeccc11d
SHA256 f1c5b7cf2e5f2911e970c064f74a093710fd11da46bc3f4010e34a70c8465495
SHA512 784406151a01d2dda4a8e856de5369abc73c1d5df84381a3107c31434ff9644597a19dba001e86b59eee2a14ccc2e7040e3e6b02d776a019ca97d883f7165148

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 efded3ca84e1bc801260e3c4b36692a5
SHA1 109f81630d61bab5006553ae8bf40a7bc38ab3a1
SHA256 99a3281659af9a84067321e639c1b7ac3cb408b8d01be934c3498bc2b7029ba5
SHA512 c16c4b3fbbea11d63018df34fd6391deb8bdfedd8ed53e0541a0fbdeb81659284acd1acff4588c4e440389af73be226a7a129e3f782f3449a8d11626f2b2a64d

C:\Users\Admin\AppData\Local\FAST!\User Data\Local State

MD5 e9df992c3b05f7a794137f6dcde93da2
SHA1 77a3b6a63f1b110f2a63b42447c06dfe711e6c0f
SHA256 e411cf7876beb824f835bf67bb62360582927452c8c0fae91b1cf8216ac594f3
SHA512 60dbb3e5b6ddd887dcc591d14bbc225dd95a4b9b2c81322ce889ca077775ec67f08e6f480ecdc38006777d764fe1a674f6383a984fd169ebb842140b21676fb6

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 d9e6592ef99aba9334678273e97978fb
SHA1 f956bb519ee9f503675d2a81ac7aa6f261c3b09d
SHA256 f987ae1632edfb6e1c81a51cf3835c758ef4a408320081a87942a005de87a6c6
SHA512 5174b4160efb2ff1ff6c12839119d0f9c61f1e6bd69fdcf33ddf77be8c2a679364ed841092f53d78990be9929ea457c5a97438a3de8727be27d15ba8b4395cf5

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D98.tmp

MD5 699dd61122d91e80abdfcc396ce0ec10
SHA1 7b23a6562e78e1d4be2a16fc7044bdcea724855e
SHA256 f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
SHA512 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D99.tmp

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA0.tmp

MD5 804b9539f7be4ece92993dc95c8486f5
SHA1 ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c
SHA256 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b
SHA512 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 2afb24115067d3ad6a0ae39d8f334fcd
SHA1 22669bb87d24fbdf47dea8957683aa59a12a3a23
SHA256 199dfb8ba7ca695eeae10d63aa047d7cf3010bbc34a54fdfd604f23894a52fe8
SHA512 b5861b63c50b855465440a4ffc93e1f3b68405ad606c15103d627c3791b1a6f7a2bae073c6b6aff6abf9204c402694c2e0ca108cec7a935464eeaecafdb594df

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 1c7b7eedda2ce1fd5b2862db68a6a368
SHA1 8b05e96b55d6f59421efa196b0f3e566ded5a165
SHA256 26ed1676db7890fa9f831e2bb1732c40bd844f1bd6eaf422f7d007c5afcffb5c
SHA512 9cfb9d3537057adbe9dd242bf8942642ea72a5625d882ba3b7032d9600b5465ba634a384fdc5a19ef76a32224400243b4373fcd45363194ab2d2b963598cbc40

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 bb20f71d805e704f044d85874c2b9b47
SHA1 be64140cdabc56760ea3a8338f85c3787c2294dd
SHA256 2ffb48c863cfb21fa75440d1e13081e34d858aeacd81f2c7ea88f19bcf5130d6
SHA512 54f996a6c922047ab61d8dc9b9811bf8dd1ee3e0b2d04d086d76e22aed2315ff90bc3e9921e6e704f37f07a0b369e845516af4eed67868e720c3651b413ad059

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 fbe639768ba37ac5d9fcd00610933b77
SHA1 6356fa945cde88a9bb90bcb485f1b7f9d6dc8b3c
SHA256 b7eac5a45f459050216d35e2e05da905d3649ba4e1ce48d3c82edb89a42080b7
SHA512 7d06d134fadece799eec6bf1f2bd326be2cfb7791501d888c4568a4aba8cb7972cf2b3ce04852d545292d7fec79155ba300bf5c221ffb2b2c12436cc8f9dbdf5

