Analysis Overview
Threat Level: Known bad
The file https://www.dropbox.com/scl/fi/ptt2p72h91wfcus90xqpo/Unlock_Tool.zip?rlkey=5buuzq8mpqnn6mxds2hb7vjuq&st=ycs3z8l8&dl=1 was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Detect Vidar Stealer
Vidar
Vidar family
Sets service image path in registry
Downloads MZ/PE file
Uses browser remote debugging
Modifies RDP port number used by Windows
Drops file in Drivers directory
Impair Defenses: Safe Mode Boot
Checks BIOS information in registry
Event Triggered Execution: Component Object Model Hijacking
Reads user/profile data of web browsers
Executes dropped EXE
Unsecured Credentials: Credentials In Files
Loads dropped DLL
Enumerates connected drives
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
Network Share Discovery
Network Service Discovery
Suspicious use of SetThreadContext
Drops file in System32 directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
Browser Information Discovery
System Location Discovery: System Language Discovery
Modifies data under HKEY_USERS
NTFS ADS
Opens file in notepad (likely ransom note)
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Modifies Internet Explorer settings
Modifies registry class
Modifies system certificate store
Enumerates system info in registry
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: LoadsDriver
Suspicious behavior: AddClipboardFormatListener
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-27 16:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-27 16:12
Reported
2024-10-27 16:24
Platform
win11-20241007-uk
Max time kernel
680s
Max time network
689s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5060 created 3280 | N/A | C:\Users\Admin\Downloads\MBSetup.exe | C:\Windows\Explorer.EXE |
Vidar
Vidar family
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\farflt11.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\drivers\etc\~$hosts | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
Network Service Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.exe | N/A |
Network Share Discovery
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_3aa3e69e968123a7\wceisvista.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{011ffcdc-062e-b44e-a016-5bce1b74ae76}\SET1795.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_1fab0fd8cb4d7dee\netwmbclass.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_b98aa91c766be0ea\netavpna.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{011ffcdc-062e-b44e-a016-5bce1b74ae76}\SET1795.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_2518575b045d267b\wnetvsc.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_62f41b89e0dc2537\netwtw08.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_3aba8686305c0121\msdri.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_5229ee1dac1c624e\usbnet.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_d54f628acb9dea33\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtucx21x64.inf_amd64_d70642620058e2a4\rtucx21x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_6150ccb5b6a4c3cd\rt640x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{011ffcdc-062e-b44e-a016-5bce1b74ae76}\SET1784.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_749854ac3f28f846\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{011ffcdc-062e-b44e-a016-5bce1b74ae76}\SET1784.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_7aeb3e6bfcb2f0f1\netmlx5.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1ed57daf97af7063\netrasa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_a39ece60dbc76c55\rtux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_04b60d124553a40f\rndiscmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_49825a4c00258135\kdnic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw10.inf_amd64_3b49c2812809f919\netwtw10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_09e02e589e7afd83\netloop.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\netax88772.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usb4p2pnetadapter.inf_amd64_a9fd59ce64f17c8a\usb4p2pnetadapter.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{011ffcdc-062e-b44e-a016-5bce1b74ae76}\SET1785.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_bfb9fd6f3a078899\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{011ffcdc-062e-b44e-a016-5bce1b74ae76}\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_badb18141de40629\netbxnda.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1088 set thread context of 1220 | N/A | C:\Users\Admin\Desktop\Unlock_Tool_2.3.7\Unlock_Tool_2.3.7.exe | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\e_sqlite3.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\System.DirectoryServices.Protocols.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.runtimeconfig.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Security.Cryptography.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework.Royale.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Core.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\de\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Drawing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ko\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.Interop.Activation.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Globalization.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Linq.Queryable.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ja\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ko\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Theme.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.ComponentModel.Annotations.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Private.CoreLib.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework.Aero2.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbamsisdk.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.tmf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\de\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework-SystemXml.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\ArwControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\assistant.runtimeconfig.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework.Classic.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationUI.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\ucrtbase.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ja\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\UIAutomationClient.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Core.deps.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Options.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-processthreads-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Text.Encoding.CodePages.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\Microsoft.VisualBasic.Forms.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Windows.Controls.Ribbon.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Runtime.Numerics.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ko\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\de\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Security.Cryptography.Pkcs.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Theme.Light.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SecurityProductInformation.ini | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Collections.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PenImc_cor3.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.Protection.Interop.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ko\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\cs\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\System.Windows.Forms.Design.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Diagnostics.FileVersionInfo.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Text.Encoding.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.IO.Compression.ZipFile.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Resources.ResourceManager.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\INF\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\INF\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\WinRARPortable_7.01_Dev_Test_1_English_online.paf.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Desktop\Unlock_Tool_2.3.7\Unlock_Tool_2.3.7.exe:Zone.Identifier | C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\WinRAR.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinRARPortable\WinRARPortable.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Unlock_Tool_2.3.7\Unlock_Tool_2.3.7.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinRARPortable_7.01_Dev_Test_1_English_online.paf.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\taskmgr.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE77988C-B530-4686-8294-F7AB429DFD0C} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CC4D9C86-78F2-435F-8355-5328509E04F1}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2058A31F-5F59-4452-9204-03F588252FFC}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4D6484EE-AA00-472F-A4F0-18D905C71EA3}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\ = "IScanner" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ = "IScanControllerV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1097B101-1FF8-4DD8-A6C1-6C39FB2EA5D6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D88AC9B4-2BC3-4215-9547-4F05743AE67B}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E423AF9-25D2-451E-8D81-08D44F63D83F} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{81701AB9-0B9C-49FE-9C79-C3C4DCA91E7B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{571FB9A8-E53B-4740-B125-082207566E5F}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F49090F8-7DC6-4CBC-893A-C1B3DCF88D87} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E0987E3-3699-4C92-8E76-CAEDA00FA44C}\ = "ITelemetryController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{237E618C-D739-4C8A-9F72-5CD4EF91CBE5}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C367B540-CEF4-4271-8395-0C28F0FDADDA}\TypeLib\ = "{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.TelemetryController.1\ = "TelemetryController Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DFD7E94-47E6-483A-B4FD-DC586A52CE5D}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1A173904-D20F-4872-93D5-CBC1336AE0D6}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAB53395-8218-47FF-91B7-144994C0AD83}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{46AEAC9A-C091-4B63-926C-37CFBD9D244F}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FFBD938D-3ABA-4895-97EF-5A0BDF7AC07D} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{778103CC-4FA4-42AC-8981-D6F11ACC6B7F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AEBAD20-B80A-427D-B7D5-D2983291132E}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3968399C-D098-40AF-9700-734B46FF03C9}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA226B90-F6FF-4618-8AE6-1114E82CB162}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19E8B60E-50A1-4E29-9138-A13421D2BF7D}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4215DAB-7574-44DE-8BE9-78CC62597C95}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D10B0F61-43AA-40F4-9C6C-57D29CA8544E}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E3F0FEC-3E40-4137-8C7D-090AFA9B6C5E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B59F38D8-23CF-4D7F-BAE8-939738B3001B}\ = "IAEControllerV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC2F8F62-D471-4AD5-B346-9F214FE941A7} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F22E03D6-F159-40A0-9476-16F3377B58C9}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{19B9825A-26E8-468B-BD9F-3034509098F0}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{07B91244-8A85-4196-8904-7681CD9C42A6}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D88AC9B4-2BC3-4215-9547-4F05743AE67B} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{929A5C6C-42D7-4248-9533-03C32165691F}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\ProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{90A62FAD-6FA9-4454-8CEE-7EDF67437226}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\ = "_IScanControllerEventsV5" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{239C7555-993F-4071-9081-D2AE0B590D63}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1E6E99C-9728-4244-9570-215B400D226D}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt\ = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F12E228B-821D-4093-B2E0-7F3E169A925A}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}\1.0\ = "LicenseControllerCOMLib" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44ACF635-5275-4730-95E5-03E4D192D8C8} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MBAMExt.MBAMShlExt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2058A31F-5F59-4452-9204-03F588252FFC}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{90A62FAD-6FA9-4454-8CEE-7EDF67437226}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{553B1C62-BE94-4CE0-8041-EB3BC1329D20}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E0F1EE6-E7CA-4BEE-8C08-0959842DA615}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B32065E5-189E-4C5F-AA59-32A158BAF5B7}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD67766C-A28D-44F3-A5D0-962965510B2D}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BD2053F-99D1-4C2B-8B45-635183A8F0BF}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E423AF9-25D2-451E-8D81-08D44F63D83F}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79CAE9D0-99AA-4FEB-B6B1-1AC1A2D8F874}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unlock_Tool.zip:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WinRARPortable_7.01_Dev_Test_1_English_online.paf.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Users\Admin\Desktop\Unlock_Tool_2.3.7\Unlock_Tool_2.3.7.exe:Zone.Identifier | C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\WinRAR.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\WinRAR.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/ptt2p72h91wfcus90xqpo/Unlock_Tool.zip?rlkey=5buuzq8mpqnn6mxds2hb7vjuq&st=ycs3z8l8&dl=1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd95d5cc40,0x7ffd95d5cc4c,0x7ffd95d5cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1732,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1728 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2104 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2292 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3080,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4692,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4700 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4400,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4956,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4672,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5548,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5580 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5556,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5612 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5592,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3220,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3236,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3476 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=1040,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5604 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3180,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:8
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5384,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5924 /prefetch:8
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\73f36a0311b14df1b641fac684843bf1 /t 4528 /p 4976
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\70e049ed9a984dbda173a3551a203e4c /t 5360 /p 3720
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=2956,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6128,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5348,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6344,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6400 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6380,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6524 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6564,i,12586439175302272622,10703640138487394207,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6036 /prefetch:8
C:\Users\Admin\Downloads\WinRARPortable_7.01_Dev_Test_1_English_online.paf.exe
"C:\Users\Admin\Downloads\WinRARPortable_7.01_Dev_Test_1_English_online.paf.exe"
C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.exe
"C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\Downloaded\winrar-x32.exe" -o"C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR" "*" -aoa -y
C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.exe
"C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.exe" x "C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\Downloaded-2\winrar-x64.exe" -o"C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64" "*" -aoa -y
C:\Users\Admin\Downloads\WinRARPortable\WinRARPortable.exe
"C:\Users\Admin\Downloads\WinRARPortable\WinRARPortable.exe"
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\WinRAR.exe
"C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\WinRAR.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=WinRAR.exe --webview-exe-version=7.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4028.5112.8812351259957046269
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x130,0x7ffd81943cb8,0x7ffd81943cc8,0x7ffd81943cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1940,7541441030964794954,13404850856769039827,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=7.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,7541441030964794954,13404850856769039827,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=uk --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=7.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,7541441030964794954,13404850856769039827,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=uk --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=7.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2520 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1940,7541441030964794954,13404850856769039827,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=uk --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView" --webview-exe-name=WinRAR.exe --webview-exe-version=7.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Unlock_Tool\Password.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Unlock_Tool_2.3.7\Readme.txt
C:\Users\Admin\Desktop\Unlock_Tool_2.3.7\Unlock_Tool_2.3.7.exe
"C:\Users\Admin\Desktop\Unlock_Tool_2.3.7\Unlock_Tool_2.3.7.exe"
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Unlock_Tool_2.3.7\Readme.txt
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
"C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd95d5cc40,0x7ffd95d5cc4c,0x7ffd95d5cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4728 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4700,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4728,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4924 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,13917997698899110378,12408463640797881352,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5096 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd95d5cc40,0x7ffd95d5cc4c,0x7ffd95d5cc58
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd81943cb8,0x7ffd81943cc8,0x7ffd81943cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --lang=uk --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --lang=uk --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --lang=uk --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2332 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1896 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4988 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --disable-gpu-compositing --lang=uk --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1876,13847849779808262661,3267325436570053610,131072 --disable-gpu-compositing --lang=uk --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\HIDBFCBGDBKK" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd95d5cc40,0x7ffd95d5cc4c,0x7ffd95d5cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd95d5cc40,0x7ffd95d5cc4c,0x7ffd95d5cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2324,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2320 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1640,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1984,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2520 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4716,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4628,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4496 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3288,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4504 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5240,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5248 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5308,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5324 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5424,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\Winword.exe