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 6d7b6caf95e25c304bd760a25c993067
SHA1 c05d2f99ef5dad98739ccdea5fa7ba0f7cf817b9
SHA256 e5a33f4702e72daf19035b26f68fceaf6796f87f1e6dee4e1966d7510a49d81f
SHA512 5f82467130754889d52e29eaed2672df4ea463fbc31719e227f0d7200ac370fc20b1bf3f20cbf760e53d91c13bc445ce77da121ed107a57a9920554066275613

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4b7c362cbc60d95c07c523cd93cfcd8a
SHA1 2b6391b4141cd948d93902ebcd77e3deeab6d4cf
SHA256 61bdbea83b614f90a3f1f7dc46c53c1d59b11a267f48631b44c7eb1a4e9464a9
SHA512 dd8d5f4ca740a4cd03c5d110a182b685c226de2df9c553785a9132ea259de1a19658c6507e72b1f0bbfe6670f15f70f43b597404e0be4e4fd1c0988006ca7c50

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 22d5541c82467582ffe9567ddf898263
SHA1 a898178dbd5605e55f4995e6874c97d79bd52216
SHA256 ae282201dcbc0dd1a3c9b4f05c6dd27d5536cfcd0b0d9e82df3207912aca2c85
SHA512 c7a278d5cc27a7071f855ac61de96b8d5e481aea51a04bc5bbfdd1d419b99519f29d37596e685b35e5971d7d87a62e18ee31dc46ac1eaca324e35b0c99839322

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 3b9b41ff4d012bccdaa9c8709c77e95c
SHA1 9dcafa1e0a0d96f6f3acc2a39e0a4a934c340c1e
SHA256 6cd9e4bc77a36bbd057785e032ddfa4ee5eb4fae5471efb647cb4c8e99062a29
SHA512 c0376cea00947c813a54aaccfe6a293f5e22988541e36fc4b1e254a6a76c7971517893fa1bc187ea1ac615f30efb118aa1ca6c3ff27d5e67b536b9618800c500

C:\Windows\Temp\Tmp2C0F.tmp

MD5 8da04686649ab36ea552faefa0014373
SHA1 aef94e69a846393de96ab56b1b18e8b4b075537e
SHA256 321f99d70482f2748dfe345507d0b910f8cd49d540c0f4ca3d914096f716346e
SHA512 c16f39470e131a4746ad284d26311466d3fa1c690bb739630116dedd542ad850f144e5f896067e345e97d7dd65127d7b8fdfc5bc31caf01c817569595db8eb60

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 1ac0de2eeab9bebc09dcaa64ca8710ff
SHA1 d3dbaddcfe0eadc6b1aad22f4e61fe3bec11e5d0
SHA256 b2c504e212394f204c7e3fbf55af43628bf43bfa2cca980862c48dc840a4bd22
SHA512 8b74f9f12da750f6cef31229b9a4962161d59516097c0e92608835518e6bd41a21938c2f91d1dec240ef0a8d972e857e6898afb4e64b9ad11bb0e4070de0ae48

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

MD5 9fe9e81076f5f98e9a5c0bd8a6ad1bd8
SHA1 51fc61db8f22cd2ff196a2bc59ebbda0c25e1259
SHA256 20e3d99cac0a0d09647b688441c9bb30c7ce02b63628071c2c9c9d149674d72a
SHA512 9e97b16ca82d35d5d7f4e87f241d3de0b75e66a401d81d57a39b7de91d248c8ee62791900ff711843976aec1533349f10733139dcf1d7536f7539c05588161e1

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 e7afa511e3e24daef842cf1320cd363e
SHA1 1b084c95956edd1a4639ce785402ab06de4a67ee
SHA256 a5eeccdaa150808daedc9744058bdb971ffdf88a941fb1445f3f21512f489507
SHA512 00b72d7b72324bfef218c75feee97e470145176e565a00f8c21c3f9d1f0c05af8b9471393184c79fea3876611943b8524595f97e3d4b35599f24ed238784d4c6

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 c02113df7aa70542789a7d344bb5e116
SHA1 996b78d8402a0bf5950d96d59c2d3d75b426d2bd
SHA256 791f05bbf6341100f02310213a62a9cffa966e675cab486e9f43c224c64e3cc9
SHA512 b793b427541d44e33c80132c8ec392e35b70c34b4ba0ef0215d7f2458c9f3ce5e5f4de8a6688f9607af69502b3c8bfbb571db915c684f693acf8bfb286e931e0

C:\Windows\Temp\Tmp4082.tmp

MD5 187f71cf676c75ba8f9dbfe295620474
SHA1 823fb8879b4ef97f8972cbb4f8dd5d8f98ba7d8a
SHA256 d7ef83bbb1449815adb055c7c6c66052d1c103c9cfa81e10146fd87358b4616e
SHA512 83d08893a7c4df1c46b9759c725c96f4b4a72a95b7aa04e9fd01c703fb5755b4a3741582be2b78c1e23c7ceff678a77b280477c88299fb7f6ebc7755e1ff153f

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 47c97cb37892608c62deb9687f740e12
SHA1 b3e476e5e6d12f321a82c1fc14ff02b51814c872
SHA256 24d114331bfa42cab2aedc43b87216d34121a19c85187464d72dd8c1d286b788
SHA512 a460f86570a6441aee938df2914620cd74dd291de7bba4482a6761ea72b16966a6cc2139471b3a1e78abd15d08134e44bdb28986ff95ba0ecb077ce92b354098

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State

MD5 2719df92918d0e3d182371cc4c89cd68
SHA1 9a6c12b8ce987e719afb4dae140fb3de20b0c398
SHA256 476ade90b27793fa18cde0fbd05762bef4b73211010b0bda39ee009a2c99f52e
SHA512 3deab6fb2af68146aceb0ae3ddd100d7c1d259928fa9b24449aca88833f24e00b6f12a28d4d2d17b19d2ca2748c35dc2d6eab185cf05657b90edb4073dc02dfc

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 42785e2f626a699fcfd73b3ba8fc8a53
SHA1 acfab741c1d3b9ecbf9561907912a9743b62d2e7
SHA256 e7d0408d5a7fcdeaa35656260b8df0691704ea3a0442454bf030d95303e6cf46
SHA512 93d4936bce4ffbfad0ffa1c2dccccbfa99ad88cb5874b8adee6bc70d44de9c00b644e0516b6fe048f0497b43a071761ddab69e9f9922eab0440e68149efe3783

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 614f72cfbe2766f287da964f23d5becb
SHA1 09f3595b173454122f8efa423c44276d13246493
SHA256 020cb48b85356169f9d15c2c7a7ca23ae96241415e29ab5f482ccd0001c62a58
SHA512 78bca4ff46a5a229cc5fb5e064d7f1958d6d7bc5cb60902ca2175a6096a4d126cfd3e89b8cbdfac05656c36c3e345f58b1c32b142a427fce70d745a82b58f378

C:\Windows\Temp\Tmp5498.tmp

MD5 e64d3c98128cf7014fea41fd4d7fd7ee
SHA1 2a50522b59cf80a883cbcda255699fe6e0e27da7
SHA256 f039f4be44b16ca18e2d40250671ffba168213ae73a51438dd37c6272ea27de7
SHA512 43f65a65f9f5f49a53b9145b03034fa614aac30054439c1b7f00b00b5bdc472660c84eff20bafd909c879d9a7d38d778335fa886457691c142f37f6a5dce0db6

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 65d7fc5d7b2eda7a0a7e1d0367ae8ae0
SHA1 1199975ad74fc089a2291941bd2a4ca39339c41c
SHA256 eff7c53496067f915c8deb964d10e23a8fad8524d480540af8e912d954820241
SHA512 de90e098b360f4f8b98f239b5fce9f8c51044e5b6c8a02a6aadf16009ede1ca62560b8797b4558269063e3769631fc60b3a89a03a89501143c54894fbbf9b012

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 ec838e96239f444eca6964cd0a6b6804
SHA1 8801d09cb6c690239518a559b09df1d0cb6e0662
SHA256 e0c9ed9f3c7feaebb158ad3079ef043b8870c0ce1b389c8e31f5affcf0041986
SHA512 7cf482cf731bef7e9026c32c98a620fa852e00c61ff136e868728af32f0f3e92ea234ef3db4caf9f2700004e5af5c4ec7c4d57169c81bb931af4b50ba373112c

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 db4b1a09a9da7db63c2669ffad903cc2
SHA1 1aa035c1f56503be94ccfcdbf98e1380f8f37bd9
SHA256 ca02f0217fe21fd2f35605249c0ef84d04e8ebec7ef36b6a1847d24031b77ce2
SHA512 60c1df005d6e04f11d756863bddd23a8e9799d0fcf489049a87236bdb1713e981b666ea59e294f2d0dc240e91820808df93c526cad872e54dbe872cb61e09519