"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Windows\System32\drivers\etc\hosts"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5436,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3508,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3424,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5588,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3432,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4276 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3448,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5832 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5948,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6120,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6340,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6332 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6436,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6456,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6588 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6736,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6732 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5440,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6112 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6036,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3368 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6056,i,10421988465864096341,837363970403123489,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6676 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000154" "Service-0x0-3e7$\Default" "0000000000000164" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| GB | 162.125.64.15:443 | uc5084abf915ffdd2429a3c29df6.dl.dropboxusercontent.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.200.46:443 | apis.google.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| GB | 142.250.180.10:443 | content-autofill.googleapis.com | tcp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 2.18.66.162:443 | tcp | |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| AU | 40.79.173.41:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 222.197.79.204.in-addr.arpa | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | portableapps.com | udp |
| US | 104.239.166.87:443 | portableapps.com | tcp |
| US | 104.239.166.87:443 | portableapps.com | tcp |
| US | 8.8.8.8:53 | 87.166.239.104.in-addr.arpa | udp |
| US | 104.239.166.87:443 | portableapps.com | tcp |
| US | 104.239.166.87:443 | portableapps.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 104.239.166.87:443 | portableapps.com | tcp |
| US | 104.239.166.87:443 | portableapps.com | tcp |
| US | 8.8.8.8:53 | cdn2.portableapps.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 172.64.145.29:443 | cdn2.portableapps.com | tcp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 74.125.133.154:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.133.125.74.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.204.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.win-rar.com | udp |
| DE | 51.195.68.163:443 | www.win-rar.com | tcp |
| US | 8.8.8.8:53 | 61.45.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | notifier.win-rar.com | udp |
| DE | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| DE | 51.195.68.173:443 | notifier.win-rar.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 173.68.195.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.249.124.192.in-addr.arpa | udp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| US | 8.8.8.8:53 | 67.182.202.116.in-addr.arpa | udp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| GB | 2.18.66.162:443 | tcp | |
| US | 150.171.69.254:443 | mcr-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | ln-ring.msedge.net | udp |
| US | 150.171.22.254:443 | ln-ring.msedge.net | tcp |
| AU | 40.79.173.41:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 254.69.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.22.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.213.107.13.in-addr.arpa | udp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| DE | 116.202.182.67:443 | 116.202.182.67 | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.106:443 | ogads-pa.googleapis.com | tcp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| GB | 142.250.178.14:443 | clients2.google.com | udp |
| GB | 142.250.178.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | roaming.officeapps.live.com | udp |
| FR | 52.109.68.129:443 | roaming.officeapps.live.com | tcp |
| GB | 2.18.27.146:443 | metadata.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.18.190.133:443 | binaries.templates.cdn.office.net | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.200.3:443 | id.google.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.204.78:443 | www.youtube.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.38:443 | static.doubleclick.net | tcp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 172.217.16.238:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 172.64.149.114:443 | cdn.weglot.com | tcp |
| US | 172.64.149.114:443 | cdn.weglot.com | tcp |
| US | 54.83.239.11:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.239.83.54.in-addr.arpa | udp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| US | 172.64.149.114:443 | cdn.weglot.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| BE | 18.239.208.49:443 | downloads.malwarebytes.com | tcp |
| BE | 18.239.208.49:443 | downloads.malwarebytes.com | tcp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | data-cdn.mbamupdates.com | udp |
| US | 8.8.8.8:53 | munchkin.marketo.net | udp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| GB | 2.18.190.136:443 | snap.licdn.com | tcp |
| NL | 18.239.69.41:443 | d2jjzw81hqbuqv.cloudfront.net | tcp |
| GB | 23.214.140.11:443 | munchkin.marketo.net | tcp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| BE | 18.239.208.12:443 | data-cdn.mbamupdates.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 11.140.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | 178.34.239.216.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 12.208.239.18.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | google.com | tcp |
| GB | 172.217.16.238:443 | google.com | tcp |
| US | 13.107.42.14:443 | px.ads.linkedin.com | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | udp |
| GB | 142.250.178.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 192.28.144.124:443 | 805-usg-300.mktoresp.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 34.223.75.208:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 208.75.223.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 34.235.34.42:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| BE | 18.239.208.127:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 42.34.235.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.208.239.18.in-addr.arpa | udp |
| US | 34.235.34.42:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| BE | 18.239.208.76:443 | cdn.mwbsys.com | tcp |
| US | 34.235.34.42:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 76.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| BE | 18.239.208.106:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 106.208.239.18.in-addr.arpa | udp |
| US | 34.235.34.42:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| BE | 18.239.208.106:443 | cdn.mwbsys.com | tcp |
| US | 34.235.34.42:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| BE | 18.239.208.45:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 45.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 18.209.182.66:443 | holocron.mwbsys.com | tcp |
| US | 18.209.182.66:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.182.209.18.in-addr.arpa | udp |
| US | 34.195.235.15:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 15.235.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 34.234.192.192:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 192.192.234.34.in-addr.arpa | udp |
| US | 18.209.182.66:443 | holocron.mwbsys.com | tcp |
| US | 34.195.235.15:443 | holocron.mwbsys.com | tcp |
| US | 34.195.235.15:443 | holocron.mwbsys.com | tcp |
| US | 34.195.235.15:443 | holocron.mwbsys.com | tcp |
| US | 34.195.235.15:443 | holocron.mwbsys.com | tcp |
| US | 34.195.235.15:443 | holocron.mwbsys.com | tcp |
| US | 34.195.235.15:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 234.193.25.184.in-addr.arpa | udp |
Files
\??\pipe\crashpad_2312_HKNFNKURTUBKFQIT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 3f4f71eede990ef60c90c0ea6f1fbf22 |
| SHA1 | a8456ab1e6ff95bf6e4528e18fdc2de97942960a |
| SHA256 | c3b62d9f434cb1bea7801091940f011e5d043f94adc901982056da82520206bc |
| SHA512 | 2d721e6390e542caf20c2f220f0ed14061424d11145f1e7ae8fed06e958bf6f69cf2b7ef82f276a54cc09ed6eab8d22938d3f7d894df54ef77b567e611089341 |
C:\Users\Admin\Downloads\Unlock_Tool.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6ce71a61a6c0c393f9422cbea3667092 |
| SHA1 | 2e20ed0068dc555f58917c33c9c49cf482e9348b |
| SHA256 | f6b54301d146929b665427e73654fc12e2e513ab77f24e343789b2cd74ee74b2 |
| SHA512 | f27b437aeedc0e2e844d2bf523fddefc2d997a109f6825559a139509935e103cd4e3d5829e39bac7e979ed9df3788707cc3f3abedda4e63799e9ff4260149f33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 96e8990039c14d031265e2c73b951052 |
| SHA1 | 9c2edf1e18838ae68421270972ce1fa0c685686c |
| SHA256 | 814f0c89220faa52fb786486bc4a17c7970719906db567e3b24c1e33056cc9a0 |
| SHA512 | 6c1b8a6b98354187c8b48918b1149718a82934bb23c369b3397fe2b9b98d74224b9d1caad9d5c2fe76e10cc161b3b3f9b53877222aebfef3a61e9d22e1e48567 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 812fe55a25d342bdd8650cc95788af3d |
| SHA1 | dd1a90eb3a608b0afd3e86b37e15dce50ec1ac16 |
| SHA256 | 4d1278e2d70c83a3749e5ff86c4855ae34a09a1aab4183a6ee7862e84cd97dec |
| SHA512 | 452ceec507965a6b2ed0840ad766b3bd3a22e440d9bcc9f259e4e793346f2901a15f9b1257dcae3142afcd9b466d6b0afa87c399e96cb142bc9861e756b4d56d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b0c8068c335b363bf928f41257848cad |
| SHA1 | 93c787bcb070d186cc3f0451674b1e2240879816 |
| SHA256 | 3fa56ce6b17116cf8ddaa04f3d9276cc2bd355d0135cd9335e5ef77e9a3fe2e6 |