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 618760419b284c90c837531de10f8d8c
SHA1 14cbdf03273c3c509a55a04a51d201d8136e8ff0
SHA256 e2e42421bcdefb3e4955043b9608783abe2ceb9e5f5de51cace87d834c941303
SHA512 46bf2c500271020ca26777c2a7e9058b09be4a4eb7e2cf0da726612e570ca68d9d0850144fb1a307c73bf14ff2dc55e36650848d029df041de4cd6aee74571ce

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4c0f065f5caa492ca098c84fa5b27e7e
SHA1 668d7c2b197b4ea2d0b56e1cdb982a4b014dac9b
SHA256 c888c24231aff5b9a6b1ad67a2cef32fe01b9273b695f350795d5ff7563ee62f
SHA512 77e79ab1c22d50e42c0ed0b0cb5757aa607f5c952727027b4255cafc862b3594d72d5246c2f473a734f252f6d5916ff926d7961fe8736e016e5edc47c30f1e0e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 a60876462da2c7e51011b89b091b714b
SHA1 02f8baeb8340f4292b3d7c35d86b8d707d17eb28
SHA256 7328b8d798aa8f8a122f3aa975aa93df590d13548e0445503d3ad6f09c7eabfe
SHA512 822fdb7bbd27169b772fc43a66bb48f5c3986f7d42319bbcbe1a5a9905f536edb60c2c13a8e38e93bc693d44ed2c566d376d95eb4b3f060dca3488e165f40445

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Preferences

MD5 46dc0698403ac838effc8c510bab15fe
SHA1 9a98afa9d7eef279479ef0e20db405f80ebb28f4
SHA256 94ccc6e657886089c84c14f73a0b4230b6eb015f00b50f05c05726c58e55899f
SHA512 9ff9dea460f025fe19e64a4a84ea26200f9af5c1367a041936730b5a2b9c5b3805d40806c1d29b8d7e306eb6d47886e2abc057400198c56d01714bb083745810

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 cffeeb21c916be46b87739e6b15cc1be
SHA1 86aff51c1b570d01717c13464b39ad332e3e9f89
SHA256 1a3c26983cac12412f361bf731dec7143b3005098462fb7a7dc9d7e1d7726f27
SHA512 e10b40f0042fdd260c3f4c740eb3b1663fe8e365559d1196f1d09ef964e993f3af0f614f5657cea9cd661112b866d1b7b8a429e9342d256744f82ae5f8ebe22f

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 618f2d4a5846f51d861b169e6d866f2d
SHA1 94c92547d3df19b3725440d1cd46e1753ea38439
SHA256 3cf11efd2fc870d866f8b445158521f781e330ae67d848e4e814da96c342bb99
SHA512 70e176b004f712adbe5cb8c94eb1be7557e4d23c078bca291a37796cc70166055179d7d4a5cefa72cfbaf79bd60e28dce044801153485784ccc2227b27df0723

C:\Users\Admin\AppData\Local\FAST!\User Data\Default\Network\TransportSecurity

MD5 8f0030f1b39d5c87ec88cbd9159c7457
SHA1 f11a502378c35b771e5243888056907d527b9db3
SHA256 c5bcab719bab1296d87352558e29cb9fbd5286dbd3a6de5987de25c2c931cc57
SHA512 78905c3fc8a9e01cd034ce3845bd442b09735f0506b0a42860e404f474e54512a64272f944d1eddf89aeeafd8ef1035af5c20a91cc3fc61cc7674ef1c29c1023

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 426f7c88308f4f5af8f52394952542ec
SHA1 7d6e8eddd821f2ec700db104d6cd9844970b6904
SHA256 b5543b4be07007e63e211192c28066d9c0454e58c11f980beeb93b159a8896ef
SHA512 efa07fdc56e30ca7e108397aca9dfcab24a9eaf0227a397cb7124afd0344e543782929dca9c72b64aa8426a5549dcee58ea79c6a811f7896d89ab0756062c7d7

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 a0b3e5fc00a810c39db3a88750e2209b
SHA1 cb98a9f552e47ea1d00c0d26830bba118864422e
SHA256 e60e6bd584cf09b22a22ec23dcf760a600b75dabe889614382e6126394fb4578
SHA512 35601a2305957c51923604f00de1f6bc01bb36cc211117dbac9b532b7b4799cab1bbcc8291eed0a68609b446410301bf405fb79322cd2f2d960300ddb90e9fc0

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 4169d94c55401df50c7225fba2e7ebe9
SHA1 40798a72092c822fb6dc7b88ad8eeefb18554bd9
SHA256 fb8257b8c112751806347f0acde33f20267fd10226e0161eae369a61422dcc06
SHA512 519bfb471c9b85124818df9489552aecada36fa380605e769b05b2810b1621bcd11590a5b79e8c094cb52c0a59f48f762d90db6c1cfa735a9998d64ba2ebdbe1

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 e84d3f9f316c58d03726aeb7c568fd79
SHA1 dbeee6310814155465021718815b708c059e5ac6
SHA256 c8611996977020595918ef73a3e7f4650eef4cf5315d9f1728ba9e13fe986b5d
SHA512 e52a79f06e97babc0af7935e555b1a6f442e22409918454836f913a068f3ac29b276a766c6d267f17770c14aba09aca2d5c3c2ae660e6d1063902778436c3ef6

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 967971f792525b15ff7c3e42f4cf94d5
SHA1 23b2869d885c9025d98120a67f656b80fb27e930
SHA256 7c509ffd97cb916f5e4646fac26b1d1fee11c8c0868d41d4a31c4c703eab9604
SHA512 eabb298d6598a060a63ab56cbaaff9446bb5038d18d1900d26572625a01a5c5b4036475849b1da750557755746fef84abed9833f1ffae06ab92ab4ce944bc263

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 bd4f0637165bbe410af6a831da4e3487
SHA1 3458c492b1bac30a870ac5895b56e7e2fdcc190a
SHA256 109d3ddc40e6d5f3ef48bebf5480bf1ffe4da6b10ca18a2271fe60a07a0203c5
SHA512 6c4a7beb0365d6343bff2995caa0e0748dc6e33871b5dded330cc557c8deae1aef47d9a0c33107075f7ed7a2a3c5b4f16de53251d11c714d01cb01637f38ff5d

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 fddf7089aa08beb06c204ca3432de658
SHA1 0e081185f312e6d1347492f3d30160e83350549d
SHA256 3104d73883297f4f8e2828817411e81cfa9515d92893f9f2bae948637d9302a0
SHA512 0290d45785d6d7cac20828816ef3e60d0febfa8a471acb6ec6b3c0782a22351e90dc0f2d1540ef277ea06e572197989b5d0833d291a26744153365f9c802e59c

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 429925dfa05e9cbbce6f28d13e30de4d
SHA1 a183881c38d997a1ff9623c9ba2d8190e2087400
SHA256 98fe7e83ad6348ca6a6c733c4b342004ba17bf69b0f0f62d498352ec52115352
SHA512 3a95d2c88a0b0130cb53307a3c4df2db6b18caaaa5d02c1000e66db4ed5962286dcb9136796ec706a00bb730024a586d0d8fa38a20104e968412171d1e673841

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 f201a8e62eb7e4bc6f29d1378ed3221a
SHA1 ee86a2916cd0a974fa5d23c48ae9a026ef09b6ed
SHA256 3d290f7a4c687621aaa537158cc6887650b03a9e82ecdd1aa12d4c7a96f0da7d
SHA512 ce51bf410a467217024ecceb2f0abc484f74f112a51dc7cab10711e45d037c8238e948154f25f34e24deb2d83efb49694266ac687febb98f18c0eb868e6faefe

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 a747a390a829d3ad4afe082b17333050
SHA1 912a5c326d61162a822a1a3c62b00be26c2055df
SHA256 5a86fd988e19513b25852d35a761c821a1080a5e822ef9414adfe1769e2e4f62
SHA512 bbcedc48159f75c9a2fad70bc2c503a3465d820d268b451891110a809393f62cbf12df4231c490d4d17907eac7e928fadfde282e2a56a4860b5b44d279d9f7fc

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 a09b6b902226b48cf9e5cc0ffb1c4d15
SHA1 1811c03998e72213dc79783a9be58ec75f92f8ce
SHA256 f0db14fa8f015dcf3ca94aa4e5cd980fcf57118cc03ee8cfb09db4be5a84ac45
SHA512 54187a7d200edd9bc9c90daa489d276a1b4ed763f2c020464d547d8e96bb3b0479fb76d0bcd3eb7c6c0209e69497d699781ec91ceb7a66fd84d4e2803e7756a1