| SHA512 | eae929b60c7b88da42eeccc879a5f215a66cde74dae1ba22cbfab481294bc7becce6963b0aacd6999ef4c57901e4202dcc1a1caad7ecbba57f6715fb18b98230 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b0ef6d898853dc37285e1b358fd8adfb |
| SHA1 | cd5d780a4a07b380c1a6964d95525b86c1f9f7ee |
| SHA256 | ddccf1f6489f7f01ba153df60604ca799cbc6dba6be312b6631f725c23205250 |
| SHA512 | 1552d23ec620b92846b7efc03cb39d726ab3e264b0cefa40161f3cba031ec00318d397a3a6bfa7909f4698b0dc4647582c9475d8cd0a857f4d06fd6e48843995 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 10e267c11bccb276f5fc4a78ca37595f |
| SHA1 | 7a4c102d40b225886eb09e1d916d0ccdbd92f7a5 |
| SHA256 | ac18ea16f972bf1b405a02ea417bc2fd77646874ad81125d267f31022c4b908e |
| SHA512 | 9ad5d0bd4a945ce58764887ff31efc48aba8fad88d22bd5caf87d86a5549108b0858c1db76c3806ab07d67b710a03fbfe784f409f67f2bb29f75eb4dcc5f9ff3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 91eca18722fca094435f64a0cf68b1fa |
| SHA1 | 16f7d44f2bff6f885d4a82b6f898dbd17d0a2e43 |
| SHA256 | 40739b313cdf0c77c54ac3eb5e9da3f5c61c2adce61669efdb0801717c336822 |
| SHA512 | 17e8bce98c5dd99fca4edbe13792bc95fdc9bf9b1aa7bcdd8f1807eb73f5cbfe542eb20a8bf2c4351b01d06b7dfbb9e43ee9707b7fc625f438c135cabd28659f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 51ad36b46d502c6a4e6e4045c639a8eb |
| SHA1 | 8a169ba8979e741f25c0fdc425744a910aebd75c |
| SHA256 | ddb595dfa49a0c0f0c4e3a3fa45db2d90e3071827073f3ccab7abf35f79a5534 |
| SHA512 | 42614cfb44644ac9fc0dfbfcfcc95c03ec013c5b627a5484fd62730d3eefb8b53458686a7bb192caef73d5e4f1bbc3ca29b885c246fc4b9b61725787c4451092 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c9b4a9de8ab42ec43f819cfdc3659f05 |
| SHA1 | 454b76dec6a7ed4d90a2845e28054d3b867a4d08 |
| SHA256 | 04a6cd500259a265d2224655c3d19fa2b8e75c3404905543b9c51f43e2618cd5 |
| SHA512 | 915242e22209907c7b5a8de6f1935af6be38e9a6580a74f10a2a7ff22cde3ca4e061fd644c2e1a0206321c3b0eddc4c359bd06dc9cd72d68cb2ec459ed4eead2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 936c3f9382cb12713eb97ae37e605576 |
| SHA1 | 37c47756f9a2ff9a7df6309c0cceef6268f35aa8 |
| SHA256 | 7f184abcc68e02d5fb2c7b92e233127518d92749b6e8237e3f46bd5d7e25fe13 |
| SHA512 | 0a8663665c6cb6b83910f3197d87bc1f7470c1a2587174c8555b25a41f68fff7d02438c5ec7fa01a8f59515ce01870f44f1612d223f0fd2314d58ca3a24803e8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0f29f379548a3876d84318d405fe83e5 |
| SHA1 | 3339924e025bf5fd29ce075b3206d25fc790d3d5 |
| SHA256 | 84c4c4805dbac8944e730f3c49314829c1d1702e61fe564409c77f28598b646d |
| SHA512 | cbeac72f91d03f415be2f253f606ef76e800e93da9b0a45125b7d8a2ec73bdccc1ba98e2e32f8bd907f3c7418ff4ab320b1edc8ea6eb95664e553c5019f04e4c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6e6867f1c36e11bbc9df91eecf5864c0 |
| SHA1 | 0a68c127a094c482faec06d14dd87bc6bb4ae7b5 |
| SHA256 | d7a78900e5aa54a6ad60ef856d147e42f8a6cbbbb8225eafde782d880400d120 |
| SHA512 | e99fe1f061bfa0e75a78f130fc8ca1032678520ebe59d0deb4c2baafb6f6fb450640bcda6db0e7345481a75e75633c229a345e1d386d1f89722de588dc32a128 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d360cfdbd7b0bd61dc694389613fb9cc |
| SHA1 | e773b2acf4d770daca03c9bfc9aeea2c553634e9 |
| SHA256 | 2767afad56d5dfff1936f337009444e0e490739b247985019d19a3e2793f63e8 |
| SHA512 | 4afa300ea63a66853f50987590b68d51f222f68c93139ce6a08e0303c894e665a445b6ede3cebbf6ded79b230a85b19a37b22d59f4ba00dc0cd058e483277bce |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0df729fcc4703c512450db5526b09021 |
| SHA1 | 1a478baea2ba91dff6f1e103dcdcd28d27995bbf |
| SHA256 | e890948f2b09aec04843a2f0fd649586847d0103284b684f9d1e028b977ae045 |
| SHA512 | 3acbe06164a6f1c8d1deabfc99c23129609551d7c403d7d5274b7b9341b17214fec25728b7f6c8e5ab3961cc2b2e9fc1a6c73b1039a51ea90b4a6ea5ece7e129 |
C:\Users\Admin\Downloads\winrar-x64-701.exe
| MD5 | 46c17c999744470b689331f41eab7df1 |
| SHA1 | b8a63127df6a87d333061c622220d6d70ed80f7c |
| SHA256 | c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a |
| SHA512 | 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6283f0c92a4e3337ea54e1160c2f51f1 |
| SHA1 | 439688a42c69a26fd56ccea1e0247013b7db2cb4 |
| SHA256 | 89e40ca0538d158a5c4880f312ab80e405c6192511fdb58d92bc250362ec244e |
| SHA512 | 9546dc10e37d187a0cb4a30a36db4c621d1a8b5a41260b291c44df6481050c3927e952784b8cf4fba57cbcbccd01a0dbbdb582ea6bca9082ee87e5a1c6999d56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b61af7c3600a6d23af753e87b3f0199a |
| SHA1 | 4f23cef9ecec84036cb724a51b02dd93dec6c27e |
| SHA256 | 6c3835c73f623c0318abd6a125605cb231fd5f71165ac96d4bde7f0a93bbc8e0 |
| SHA512 | 44ff7baab651f7bfd50cf146b055504e1504e9efcba0fa1637006276ffc9a7cf1885da163681a8fe4f7918a75cf97a167bf96ef5508b27c3ed5ecfbc03a7ca09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a1c0342cafa4db817812e993e3fd313 |
| SHA1 | c04043ab21e91fda5bb1e1b9bc94094f921a6f62 |
| SHA256 | 8ac2254fd7a39c52087802ca3b5b8a44ca890b3a3fef599bb3e79b5aa37e809b |
| SHA512 | 0164bd79932e1f55f4e86e292cb9ac218cd0f8ca6779bed49f983a41613f68906c4d2395a06ff131d7978ecc20a3d3bb2a41b1c433078f7fb3191d93e87ae477 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 758daae763f71eaede0252aae2877bdb |
| SHA1 | ee24ea6232cb195fab660bae3b297ba6dc94e092 |
| SHA256 | 17d617954d1abd70a847016441fffb0357bcf87154cf9ea540199012e43a56db |
| SHA512 | b3aaa0dbd493e9138e39d8c7800dad7d2c23253f9b54e5a3a7a806fa0672e6857e95308d6690467c3b660acf96154bd892504e0cecc977a10fe8b09c4318fc89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 047a5b66cc4de54c8b0f639ce8222cf5 |
| SHA1 | 4c880b4355deead8f1b99913d2cd6a7bb33765ec |
| SHA256 | 57cebb5f24577d038354ff479c84b0b2de77d17ed5eebdda031f29e43b479504 |
| SHA512 | db4055444d46f56deb92e350ae422c05250705e3b14222322be13e45d44546961943a4133fab4c2b261d8b009fb8f9e53e189d0ca3995d98fe3bd7e30893a640 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 533008cccbb07dcfb4b1284042f8f566 |
| SHA1 | 19cae68ae802174540f63dfa029ed1ae806d0e3f |
| SHA256 | c2b9bca6bd28ae87feb1ab0fca87e500cb5963e478affac302330ae96cc79d48 |
| SHA512 | d781d4dd14bb417a67a48edccf4c2b9724ad1067d9bf0f80be3fc947be92f22dbea5a37a12455abb1eea2fd2390bccb25aa26f23e6974c059ace78bc345ff1c3 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 47c1476ccfe510728a4a0b007e8bab6a |
| SHA1 | 714b7c6224d332bed7c56204c29bc0a27d27458d |
| SHA256 | bb1b8569e6e3792525d9954c7cfa103dd9b32c63d664b753cf876fbf414c38dc |
| SHA512 | 4f977c592b60d8d1997f5b7ef1a0ed56d49791a2419237513f18e70fd3f4bc85806e37474c601d9764e6954adbb0374ce09e8c0cee6131077847779f5546f1bf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3c46f22a55ed4f6ba8a8a6faf621cf03 |
| SHA1 | a303b156080ddad1f275fabf148117814d295147 |
| SHA256 | 7c0be02ea43e3ec12b7c6b1808e4162dda1ee9372138e4b4a1f97d974137f814 |
| SHA512 | 22d38ab00dc5237058540b6c7f58d2f7eadd9f0df6737dda839cc9afd1db236c9ca73d96fd79fff54bc5737d51960e8d4088cf463c7f4d07ff220de9d09c9ac2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f25950e89161b131dbb1057c36ca7680 |
| SHA1 | 6ce1e46c1515124e1bd34e6b70bb225e94942dcb |
| SHA256 | b2dd70badd83162b4af27ea9b6d52ee8ddecd3b99c42de8234c76f746659e7e0 |
| SHA512 | 7bbc855c7721fa0928d82d177a7c1776468c06c4774c4e21e3a092bb26d124d0b0a322b443ada54f30d976d2ce93f168ae13e6a1faadf9305a06b3576d4bbdb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b042fed6074e89c8d3f4b689b2fb300d |
| SHA1 | ee08dd4a736ca45e28e29c445d2c1d2edc5f40dc |
| SHA256 | 0a320661f4e2383d01412d1e6189f6926534fb18ee5c3b770229a297d18da7c9 |
| SHA512 | 1a48d1b3a2cc1a3fea1a59504dc2a2d5824a7a8ca106d7c6439aef01156fc2a54dab29bb6233a3ea07eb26a0e450afbcf0658f3407f0dedc546b09606cfd26c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 013d6ecaf4b7d5c424feb7da4144fc87 |
| SHA1 | 06d2021ddaca2c249c74095a3fc3ca7826d0dc75 |
| SHA256 | c4a086bfe459bdd9ad4f906abdf7d3371bf512acd0ddb7ba3a9da015f21d631e |
| SHA512 | 6f20ce6d84a1e5a6a450f5a9225ce400b237b758861e90993f156dc2ec5bf8afa026bc127b36bb74954a05a948d4dc0dbb1c8833bc20b4a60b90223a9ed7929b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ad4f79dfed87482bf10d34278193166a |
| SHA1 | 51d900b208b055711445d30edd56ef8b27ab9de9 |
| SHA256 | d68da570c036e767f23816b184fab9c08bef4729cc0b14758b629d3fac8061a3 |
| SHA512 | 2105a2d67dde9771ca83a469c8b62dc5271badb74ba25dd6c745722ead4c2fc817e2a1ffc40f741c87e9cf7012320c4c1a1a8d23b2ddb4c7a06f98d180cd33e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9e1a83bffd06b48d2b2991f846ac1f1c |
| SHA1 | fbf90a1ae80124ef8d01633b214c49bd6c9e04f1 |
| SHA256 | 205efaf3d39db25b9cb7e17703a5942c202ea36bfee721822a197f9252332f77 |
| SHA512 | 5fc75afe19938ba49acf3cbec1ee92c72edb9f7ca157d9ba9d8b913db817425b8a5bd6edeb11306f37508ddbfc04e2de245d5ef193d22f157c3bdd1cf68260bb |
C:\Users\Admin\Downloads\Unconfirmed 886591.crdownload
| MD5 | 2ffe2bb1c8706de0dbbce90e9a65a545 |
| SHA1 | 317f25d047cd56c98253467cb86212ec28026639 |
| SHA256 | 31462d0d1435e08cc5755a8189ed72b7b0b31e6d1a152d2e22b913afe503cace |
| SHA512 | bd819f55781a3747d2eccf2ffafd9cb192d86f073ad8cde5db0e2bd1bb5997562eb8b73dedea754acda517d336fc5ba521eab63f399874076b0b6364f85be1a1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 92f6f85022fb62c4f616f13d50545062 |
| SHA1 | 00da48c6f3f5bc7287ff6ad704bad99180780080 |
| SHA256 | 8d4bcacdbf5af2c8fbd02f11de21eed4445af635f1d4487c713da85e5ac7a9e4 |
| SHA512 | b0c88b8b5784cb45c5d59ae932f59641970a75d1c7322a4e4d88d7cf74c57429e6b173896b1b2710137086339bfdb1333181d9013492e5fb4790bfba1c633ebf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fabf898d6ea3bf5774f8284bbf3d75d7 |
| SHA1 | 883f5f645eadeefa80cf1dea6966fd8b426322a2 |
| SHA256 | 2faa581e5b80cae074e0fe6f54fe5a91a2313028d18dcc6a7a992a0b792c0e8c |
| SHA512 | ff03ea4183d2c9d326e8aa3950f4077d0c2f2112b1321050674cfef6ec2447dd6679b7bcc36d5554c929a98e369b33127a8c096c506354eb99c70ae49316ead5 |
C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\System.dll
| MD5 | 192639861e3dc2dc5c08bb8f8c7260d5 |
| SHA1 | 58d30e460609e22fa0098bc27d928b689ef9af78 |
| SHA256 | 23d618a0293c78ce00f7c6e6dd8b8923621da7dd1f63a070163ef4c0ec3033d6 |
| SHA512 | 6e573d8b2ef6ed719e271fd0b2fd9cd451f61fc9a9459330108d6d7a65a0f64016303318cad787aa1d5334ba670d8f1c7c13074e1be550b4a316963ecc465cdc |
C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\nsDialogs.dll
| MD5 | b7d61f3f56abf7b7ff0d4e7da3ad783d |
| SHA1 | 15ab5219c0e77fd9652bc62ff390b8e6846c8e3e |
| SHA256 | 89a82c4849c21dfe765052681e1fad02d2d7b13c8b5075880c52423dca72a912 |
| SHA512 | 6467c0de680fadb8078bdaa0d560d2b228f5a22d4d8358a1c7d564c6ebceface5d377b870eaf8985fbee727001da569867554154d568e3b37f674096bbafafb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5be8e9e71e7715241e5d829d18b2d7f5 |