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 7de8b0efffd9ab3781aac70b11a7631c
SHA1 4444855e84c1d0648b706b8cd6bb4386b666780b
SHA256 873427217eaa330e83e2e7aaea29559afa90d0183b5d16882a12b6efffe18b38
SHA512 377d0c1a6c177de8506d74079df62115e6d8be8410f6ef565be800184b4445adb9adb5f1b3a26a7aac50c4d365ec45b0c8e27465dadde3eaefd0fe189f14a886

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 ece19c24913dd1b067d37aca00091b91
SHA1 3e5563800a321a548b7faabf932b53811b73f81b
SHA256 77fb74cc7d27451eb28ffddd65bd2acbe41275c4a25133f5bf15c65c31b9b9a1
SHA512 1000eb4eaee5a65d5c3709d3c44622d82f1de9891a99181f114ae23140c57b53fe0fcefc7f175966922b6259fb9bf30f604241b236fdcbca6e8074378df7b026

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 96da5ac208af911254c6c59395aa40f5
SHA1 07ae535bcc29c4e257f818a065ebdeb98ec54f52
SHA256 8af126f05d9d7fca116310753d9934dfab74e46ee82af667527d53f1b795f963
SHA512 23b7ed2a3f8dd0cba250f102fd04a6d99cec3b9210b5313413717224a6ef8d761b1cbd49f524547b7de5d5f1e3ec4ab198a9c375671fb7a2161ee6b07eaaa70c

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 384ad5946080183fa3d94891e702f3f5
SHA1 5a7cede5f3c9913cd9b041d7d75f6a411b5dc012
SHA256 56cb59a9144c1969412ec10dec05c400af2b8e0e5e8a3a8888c17206655e8898
SHA512 f44df8001228471a26e23be824d2a1a89dfb48ed21859a766aa1b49b1c7b5e261019f750049182d72c803518618b26c3cf0fb315d8011ee29b02f046328df016

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 0a2524ab2ffc612505c6fdc05dac6740
SHA1 c20e8500b542af555854a4337572036f56294c98
SHA256 964c62c7ee506da3fb2a7e3d0921e284a9d9a72ac66c7c0b7c1a135289354f58
SHA512 b3e975380a120e4c33139e6eb8283f6db6eba0d531582cd885347d370cb0b3765de8dd5b48066ac40d8d21c7a5dd7bbdce4eb773147b74c758d2f0eac95d56e2

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 e641788dc10a6ce8f2316db0a49439f9
SHA1 03e358222486f129f6063187ef19722c94e49e85
SHA256 e158c9dfdeb287c2845f1cb3e1d2989bcd1bb0fd863174cde82c86d184b9d34f
SHA512 0abb785510f51bc44b11a4fd5362e3ffc8a0aaf0f809c89e8c08b2a1bbdd80d9d2411bb11778b98f106161eeae9acca50c86eab9e93463a184ca85f78da4ca30

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 26f7270365944137d3eede4b6f871098
SHA1 55fb6402d682ad603d4c6b8db91bd33aa59b79e3
SHA256 a3b02960f822896e93b62c412784f927302951a8d7b854bed70b2c7f402b05bb
SHA512 218870bf7db204e63610796ddc15f1d4ab90cc11cffaed20a98984f490c43986f29b1d98a11d50156c1206d98d8293421fbeefb48f1326b9cba237861e86f743

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 ec6ff4b1aa94fbdc5ca3c39a2af7347a
SHA1 ed7ba213fce39a47bc2f2ec0e2c59f486e28fbf4
SHA256 6c1a8240d17129f2b962226e5a9ec0742e7fc99093234c4baf69a4dd7820a100
SHA512 ad8f99f500338659d8a81a8b4546954f84e4aa5efa81f40bf7a0953646dfd5dfe1c45b0e7c490dfd3dd0ea94d1308403f242453dabf7c97daba4bb88052ff41c

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 b6ce3f332088290a51eef4f50aa5882d
SHA1 da9a89adc5b4479083bee5a83ee533bbe999cef9
SHA256 659fa4c24843ef2233deca97a68a77c6eef17a54af173d02a2c1706ff102c11a
SHA512 04c6c41a62dba1cbd7bc7671dfcc2d57e580043d3eb097dd4c5a6a4afa0153710c7d360036d7f2d6222d1378813ee7fa2e3e8e30f66574839d4a49a99e1aad40