| SHA1 | 42e7d833a378a336151aa885226d186b1ed89ce0 |
| SHA256 | 53d4cfdb8aa8ba7aa08a03e417a83bb8b85bc89d744cd552f9a778b2b835046c |
| SHA512 | 584ffd883470f444fd77c21323abd0b6109dbdc02141d3495e7e12b98be046dbf6e2b4bb19c7b7840e0506247ee339372d3477965863f727025233b0ff32141f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ac9161c2c9941cd41525960128d0693b |
| SHA1 | b8758b5bd73010bbc0fb1d3f74b49fdb64d9e359 |
| SHA256 | 094129309bfe0006521b66eaabc80ddbc22e3c2f65e7eea0f0db84b364093485 |
| SHA512 | 77a341837a3e250720fbabddc0494492473e3963cd1323656d2a6d42b21ace6692da522a2a236665b76b46e048d5b777ec0909618140215c534c77daaf40e423 |
C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\w7tbp.dll
| MD5 | 9a3031cc4cef0dba236a28eecdf0afb5 |
| SHA1 | 708a76aa56f77f1b0ebc62b023163c2e0426f3ac |
| SHA256 | 53bb519e3293164947ac7cbd7e612f637d77a7b863e3534ba1a7e39b350d3c00 |
| SHA512 | 8fddde526e7d10d77e247ea80b273beae9dde1d4112806f1f5c3e6a409247d54d8a4445ab5bdd77025a434c3d1dcfdf480dac21abbdb13a308d5eb74517fab53 |
C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\inetc.dll
| MD5 | 40d7eca32b2f4d29db98715dd45bfac5 |
| SHA1 | 124df3f617f562e46095776454e1c0c7bb791cc7 |
| SHA256 | 85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9 |
| SHA512 | 5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d |
C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\filecheck.dll
| MD5 | 874529a6935af707fb51234792d0c3bb |
| SHA1 | 2739295a9dbd3b95419f7714fd976a9953e22715 |
| SHA256 | f2e055ecc9ddbf2ed1c6308abf500f5d091977c1a81df5611b38178e4977090f |
| SHA512 | 790b40155bde85e1dec6124db59e9f1fbdf6abc818eaf22767e5691b59d029e94dc1027e9b0100467754120365ede986e0ec4fcfb92f329bd82dd63453d5d3e7 |
C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\nsExec.dll
| MD5 | 11092c1d3fbb449a60695c44f9f3d183 |
| SHA1 | b89d614755f2e943df4d510d87a7fc1a3bcf5a33 |
| SHA256 | 2cd3a2d4053954db1196e2526545c36dfc138c6de9b81f6264632f3132843c77 |
| SHA512 | c182e0a1f0044b67b4b9fb66cef9c4955629f6811d98bbffa99225b03c43c33b1e85cacabb39f2c45ead81cd85e98b201d5f9da4ee0038423b1ad947270c134a |
C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.exe
| MD5 | df8316c0dda4755b0fc4f6e37550552f |
| SHA1 | ee8208d0c827a6db5268c8e25cf2f0c77ec84a38 |
| SHA256 | f2e7726726c8cfc23e84de198abc04a5fe73249dcdf9ef9e5ca2b83e23643ae6 |
| SHA512 | 648cb76ae473e22ba1f95ad4fa9b79e71b211bc200343c8556a7f9a2c2fd4c9b4b526620d0e8547a6d77a50f72bfff59bee04c8732835324cb0e77ce83f69958 |
C:\Users\Admin\Downloads\WinRARPortable\7zTemp\7z.dll
| MD5 | ba8d0026aafd4a9f4dc80e436d71366b |
| SHA1 | 11ad2faf0ec4b9d9cf07b5923b0a1627551fe4a7 |
| SHA256 | f661fdfe368d2e69c47faee8942e73ffe763a58a317fe99825ed47482ce52163 |
| SHA512 | 6845e7cc41548e731cbcdbe54aa649ea844cb19d9e74a2a12384b9c5933c3f63d1964d05a7ea64f6f3e46ebd7a6e4757e02e8bf0ac4a1d4046ee6b2897f3dbe2 |
C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\Downloaded\winrar-x32.exe
| MD5 | 3e5f57ebff875d2e675f122348418057 |
| SHA1 | 260a934824203fbdbe199591038c28ee55ba8de3 |
| SHA256 | a911bbfab70c7545307b9dbcb06273d899ca03aad928f0b66d55b41c25cb4f14 |
| SHA512 | 7b75eaaaca495cd0023c8ebad028b3cd0a72024820cdc4fd37e3fbe15cf66a344b5f34e9a049fd430fbde1567585603d9e98f7058073dc2b67a8aab3717bb9e4 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\License.txt
| MD5 | 672064cf19db0b083b981cf0be7662b0 |
| SHA1 | c200c77558ca77c044a2c2d794c98f8437ffd2b4 |
| SHA256 | 9fc8aa33ccafa04c1ce4c0a61047b341297d720adab1b77f67b5fe59f43bb59f |
| SHA512 | a016b287b6d1a4320bd5ab5790163f837a28b54d8bcca56a51dc8b6a50374aacb35c0341d42915cd97d3b135dbf1f363087a4631deb69f82811d41db2f78a0a8 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR\RarExt64.dll
| MD5 | c08a80242d0c397ea6cc197fbe599c30 |
| SHA1 | fad2a0c6ba5a4ca6d2d157d66f5d3639c5616632 |
| SHA256 | fca1a6f0151a4cdd8eb873951f33a1d8a8ee1e1df7928c4e435bc69f39b42e92 |
| SHA512 | 56d91dda093309980d509cfdd42c2cecab2dd75b2b1be110d07baaddcb8648757c505402d83a06ee17849f567939011888edca44f08e79c500ddb5ecdb9b42c9 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\Uninstall.exe
| MD5 | 4783f1a5f0bba7a6a40cb74bc8c41217 |
| SHA1 | a22b9dc8074296841a5a78ea41f0e2270f7b7ad7 |
| SHA256 | f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c |
| SHA512 | 463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e |
C:\Users\Admin\AppData\Local\Temp\nsc106A.tmp\modern-wizard.bmp
| MD5 | 4df53efcaa2c52f39618b2aad77bb552 |
| SHA1 | 542de62a8a48a3ff57cf7845737803078062e95b |
| SHA256 | ee13539f3d66cc0592942ea1a4c35d8fd9af67b1a7f272d0d791931e6e9ce4eb |
| SHA512 | 565a6ba0c9afc916cf62dac617c671f695cd86bd36358e9897f1f0e1a23a59d3019a12349029e05bf91abfb7b213ef02fc5c568a2bfcde0e3896e98cbcfa623a |
C:\Users\Admin\Downloads\WinRARPortable\App\AppInfo\pac_installer_log.ini
| MD5 | f0470b9fa77807d118066daed0122cd8 |
| SHA1 | 5b49bcf3c194ef026c869b9a4b62f932afc92be1 |
| SHA256 | 0c057c3f9aecd4e1673eb93799389e30cd29f169ce435f4b277f77b64fa6110c |
| SHA512 | bba50e2211dd2dbcf83abe2d33a19409c176df5132f4f931d769beafd555e7b52a5007fb62235a950c488dc4f585f8303224c6070dab0831b77bd22031cda691 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\RarExtPackage.msix
| MD5 | 4ebeb72c7da644a296a0026c061db51d |
| SHA1 | 6f94ea0eae2664c8341265d62ff7d871da702a76 |
| SHA256 | de451e233072b0d34acecf04ddc38bcad61b56a1e0218041ca0a80ad752baccf |
| SHA512 | b4937191d5a61ebc41497938da51f6c741d3da6a9213e236cd62f82b106d311db597c613bc924c18e3bdc654f3f8526f43cf13ede0f00380ac22382713570153 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\RarExtLogo.altform-unplated_targetsize-64.png
| MD5 | 248fa2b659874a14b43b5e0e17ac1cff |
| SHA1 | b6b0671e015104ee7f4bac4e6abf961ec55fdb12 |
| SHA256 | ed99246ebc6fad80103f1e887dd8388f67eb509fcbba187aaa13556b8d884ab2 |
| SHA512 | 1a8e9f0c13d565cdae77cc17942792e33861f056f73422eb2df79fba5dc241a37106c0bf7173f9ba83f517e2016e9d3b8e117df2bd2d5972155781dbf147f90a |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\RarExtLogo.altform-unplated_targetsize-48.png
| MD5 | ec177cbe676473543e8c9b5d9fb0b797 |
| SHA1 | 0d1bb7649d090831d2ab1f2fb44f580e0d4004d3 |
| SHA256 | 5e3c8bbcd81cd0c08819edcbe04772dbd157f79373a0171b7bd914cf7a2cdef9 |
| SHA512 | 925a86b5be1c9fe91cc587b71a3e0d2fbf8eddef06093a8356bffa955b63c296a041729db38a9538dfc811b723e0aca4b7a183ab0e9d12d0a302d1239db12374 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\RarExtLogo.altform-unplated_targetsize-32.png
| MD5 | 85ee643e6b0837849e300b11395422c4 |
| SHA1 | 4634019350ad8dd59fd6c99b4aabea99cdf06bdd |
| SHA256 | 8d42f3961e0e381ee32d3e1e144bfbb59294d43a9965e895fc75b8827acd98e6 |
| SHA512 | c744a6b2d64121a7aa279cd197790512c9b97264e70d7399be992fc6f53bae31b7143ed299b1a47e5db1ad9bb82d982ae0988cddf5e4e52814c5a3eadd107d95 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\RarExtInstaller.exe
| MD5 | f5b54d16610a819bbc6099bdc92add2c |
| SHA1 | 7c680a87233ff7e75866657e9c1acf97d69f6579 |
| SHA256 | 46f533007fb231d0b0af058a0997ab5e6b44a1b02ae327621f04fdc4b2e18964 |
| SHA512 | a120a2ee6c926cd6f6b8d1be68ff471294552b049baa637a474d1210fe3ca83e66d0834217d1a5eea0491d080cea1795ee328fdd4cb54f6a132be2dc2e58e4a8 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\RarExt32.dll
| MD5 | 24f6faa5d2e9c8fb15ae0c936bfa4545 |
| SHA1 | 17f85d25f0f0c15a164eb11a34f498268677dcb0 |
| SHA256 | bd3f01e7c100422a6faae60d76da16158f6d8b3868d474e81fd657ec3c0127ef |
| SHA512 | cd3f4dd020cad0357be2cc18459e7051d65f05b5df60a8d980152179dff6cc8dedf9fef758224e9b6adc87de9033d18daa3e09aea8af2e2a1860efc753a01380 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR64\RarExt.dll
| MD5 | 1e86c3bfcc0688bdbe629ed007b184b0 |
| SHA1 | 793fada637d0d462e3511af3ffaec26c33248fac |
| SHA256 | 7b08daee81a32f72dbc10c5163b4d10eb48da8bb7920e9253be296774029f4ef |
| SHA512 | 4f8ae58bbf55acb13600217ed0eef09fa5f124682cedd2bfc489d83d921f609b66b0294d8450acb1a85d838adb0e8394dadf5282817dba576571e730704f43ac |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR\Uninstall.lst
| MD5 | 62b9cd76bc35c97aaea98ccbdeee04bf |
| SHA1 | ee7ef4da1de52d19705b40b0c8b255b2419e0e16 |
| SHA256 | 39c919f0bf05fb379a4663f9a6c72bedb6e8e2749db402408349647e5d29c695 |
| SHA512 | 07b912f6dd76dec89b9d09a1558d7458a640b8915489d7c288a608ad12891a9a74c2113c58506a4f8295cf551e987212e646bbbae3b968eb48615df2d5b7c001 |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR\Uninstall.exe
| MD5 | 348d5af506d6be5a32734b0ebf03571b |
| SHA1 | e13977c90fd6b21e794058d1b8a8d75a03462e91 |
| SHA256 | 8e8c02f5994c37953d065f5a7ec51ae2f07057af09ec2754d17afb08f9dc70e5 |
| SHA512 | f0004fbdbc4fbfd290a52ba6a11df643515cebf319f8481b7fbcb05502743cf3f2922d25930524c462921f3e242ea45a787843b46979af2fa752d9f10a7e06bc |
C:\Users\Admin\Downloads\WinRARPortable\App\WinRAR\RarExt.dll
| MD5 | f8a0747d1e6fe047d9087aa90f5247f7 |
| SHA1 | 0fd76388be73a1231499c736830f8497880bf80d |
| SHA256 | b4b2751624b312bea835bcbe90a3d0b1e7a4e01e19235b22fa1325b02b6ed2eb |
| SHA512 | 7a6dc8b3a843464bddfb250bcfde7d71e8f28e89a1dc18139b3accc9c7ca8cf99a0397afc23f69789eabee5029fe5638d29011d5b569edf665b8d74c09cbccfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ad01aa809a3e3c7b87bf81372fcd09a6 |
| SHA1 | 0c7bee90e3a76cf052010bb84f128404316bb3ac |
| SHA256 | f8b293264145413d8f8815f0f8ba1948cd7aedcf3ec9ae0a2c6658f6acef5f3e |
| SHA512 | 8077e684c46c5c6133ab51aa64ea3b8aba13334a780e3feda1583a73778df9f8cda39bd0b7e25b08b1c3f411982f8bef577d8f6c78ca55b8447d888a525dce47 |
C:\Users\Admin\AppData\Local\Temp\nsh5D9F.tmp\launcher.ini
| MD5 | 0dad34d82b06020c8eb8360b2507f26f |
| SHA1 | d7a3daa62c77977c14b7bb2626f1f30ee1d2103e |
| SHA256 | 2d785e2d78d22714a1ca864a56698a5126ee8d9ce1f70d30f80de0acf4e3c596 |
| SHA512 | a575513849abf9aa2a782186ae81ce5c2bdaa3b622ca7f98115130e14918afa29634e8ce369c02855d8fbf09d74664c3a53f3133a5f3c52d34ddc739c940bd87 |
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | b49a0fabff610d5f1b7b935fef33555c |
| SHA1 | 24c64b0cce1a471780ea6ad397d11a1073883406 |
| SHA256 | 2d16fdec4b68c5db625df00234d218b399a8d819da83b8840c54c82fb7d9b650 |
| SHA512 | f42fbfbcfa7d3a0baf3dd4dca8fc623f22d7700f062d2cad3b441d21abf6765473d4737361161148c8234c24d6c3eb1280f30fcc054666c1c29a9f0c3be2b606 |
memory/6108-897-0x00007FFDA39A0000-0x00007FFDA39A1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Crashpad\settings.dat
| MD5 | 7fa5c63a389a80af1cfb00f1f5bc8843 |
| SHA1 | 91f3311d7a30b0242b3d28b44c89017777b83e3f |
| SHA256 | 64d4a71c38e04d1bb90cd053a45cfc049c8569b1fb9a2b3a02d498970a5dc958 |
| SHA512 | d589da28b7a7cea3ebac0f91338b9892c2e042fc88935dfbb85f527841ad14dd09ab9e1d74e740efc572910e192cf6f1fd7a61c6b617a4d92f74c4eb98a4aa09 |