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 1b0f0ce230efe98d013cac520341ba08
SHA1 352532bc4ef92b97910c302f6c79947c1ee2230e
SHA256 1986f2979421cd09aa0749ee738eb9ff7af31be540f29bb41ae2a8d1963f09dd
SHA512 4b2c1735be956b0c402f08493aa63364515d3eb4df30119ba0e53c53844849d078e8e26dc05cb0e66122ce3fab81e362e21c86010188f647808ee37ab823d4e8

C:\Windows\Temp\TmpCDB2.tmp

MD5 1b635347d6803146aef21784dc562db5
SHA1 e27c1c770c00a48542b3ecb66d9aea45a52a7d18
SHA256 e551b1d2f76c4ad85efbc68b13a258c1ad5cae7a3f1f801c6fccbe4ec568cc39
SHA512 3e983174386c69c41e5872dc09125d3119e1046192d1cd9a04eec921d562bac27b86da14b3b084144e8360182399eb4dd33be76d24ac1caaa87e262be4e30345

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 f37fccba2ec39c78cbb7f94c15096f8b
SHA1 cc9952c42da93851628e8dd2f790e1af986c9ad5
SHA256 791c4c995cc6c711e7487add4812f70147ce8917206a51ebcd6b06bad1eab717
SHA512 839406681dbe93c4080e0573977f394e3dd5b3f164887471e4c12c9729bdca0b8cabc1a96b6eb4d7116226592e748e111ec7e3bcea413ed96a9b8eee43943308

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 8a20cfa1d398fbc4d218eb6bef2dd2d6
SHA1 d7de08fff4ba90e2837465a6a3ff153faf0627fd
SHA256 a1161a8e9db48e2236ec232faba9f47da2abac301ec46b5104e852b20543d9bf
SHA512 76321a9360cf4b13a7647175425ce44e27233fdd7340ee17b84464d3a0d18d467401f2b367fd15c7eb131b1344e9dd4d895b445f72298cdf02294278c9070b98

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 ef4167f354793d3c8be311308e8c82e6
SHA1 16dbe2c19d3144fcc3d414b1072da11b1da905b7
SHA256 1ac1a5e95b2dcb8c52057baf48e9fdd7b3a4e1607113bb1d86824b2959e79e62
SHA512 f814525a71c1fef8b23e64a906f79a690689c097e97d7b919e1715a8533e3f5614d769c4a0343c00971a385e33f3196be8fcd11107906a809cf00729ec4ecaaa

C:\ProgramData\Malwarebytes\MBAMService\25efe396-8e42-e147-d4055b03912cc36d

MD5 28ccf15ea46074d78f6bcc5be86057c5
SHA1 26fd7745a2faeee058a1b688ff72a9211eb1125f
SHA256 e993ccd63d1eca188f9fa95760e2478f9c9ef5fb4da1548b10bd03d8734d8b95
SHA512 ca75af1f2d2bbd27e5c99782f0db76fb9ce7fb3f587c18c11d60c57c95de2b9922b5c5469aa3fd0662f362bcc9aa388c28aba50e47557d47ecc5a337d77ba462

C:\ProgramData\Malwarebytes\MBAMService\tmp\a3cff8c494ad11efb197caf61997b0b0

MD5 9cd6d3d7bdcbf218643a792a29524abd
SHA1 40c11237ab28ab4f02e5b2118d90ea5ef1073af4
SHA256 971973c5b60f22288bdadd7fd3907482c4fd7f020bc95d4972721e6d7a13b45d
SHA512 a576634728bd9a24315bf57f8141157604f2854bb305df3a2fbe175f61e95dfff9752d0e9e1c58653d954927ebc31f21c9c47a930923e2f99c7e50c12b7aeed9

C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

MD5 9af89243b4b1fef23a0d5a2968ae5b4f
SHA1 401df2d9471ecc49e17545349fd81b97b364edc7
SHA256 42b0a1781ac4a289ce17487805847988d0b18dc42bf5642206aae8696fed6990
SHA512 7ab51cd5952a4da289844b5b50f46443ab6a9c45581542f48d099ed6e0053d77e41499a84ff8d4e0e14a26634b277fea4e137545fd91952ab89e7540dcb1ef34