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Temp\WinRAR.exe.WebView2\EBWebView\1fc7d9b7-bffa-4467-9512-6df4b2a31d43.tmp
| MD5 | 1ba67bc9443940a56721e1b0bfe7119e |
| SHA1 | 27ff296ca5530b0552acd8e35e9d74625c3fd62d |
| SHA256 | 06d5c388db3ea9f15df7a6c327da17cdea3c4423edfaea0d07ccf1e5f35e3ff4 |
| SHA512 | 1af9e81983c4348c96974e4ad4dafcc3d3abc97bdbe8e9f7d6bdac5873ca8b28cdd7ae31d96526dc959cb12ec77b55a742e5d29159ea8ccf3595457d8695959a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 10259043ffc5cba2ce1f4ee24bad659c |
| SHA1 | 5edd7b80417aea9f73a4c64ac5334c9fa5f8fc57 |
| SHA256 | 6c5fd2ed72ae3577809fc33983410c080442b21bb1d6586a5591025c282ccc68 |
| SHA512 | 7a4efefb738ecce11bb86a63de3088184f54264801f39ecac3fdd60c72082604bc1047565ed45976b276d74306bc620000fd1e37fef8156ba6fb33d49b68841d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d64e05fb32abe318ac84a428e00d4ded |
| SHA1 | 6242b27f764996cd37b53bbb0c738313f88b7c76 |
| SHA256 | 91baa24037dcae18de8744a70b44d5be0de3805f63678273d0556de81441e94f |
| SHA512 | f08367d151a366fc98c5358691eb316f4adf578ec3e3f883e9d7fb2e026f3e6e83722f83dcebe9547d4163f7803a980f519e3d15692fab00d06347e0c0846b35 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3b681b7235b3effafdcbeed2f5f19d0 |
| SHA1 | c66f7a7ac7b0e0ed710eb04264074e3915669845 |
| SHA256 | cfbd96ee057f0e9a88660fad82556907f082953382fad006799106f59088dc7e |
| SHA512 | c4a0d70051b43ce04a9b1e6ab217112e9f0856aaf3f11fbe19334e054b4f8266efe47ce0fc2abb334742596b353327d56b000d292b262a3b318cff9ba89fc040 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 70dd8f2868f0d3cd60c6fb7686f15791 |
| SHA1 | 36ca9d3a9b26bac3ed16a9d44b0a4cc85a91d771 |
| SHA256 | a763db074013df1b6b2d7ce9022400091567f339a18d9ba2f55d4f894d05e428 |
| SHA512 | 825e73cb3ec6f52d0f20190a4ea8b517e12a1c5692f2817144d6194e044f0612b375516ac3f79e59412f63579a5faa50a8b820efb5b29cb6aabd1524c11c9f1c |
C:\Users\Admin\Desktop\Unlock_Tool_2.3.7\locales\resources\Data\level4.resS
| MD5 | 64d183ad524dfcd10a7c816fbca3333d |
| SHA1 | 5a180d5c1f42a0deaf475b7390755b3c0ecc951c |
| SHA256 | 5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a |
| SHA512 | 3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ae8ccd924adbd58929b0bda9bb80ed01 |
| SHA1 | e425d4415f71eba37233b21c044c300ba6e6d6ba |
| SHA256 | 1f0ef05980c596ceba69f2a6aec81ef6f59184dedfb323ab5cc6c671fca30881 |
| SHA512 | 4bfb4bc1ecf1885d1140bb62a9f9b5e6b9c993999aa0b3259598d769396fbe5f06ef5b61769038df19f00145df9e6aeb02adaed3bc2d28f8c53932d9590be2de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 706f8759e0dc0dc223f47b4bd24b1874 |
| SHA1 | 1deb9b1306268578bc7a9d1645bbb0ff8b9e2197 |
| SHA256 | 88c962fc2c231e005136f16d00a900d7e0a8e4b052c3729bdfb31fe41d063462 |
| SHA512 | e34f25a9c1b4d858aaaba9440e5c4bdd0fab1a00e20fcb64ff7b9015b1173c4f8e760ea3f15a0396b36feede11545fa4af9dc6a2433cbd0492572ed159839386 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 371a75f29579ce7775993730eeedb227 |
| SHA1 | 3d911739d5b7394d9fef823e2c0fd6c6f05d00c5 |
| SHA256 | 19826a1e84aa8bdec8efbb5f97f29a66f489284c65700baf056962a3504ab5ed |
| SHA512 | 1ac3564c5c6dc73ccbf5bf659c9714dc4ff166da870429b7fff1f35e6a55e0299d4be3daf7c3fb3757d1aaf20fb0e3594f9ad68a12b9f2bbb955286d05effe8e |
memory/1220-1795-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1796-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1808-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1809-0x0000000019570000-0x00000000197CF000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 11d253b3a6f1f94b363fcb04e607acd2 |
| SHA1 | 9917081d96e0d89a6c6997cc2d4aad6366ecfcbc |
| SHA256 | 20152f2fc1ca7717b9b858435b3658ce0879f28944bf822210e5ac5e148cc7ff |
| SHA512 | 101086c8c2805dcb8bb4e2a3c979574fea1cf0268859804c350f05a85945216de51bce90981a11d08c9a7043efee5130ede5c5a376cd86707dcc90c0e4f45334 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f26aaaf3-4527-48e0-b3a0-381ce36bc4fb.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
memory/1220-1849-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1854-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1855-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1858-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1856-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1859-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1863-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1864-0x0000000000400000-0x0000000000700000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 46e6ad711a84b5dc7b30b75297d64875 |
| SHA1 | 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485 |
| SHA256 | 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f |
| SHA512 | 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fdee96b970080ef7f5bfa5964075575e |
| SHA1 | 2c821998dc2674d291bfa83a4df46814f0c29ab4 |
| SHA256 | a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0 |
| SHA512 | 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3097387d72c9af3c576111ce6bfa39f |
| SHA1 | 24ba7c972c0c71d4b89be3af7cf563adc65e6344 |
| SHA256 | 49669964d40369bf0cdcb10f988bcbc4386577495d41f49808be55d2d70e7bc9 |
| SHA512 | 77567ac1b99369e1e6e559fe5e4d072c9834c1e86d6283f8fb4fcf1c975931036a7a15425088d2d7e95ad44d80eb59291c5858727a017dad9b213eda731a25f7 |
memory/1220-1924-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1925-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1931-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1932-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1933-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1955-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1956-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1963-0x0000000000400000-0x0000000000700000-memory.dmp
memory/1220-1964-0x0000000000400000-0x0000000000700000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 48df03e22c58005316062942865df2f9 |
| SHA1 | 803bc8a908ba4a0d53f27f40a73f1957fe5b3af2 |
| SHA256 | cb6a02b202116f9bd5796a18a4373a07b5f4fe2c64c6ca4a541c221f18ecb28e |
| SHA512 | 7d3fffac7abb07e87e7b079607829c28dc89a1a79525ffa8b7d718ca50fdbbb54cd71a0b76ede54552fcef408d6f7d4370bd08c370a52ea5e9282d9726a9f8eb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a8dd6410ef9449e66b6e4aff36833a01 |
| SHA1 | 80805d9d9659c5752aa4750faccd7e7530ef5504 |
| SHA256 | 0181a6b55833e74e2fcdb33507afbc248d0e299b8d000a4f087b2096ed10b6af |
| SHA512 | 9477a97b220de992fcc708cb9b6a601d311a06189cc8f46906c243d970376c53e11600f2e93502bac41aa9c310142f8a1694c8135e48e41c802d3f20edd9d0ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fe95f959aec7174070bb0171c51ba046 |
| SHA1 | eb1e62bf109f125405288deff949e40f31b96864 |
| SHA256 | 50467466b14a6a0a9521b6c712053d37a3c37a80311d93d1f68d0cb2fbb37fb5 |
| SHA512 | 798d31b1a3d07410754f6cd1afb9f62f17e45612de6879386ef37fe61d082a05373bbefc328f1cc9e5675a55eca2dc2d404e6706f7da7eb308c0f045ab4e0785 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 2d13db155dc2e50ae1102424f486dbd8 |
| SHA1 | 4bc9fdc7349f84fbeba8a8cc184c3385b4e24a5c |
| SHA256 | 76cfc5056942add0271de5766809c60b3e177c79a1db38c4d891b3e8fc28adaf |
| SHA512 | c20e69f9bebffb2ac2c9f909aaa9a10badd62e4bbea32a4ee0b6a0deb04c76edec5405a82bff56f860cf158dd43968831c4bae833b6a7e93794246260b1fab30 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bc14e3172fae747378e9e61fb5c32ce7 |
| SHA1 | d1486a31be654d9185e9452f63d12715a94d3a3d |
| SHA256 | 0a99119535bf9c34ac83153b22d7b4f13c7d558a8d3ca93795889137f00ad0e9 |
| SHA512 | d5b39ee1c7e388669694a3c48fdada148773900d655d3a850afa574a86359fb5c7c2578e418c401426ec691e6ef78816a3f13d0d8fe71b194ca91833e09bcd5c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | db07c1e737d0ff7737c1db094c694d95 |
| SHA1 | 4987e8070e8850d426808132d4cfffbff1c1e207 |
| SHA256 | f195da4b8452aeeff4504a9814a95c17f725546ecd027d4214627007abe98fce |
| SHA512 | 6a6479cc85b6e151f11742eaf48b799e127f5e529683f60bcd2005c89f6b974e3f33027c2e1be2a221b988486825611c3dfb3feb74f5e4a49cff8ed4c62c58da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1f8620459135210ffdbeb15d977908cf |
| SHA1 | f3d097e37424f9353689dc14a704721180f1f2f0 |
| SHA256 | e3e69023f7252ce6bf76975d66f0c15394f9fd68a6b78d5e6f08cdee91714c98 |
| SHA512 | 9c9470fd20c9da2fe74ab504a80b0ae056f6f594d03d97944265557a8be012d40275267a0426a26906ce230421c7f92831709a7ff47510c22714d727861854c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 36b106d23d0405442f628094e2e6f273 |
| SHA1 | 3f0d88ee04ff56779374146a592a7111fac8b8a7 |
| SHA256 | 621c5c4d7aee53db1c6b71c82ac53958e03f37ef187e3e8c583d543d660ea655 |
| SHA512 | c58ab1654212d6412d123d9464520a48493a285a3463f79ead9b13a0998d4fa66cddbecee2e9ba4df92a824e78d85287b521c0e2cb7a935fb925116bb277b443 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 99fca3686956a383c0c4afb875f29c28 |
| SHA1 | 8bc1c5f22aec1e49bdb1d137f170c7fff53e746b |
| SHA256 | 1a2878df0b62eb2775720fc443ff8212fad4ec1e8dfe012172d009388783f579 |
| SHA512 | 6ae7948cf4870d48fae8f95836b166398affe0688ac4a3938f1c41b708d3cad9ef740b17d498fc15335d53f7e2fbe635bbe321c57a317b69ddc5145373b217af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2b3560f40afc6977d8dc55f5970e620a |
| SHA1 | 23ae00f92149ebc0b9cc761270586914bc42e598 |
| SHA256 | ff5e2a4c3ec066cf7f6e0d00b55adf5f0defcff107d52394c0c59b5661273216 |
| SHA512 | c4803b8888c51c1235781016da29c6f939dff6dd54cd1ff92a0aa9589e9f23c843cc5fc84e2bafeb608ecab204e73de9a089081f78fc0be609ff904e3a370bfe |
memory/1984-2147-0x00007FFD65750000-0x00007FFD65760000-memory.dmp
memory/1984-2146-0x00007FFD65750000-0x00007FFD65760000-memory.dmp
memory/1984-2148-0x00007FFD65750000-0x00007FFD65760000-memory.dmp
memory/1984-2145-0x00007FFD65750000-0x00007FFD65760000-memory.dmp
memory/1984-2144-0x00007FFD65750000-0x00007FFD65760000-memory.dmp
memory/1984-2149-0x00007FFD63180000-0x00007FFD63190000-memory.dmp
memory/1984-2150-0x00007FFD63180000-0x00007FFD63190000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 560db6a517a2dccb83cd884420cd2154 |
| SHA1 | c3ea1ab4f511d5d1d7cfbfff1dd4d6ed60450c76 |
| SHA256 | 27ca113929a6e0912a983439f8deae727d85431b8db741075ebf234684007c0d |
| SHA512 | bada1a241cce1bffc1c846c6333cbca02d2d1ca64dc616b096a592ba6f6e3b46d3a977e6b53e2919c4d23c292776f66ce64a06c5420785716528c40056181bf8 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 8bf1a60d86a0ca5b3f1050729bf4f937 |
| SHA1 | e7c372baa59e4a30f24d44b6b7594794e28f0324 |
| SHA256 | 7122907e154dc5d12510a3fe510ffa8ee4bc32dac44d93a2ae1091c660b4cea3 |
| SHA512 | cbdcea23b924d179e14b2bf3dfb62c4f2bffd08333eddbcfe0c8e159ab5dc4d29fb628fbbd9c4aad6474ebdfe09a816a96bd29055d05e4e49662848b185e393d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 28a2560243deac1a03eba333e124f4a0 |
| SHA1 | ae9dbaba1aa95c6f338ce920f6e0a3a61cdee2d8 |
| SHA256 | b0a092d7013e780c7a6488f1ca62ce3f1b2ad76396817604cc38c688a2b03524 |
| SHA512 | dafc2c53d7154829cdfd1a801d4a4b2fe49900b3874b04a506c6fda713e4426c2ae2afd7b81fb0b37b055ba2b078e9f0387b905f7a2fbe9c805c933f02b33733 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e774a4564962bf4de51c1a19e7249fd8 |
| SHA1 | 76da1bbc0722caef76b69bc51797f4667a5ea237 |
| SHA256 | ad69686deef9241599f378c06689723af4b4b9949fc8acb800034fddb01a5ac4 |
| SHA512 | 01b4e66eab3f1984c303c9d2185616afd4b75f8b99dd1dbe8ae9417c39cbcdfd3c47ea55a906c6e800fee6bd819f30e60d623ff749ac15a768fd0ed3f5c5cd89 |
C:\Users\Admin\AppData\Local\Temp\TCD9228.tmp\iso690.xsl
| MD5 | ff0e07eff1333cdf9fc2523d323dd654 |
| SHA1 | 77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4 |
| SHA256 | 3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5 |
| SHA512 | b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 12daefb550df333f19e798f1df305d34 |
| SHA1 | 9052ab3720af6656bb9cd53598d5d69a7aeab42e |
| SHA256 | 2b00bb7d599f05412f51db15c68b6c1d773b0a5062da819c12a98904bebdbe24 |
| SHA512 | 209bed2c5b67d0516cdb2c8d5f04a72f3ee9555eb90f25ec1c7d30c4b919531cba94e0c22d541574ff50ac8f87abac4a134bb03a69303145c2ee4a6d212a8b31 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | bda8fbb2370d2d632cd683bc27a672fa |
| SHA1 | dfe5ca5b768c3c655c813bf16d53b7c700a4583d |
| SHA256 | b420b3b593efaab0144ac70702a86a0caf5ef047ceb4f68c964d77db1391bd57 |
| SHA512 | b07537aecef28382bcf46d4e282f3797e00bec6f9a646664372e6d0b4c3d5c7e45b70f1cd356d268032d66e6c0b4e9b3a30c009eb3f5df469bc11fbe444e628d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe5f1016.TMP
| MD5 | f3c66590153b47c24a87a5ae92eb10ee |
| SHA1 | f0edae0d238e1a42d2158740fede235d85e1dea2 |
| SHA256 | 61757d05cbd7a36ff6cb5113925dc22c1c86ae8e8bb05edb681013c3bd6a2a29 |
| SHA512 | e66fb59edb1412d439fa95887d42255439301430afcb0828362c9fd08e6cbadbc06ee0dca605b0661aed373ff654f1f7efa549eeded92dfaf79fbfdb5ba87216 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt
| MD5 | a7a2f6dbe4e14a9267f786d0d5e06097 |
| SHA1 | 5513aebb0bda58551acacbfc338d903316851a7b |
| SHA256 | dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc |
| SHA512 | aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6c0254fac89a58e1edea76f1f8df5e9d |
| SHA1 | f9d804fd8aed75b82822bda266fd25916d21d268 |
| SHA256 | 6e136e7a6aeaccf5ef1b19967e1e9428708cb9c65b226016660e6553b8466ec6 |
| SHA512 | b617701f8fe75b6b3cd1a1d435dc290d309396468f754a075078e166fdeac327f3ff7d40c58983fe1ab843d7d1ea66a073aa07f0eca4f88d8ae9591bdab42826 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 876806dc36b83dcffe0a9383ff234e45 |
| SHA1 | 6cc08c8b6945ce2f5878efea2c5e9342426bbfdc |
| SHA256 | 1ba8b373ec9a9d61aff2d59fb7cdb331678ae871029daf036a74b9d0bb0c7966 |
| SHA512 | 95d4715a07d1c24a22e1810203ad61559fe41512eee893072a0404d9a04250a6ac6efb13961556b35b7658e6c8e6ffde46ea36e79ba2af9753c3a13a8412315e |
C:\Windows\INF\display.PNF
| MD5 | 8eb1bed1f28db95eb609bf0b0aae49a0 |
| SHA1 | 544a6c3d7609b28b3397fa005ec52621fcbf325c |
| SHA256 | dc5ee4646a59070c7f53bc804336a36ac5d11422a021b3bfec36698bd06d88b6 |
| SHA512 | 340b4f7b8b078123515d87babb46be9e6b076967ba5442fbee0762245f99125c2c3d42b1bc51b52262e3d8ded30342d06013f346c0f3eec441256f935b854ea0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7a108284fe69d7c57e37f951cf93a3ee |
| SHA1 | 1755e68502509ce62664908fa9bf0b15e6be3c74 |
| SHA256 | 492cb875aafa0f74bc82b30ee89c1d92de9894e94e1837c28f5093127b501b75 |
| SHA512 | 60cd933526f53029c264a93b4cbac2b417be525b760b8bac3933f284e5d27bd36f3d4acd46ff82cfca1509ddb6d9231e3daa92a8d32475b8b16f8bbc58256793 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 76e09431f30216dc11a466dfdc4302d8 |
| SHA1 | 379cb6bf719f46922fbe3849110c2d1c2ca5cddc |
| SHA256 | 5410ac0cdb9f8d9c272e4eda1af11f2696ff83deeb32229071c0e429ac6bdb74 |
| SHA512 | 64d5fc1629137aebc57611407f8e5f44c8d520fb45498798a150d16205720875cf48671d6a02f92206d602503f29cc46b8b51baf1d7578340c5ce246f571b824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005f
| MD5 | 6b3b44639456a3230e3838d0d2202939 |
| SHA1 | 6aa554f51497c21d684d80fdf363e23b8f1f28f2 |
| SHA256 | eedb91d5c57418231eaf086f3739353392fa83267075bc50de2cabd11db66c1f |
| SHA512 | fab38b9b7d587aed6f2ab267cf9afa878213832b86cc00519e0cf5880072aa95516796131afe87d641fe113f2041eef52988845df15b716330de0080bf5ccfea |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e58a8e5a6161700549ae2b0f64d53b3c |
| SHA1 | d07dda0189df0c57fd72bc51dcd2aec5b599bb1e |
| SHA256 | 365e86999158645803a31d4b1b8dd0ca2617c3328e8a0e3820b7c30f75cc4b69 |
| SHA512 | b168d00c5aff1332eebcfd088b930bb8a78518515af01c15e32e3a603256418b346ae1194f2e5e3d07dda06d7e8853d3bc8da053fa9b757b9ddcbdb0d6d0fc28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8656e866d70c356ac36d39d85369e216 |
| SHA1 | bfc2cd79d04377350ded71af4a157e6d3b5c66a6 |
| SHA256 | 89b34637e4eeb0fc6d2f9dc5eed924cc413b8284f4c197c56ec872a7d7f54c89 |
| SHA512 | 39bbd8ca41f047571bc1afd02308aa6ff8bea17deac16c51ab9bec504945a771d90ffccbba9417d30c8b4f820fe57fd583e7cf96f0938824888ae2ff0fff4007 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 52f7d0af0642a228a39abbd174ede785 |
| SHA1 | 328279296f204c2f373f07d3bd5d49071e4c6916 |
| SHA256 | 13669b169d76861fb9188c84720d0c02ca11ca09b2d60b7534ac44cd8dfbc443 |
| SHA512 | 0dcc75990cdb92bb444f2d095c27a8cac30d63923e62604184170bf2284a5d080cedf3f9cc3ea1380f2c6200d726bdceaec765ac89250a44e15bd4c936b0caaf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 31d7c0e33fc3af2053c61c4a50ae687d |
| SHA1 | 9f9cbf8195dc73cb3c51758366dac8a7667bba43 |
| SHA256 | 3b6f6e6aeb468d4dcd2302604c7b2b0211f2aa8bdcb9910f4d2b740ace911382 |
| SHA512 | 948328884446b51c4082032900611efb7868470c7ed184b54b67f03d7150ae120753104bb10fe5c204ea2976109f21e62e460d94bceed6dcd01b3693344ae90a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | cef243240a13fdba7a2809dc33314c1e |
| SHA1 | cd0737854487fc555ee85649d3be07c0f9f5549e |
| SHA256 | 30c1808155aea9eb1c0269cc7be92bd9c04baa515a131e86177bb4519b5037fd |
| SHA512 | 364aa6901bde0daf7156988ce7466807f2f110ca30c2ebece4244d65bfb9c73e30510b14d433db1eaa2eb4caa64f9f947694d59ff7c3c9dec431f18aeb1a2a2f |
C:\Windows\Temp\MBInstallTempa8c6a948947f11efa4c16a7442be80ea\7z.dll
| MD5 | 3430e2544637cebf8ba1f509ed5a27b1 |
| SHA1 | 7e5bd7af223436081601413fb501b8bd20b67a1e |
| SHA256 | bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa |
| SHA512 | 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d |
C:\Windows\Temp\MBInstallTempa8c6a948947f11efa4c16a7442be80ea\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.33\mscordaccore.dll
| MD5 | 0377b6eb6be497cdf761b7e658637263 |
| SHA1 | b8a1e82a3cb7ca0642c6b66869ee92ce90465b2a |
| SHA256 | 4b7247323c45262bbb77f0ef55c177a2211040fa77d410513a667488bf1bc882 |
| SHA512 | ff3f6f6d1535e7aab448590fdbdf60d37e64e00d4081853f201c0103d7b7918f388db5469774f32af211e0990bc103bc9ff3708fa44efd868aa312c76ea65600 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a2e1c5e29ce6542ea118591d42db5f13 |
| SHA1 | f11d3fc1199d22861946e8f88d4a0188345a58d3 |
| SHA256 | 762e64b1c81e017d64f3011b01d2c3cbdf48200c25050b756a0d6d151a35a45a |
| SHA512 | ce6955f865eca5270b893367a0773922cb6ac98f9a626e35dcf42a5584d72253ffabf13afa0dc69116f025617dd1e1a8949c09884b2eeefa711bedf9297ce155 |
C:\Windows\Temp\MBInstallTempa8c6a948947f11efa4c16a7442be80ea\servicepkg\MBAMService.exe
| MD5 | 69186998f66f291690f40c3e4e3b9832 |
| SHA1 | 22ea0106cd46bf4ec55dba7bc674f915017151e0 |
| SHA256 | bb088058ee2d51b7d5b146bc8d29463c2e25cdbccbc108763cd0f5f7f4eeeac9 |
| SHA512 | 56bb14ac7ec4d54940efb874e922d5acf7517fdb42179c6f188c0268a646ddbea857ee33435ce43fc851593d135a3e9f222c6d4d9b0f4db17192ad0984952b31 |
C:\Windows\Temp\MBInstallTempa8c6a948947f11efa4c16a7442be80ea\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTempa8c6a948947f11efa4c16a7442be80ea\dbclspkg\MBAMCoreV5.dll
| MD5 | 5e84b24b7d4e5d5a161074da559a1b49 |
| SHA1 | c5dea018ff9ce1c9a3e0cc90d1363fff57ab10f4 |
| SHA256 | b1fdd023dd927099a2991b44f17cf2845cd70e7869c3bdb95fca52424d9a6eb1 |
| SHA512 | f962b0022e544dffb722456409e90b3046df07262f7a493188f6e17b26fd8ed16363acb89729615a01361fceea792ad640e51606443a007653c1f269aa805774 |
C:\Windows\Temp\MBInstallTempa8c6a948947f11efa4c16a7442be80ea\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Windows\Temp\MBInstallTempa8c6a948947f11efa4c16a7442be80ea\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTempa8c6a948947f11efa4c16a7442be80ea\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | 91ae66a8d2f09adcfbb1e0dc66b80478 |
| SHA1 | 3fd6c4c0c05d20dca3c9e948febd93b215ee2eba |
| SHA256 | 903a82ae359f8872d54b73028eda294653ccd2d1810a2c9786456025d10e0b77 |
| SHA512 | f1bb9f991e01c2673b37249f9aec8fb9302c88f506b7ca94a198aeddbea22f3e688abfdca50952ae99de8826f39d5394e14523ef395d95cac9d7ea1a552c8385 |
C:\Windows\Temp\MBInstallTempa8c6a948947f11efa4c16a7442be80ea\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 6d54e8cb264c8054f7fa1d3cbb907c77 |
| SHA1 | 9d76546dbcf456c4f282ba8ff4b630529abb4f0d |
| SHA256 | d6f7071808cc2c709e997a0ceb4def9cec3449e6befc8f722e1ace252dd4e367 |
| SHA512 | d4c48f78992001d1da090df65c1d696728e09a54cd2ef02363cf7393a8a117b175db58ea35bbc36ddf90b4e4df6ded8df6877fe525c827e995d0335cfeed7e87 |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | 6bc57437d8409064b4ecab41f5443dff |
| SHA1 | de27e2b8f490d65b61395558ea7c6985b315324d |
| SHA256 | 67267f589fcd41cfb07bc9bf8e1e220e0fec4bdba34f553945506b8c3b261616 |
| SHA512 | 2952ccc901ba76f9540c3ac282d7abb274aba1512174b18873a1b1a7fe70e08a57eb37b46f7bf2e503b575e06f0dceba161af476122a4f00dc91f07b3d0e72e7 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | e23fa7f3048a66d3e026c7548b947c17 |
| SHA1 | 2f5a4eb5c1ca2ae25720161990b0c4ad45688c5b |
| SHA256 | 2f4f62af11a4b3a93c608cf0341807e52e1ec24ff7e415e1c9688b3fa2791444 |
| SHA512 | 769efdb81be395b0ea3bd7f9aa2570de897885218af790070fd5b5dd250f9e2dc9944a26c397ab7e2da6e6d5d534606bf5b41073bc1b741f9e4cf396b0ddd62a |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | f52e4483ef6e88f3481205d43b661097 |
| SHA1 | 1f582e5db839ed8a596bd2a0588ac6e1bab3aa32 |
| SHA256 | 9d25dec8cf4bd5f18588f828df32e53c911ac99b11319c6caec0d108fc3c2b12 |
| SHA512 | 8f6f10a984336f28086368766d728c056d60fdc5e6d88951abfe74ddb9d9cd0a6433e7af881fa7776074c11e1bff960fd0d9f17f38e274d004507efce6ff8def |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\Windows\System32\DriverStore\Temp\{011ffcdc-062e-b44e-a016-5bce1b74ae76}\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\Windows\System32\DriverStore\Temp\{011ffcdc-062e-b44e-a016-5bce1b74ae76}\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d1f1a15ad17c20811fa46b93f816d491 |
| SHA1 | ecd87fedd06a1d1e4a525084c6f5f3d18612f216 |
| SHA256 | 60049aab5a23f19753490c3e9f1f4008737a291179d5ac7a368b6bc8fb46fc28 |
| SHA512 | 1d2ba7e265eec7278a08ed90f067226ef6c15cb3e9af4e1751b6d40319999407efd9742ba1a3814d38e38d24ef4a7d54cb1d34d836617a65712c41646100909b |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 38cec9ab24a59ca88cc35da2f5160ed4 |
| SHA1 | 00d1c89a2d2dc226d626d0cb3b1d8f95aa27c622 |
| SHA256 | 96bff8bbaca7efdd626a31d9f8a39e6a02b20b206c9cc43b0b1046ced24956ae |
| SHA512 | 5b70c3b138841102d6f74dd066cf346e2563d0448efe754889ef928691ac31747a657f60fbc7696b59218ca60dd02e3b2b2f0a0d4eea85fe5789eb34fd522b96 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 332b17b9cf66694d7a89ce326eff6885 |
| SHA1 | f04e341cfbe4e9a1b58f7fda974d0dfb59e50644 |
| SHA256 | 5696f2289d8fdecb9c005e3344e2e07fb657528c4686b29d97e0a3ad1a2401e8 |
| SHA512 | b22c2bb91ba03806f5b5494ae424f295362a3e035a25e847de2fee0d2181c6dfc3f4b76ec72c66032223a63e29bd2d61fdbead515172a1c1906bf012f6b8e524 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 00d8764b4cc31fe9ffc4cc5cfc513d6d |
| SHA1 | 28cc2ea75abc493eb55d55d6c6281872e006bde2 |
| SHA256 | 1ef65fa6585c011c7e0ee489f1fc682f6c18bd48bd6b3f9161e9460ba47cc5e6 |
| SHA512 | e782c266393294102f03f726027dd9cee24549bde15d7ad9f86b8cb6caceea34ef0a0bfdfda2ed820d5d671cd51ad8ffbe8a38e365f2b0e67262076e6cdfb483 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 5e313759b5bc19eb6c1f642b556168d6 |
| SHA1 | 84ac3234e7411658a551227a01c005a0d41b4527 |
| SHA256 | de370e7d6bc3f6e92d5fb6baf488bff38fb8f479830053fc2bc5c198dad0eeb0 |
| SHA512 | 40604bfd303d04c58474f7bb5eaafdb74d1bf477a1f4a77550f53eb7571b697373483b889cc78c2659d4ebc67acb7e865eb83e0c85b00e9f5d8b5c0e790ee1e4 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 399e000879b960a273f746499c762e32 |
| SHA1 | 5d3f231a22d6000adb01c678e890e20f52755c4d |
| SHA256 | 9fa4817de0706f44c5e723fd24b7e4b32a2974d3237ec1b8b958d149ed35fc9f |
| SHA512 | c5644cc67c482240e58177117e0e6e2f7cdb31f4b7d84bcdd3e745435394d6c35e8fa19b1ec6f14086023f95a382957c3dcd4fb053a1c9551db755b4ed143004 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | eb27633adb226b7369c413396e250731 |
| SHA1 | ba10bc2d22c8a2f59e77af5bd96e2648720305d5 |
| SHA256 | 6815659d81fcefd233349c222199ef393e83718f34cf9bb87ae243168325df15 |
| SHA512 | 6cc48d04ef8e87c84680a5e1c2fb4a58eb135bc1af0aee47260548cefbd65a6de530282b4ecd44fcadd026194a7ac4f1dab181c0795375106e17527b5da1d0eb |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 17c104bdd0f9f9e59fd0dd1d09d5413e |
| SHA1 | eadd61b23fec913282829f9f37c1439d0ae028c8 |
| SHA256 | 88936e1953bf3bc44e2e81351b598c58d3d3d43b17918a7407f1e3e90e003ac9 |
| SHA512 | 43316c05ecd63968dd4089a02eb49dacafaed4a0e6bfa3f012fcb4400ae8987a56122b8fdd0833b0771760ae5c6a296ff30d1912d624359e54fd3598045c0549 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | d73f44d1cefa5a376f1dc84d44953e0f |
| SHA1 | b21470e03064eed8039f6114f67aae2fa132cbdf |
| SHA256 | 8e1413ee1c2ff2a42d0571a3291957534a10afa4975f69f26c88cececb8e6664 |
| SHA512 | 505f66d4b631926748829576b94d245490b8ed16a4bdae5c7427093ae285c60e9b74847a2d410ff1ba0ec18119e2c8d88db62d4e6c41ad416f425fe577f2565b |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 97bd79db1e8035a3537dbda7dbd80edb |
| SHA1 | 8ba4b890a3858c9a1eef63215a5a475c2d9ff893 |
| SHA256 | 14287316ff6574e7796b52126f9edb5e9853911b738250c5b740fef5ea89b7d3 |
| SHA512 | 93a357ed3baebe51d82c15b3de7a70adf3a79300af90e4305f77aa65454326c5f57c83f52a8f9b9945dc2a82c6460ec57252f6469e4d01b0a69a4bb5403201fa |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 600faa8c43dbd16f33ca7aeeded12b68 |
| SHA1 | ed4ef4be1eb6093879003f8cb1a588495ee9d4a3 |
| SHA256 | 762edd5d558536649dfde3d4aabd13e5a5424f4a22192f5c064b1654275ff3c5 |
| SHA512 | 93422f0f3ce3443e953a5baea42d3d9115d75ea357225e9c14cc6fabaccf30847eaedaafae2818eef34c4d014b393e0e3fc9bdfaa828923730de2debdd60cfdd |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | 71fee8336d19f0d5be6f0f33b76e03ab |
| SHA1 | 58c5f158909bfc4dcf5384bd48f302ad36725e86 |
| SHA256 | df3d372fe7770984dad988b9b24347a11326c521423d9e265c097c992e85c24e |
| SHA512 | cdc81179d8d8d63439d1a066459c40ee33920f646f1dedf73c5626eaaa9a5af3e8eaf8fd1c9bb6ed53d007831b48561f2d1f35a04e2e834ee2c85ae56b5c04e6 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | e1395dc221129d7ecc7e3c46a7c73184 |
| SHA1 | e2a66d6284ea04579078b99e7bde6d43c4d28419 |
| SHA256 | 162200ccc86774690a7b585e38f180060c32c620aa3af7a859d0ad7b2974e936 |
| SHA512 | 269a74872b94425186b58bdba63b1b4a3452b9f06b7d93769332979f79165de8231aeb034475af14b722162afe72c4cfce2a5d2f61e1fc0e232af74da796a190 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | df9371eae3ca5ebb0121bfaec6b7ffc3 |
| SHA1 | f64db2a1f14afb944a6b7e472e599b7d2b2575db |
| SHA256 | a932b0d3ed0e0da8d935e5d0f875b5cb3743fce43307937c0d0835b95097d71c |
| SHA512 | df148ee1147fb4b1729e60e879f7486cdb8357113fa0e7b39dcd52172c4fa8598832426565557ef6239752294e1be3c69cbee1a6678bd042d26112e706bbbb8e |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 7ff716c5160fb16ab6ebf01aa4dc05c4 |
| SHA1 | ed5687d8622aa9b3c9342c90dcc5309dd548a165 |
| SHA256 | 27685b33df1370742ae5774a9626e0c6457f0d80ea32c5499b7655c02108719e |
| SHA512 | c32046cdd8c8e0a06cf6334e91cc4779c765dcea027d7056c4136ec017c5e5d3708ab1f2fea70b13c1cf9da01e10f1828a5cf3585beb93983c86ff23d1b0a01d |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 83e3ce70e2ab4c27b356679bf4426f96 |
| SHA1 | 36078c4c868887437b50ee85b6e34881f673273e |
| SHA256 | c3ac32fa6611ca71a0abc9b23693c28497e68e7693775bca995aaaab0d5e1e01 |
| SHA512 | 413bff24f4abce557eeb35fa28e5b61e5311fc3155727a5aba0ece3f7789f118e2eb777539f364246acade62330dad558ef05d11adb8dda799aa6393dbb420dc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | de80d1d2eea188b5d91173ad89c619cd |
| SHA1 | 97db4df41d09b4c5cdc50069b896445e91ae0010 |
| SHA256 | 2b68990875509200b2cf5df9f6bdfcda21516e629cab58951aac3be6a1dd470c |
| SHA512 | 7a8f5f83552dbff21be515c66c66f72753305160606c22b9d8a552ab02943a2c4e371d17dce833020d2779c6d9fe184a1e9ef3d1b8285c77aeb17b2bba154b3f |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | ff06b182842ff9630ccc25cac685df24 |
| SHA1 | 186390eb3fdb2f266b22481d98e06b65369a972c |
| SHA256 | cb1ef020f2484b4442ae0558d3d513db71d448eedaf41bfe80688deb2d393196 |
| SHA512 | 1ddfd12b1950539f707ca8494a7dfa4c90de1ce93e6dc65fd1150bd94f78bff58a1e580c4f679e24726d365fde3922e27d2ee0523367c39dc8f9fb5c57115dc5 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | 96d2161c3b4ccb3e1747e55e5e58988b |
| SHA1 | 0c1b5d44d4c7f6983464c1f4f73dc24a302f15a7 |
| SHA256 | 7627997a6a71e5163b94dd251c028e82c87f3ee28d3420438673260dad54cd69 |
| SHA512 | 7cb97b96fd87668522bceb0529cfb483983aa0460b69fc707a374125408d1e0dac70364270cb02adef6de86e048f56c91febd7e4521ac65b8514bd763e91d96a |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | f772f5ce8acc0dd79c59611b5008fe2f |
| SHA1 | 55b9ea29254bc427071a84de4809401b3eb519ac |
| SHA256 | e720b3fcadd6ce5a1cacaf80381f5969fa9cb956a2ffb4f2fbfef5ea9f90780a |
| SHA512 | fa79387191f5cff710b9dc86fd947eb616ec95fd891f162668d47f620c434601e5c328852a9bcf149e27e15cf3cae4b7a8fa584a6fd9e2f0424c0599a0f78fcf |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | 7e8002ba3c88689ea44312de22b3071c |
| SHA1 | 92c647bc52c356d5ce18b6658cd6024b476d4819 |
| SHA256 | 6d279af2e69c0a59dcea4c3ba9171b6e2c5f7232ed414d33d07cf6fa56b30667 |
| SHA512 | 63be241668499ed15da9a63c1cceb6889a32b0273580b15409aef02bc022f751df7950690090083389c849bd3783d6bba9e55457309f2e450a64f1261c11523c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | f802ae578c7837e45a8bbdca7e957496 |
| SHA1 | 38754970ba2ef287b6fdf79827795b947a9b6b4d |
| SHA256 | 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b |
| SHA512 | 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 956b145931bec84ebc422b5d1d333c49 |
| SHA1 | 9264cc2ae8c856f84f1d0888f67aea01cdc3e056 |
| SHA256 | c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3 |
| SHA512 | fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | 995174301f78f82ae249e0ca88ab3580 |
| SHA1 | 9243e263e4ed877eca7fada22f57806ef0517ce7 |
| SHA256 | 62bfcd9b875621912a572abf99b8203bb5ea93aa42168d44dbe546cf15229d2b |
| SHA512 | 97d71741c718a2d344affef21628c380337ce05cf2f37392e6c6e3e696e44810d1f7eb07eab8849fd2a0125acdb4ad08f72cec41744c4948806c28230aaa5932 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | 16a6aad848aca7c684b68f94916089ff |
| SHA1 | dc3a936948599dab48b7c27c979a4bb69e8c975b |
| SHA256 | 99becb68768c0370ca8f49fec4e1e6bd8fcc9981d928ecab27bee1ba24dd691d |
| SHA512 | d27236da41122881e29e16b257807639c1c74c1bb243684c7411ffd25f54edf093e9caa1e38052a9e665039fef579adde4080bcee816e7b3d571930006f4f508 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 25de78a2153635c70028aa2645c12427 |
| SHA1 | 75d453454055aa22fcb3d9062383e1613ebd34d8 |
| SHA256 | 1fb19ba0df7857d2a75ffe3bd79bf152e613418f89efcece90b602460af0293e |
| SHA512 | babf8a36b21efb9cc731db9edacdc639394f8f7be22e558577efe70d3c9da3dbc9b551ce6659035cf73f21ae54fcd33e8bd1707e53c3b93a096917b61e1dce7c |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | c9fc470759f533ab86fd30dc7b58bfa2 |
| SHA1 | e1e241907f2d7ca5479faa35c8647318364df1fc |
| SHA256 | 9032b2004ea86c6c93c419f7aada0f43b67e83694123df73d42ef1d48a8a2668 |
| SHA512 | 2d08eb1948bdd7ffb08fe5839793953f5e7aa22bc2eb374b1f60611da978b2dc033dd7390a59b71d83932e9d5df17902bc46e19dbaf53dfd46b9779772eb8c47 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | b1a0002d757c1e323fa23881d5b3ebb3 |
| SHA1 | a09a75ac5cfd9cb257a494aee76fb75df105d399 |
| SHA256 | 90f2a32ae68fcf28d7173e18a978bb94f75d1997ee9b1f6bb0689c710970fc9a |
| SHA512 | e23eaee11ab3cfbedab7dd830e260204b86b4c37d94aae91d9855ab01413f0a6fb8ee76dd1f494a2d74249fe1e09c86bb63f1f25f9a7505beed95ef9f1501106 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 6fc0b18854a997fe92b9b1eb9593fad4 |
| SHA1 | fb1cd08d7d82f7eb60a84601b9bdebf4445cba8a |
| SHA256 | a7869918b1ce8a57e1b13a842a3ab78059a326a80d8383640191bf7e988e2494 |
| SHA512 | e1ffe7513b8af776f351e8a0c7e3182f7e32115fed94ff35bed3726aa0ecfa966635c16bb20cd0b2971039b7e3e62280a4bc4b96ad5824864fc3230293da57d3 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 30c4c9067672a1e4f9b3db65d8910e78 |
| SHA1 | 6eaca7f338fd5daac8de3666203fa65f1688706d |
| SHA256 | a569df2a56b103ce620887673172e42aa9b70c1ad95d5e823259336f74b9d096 |
| SHA512 | 9b7562a904bab972868f15db30dbcd83efc9935690aaabf8fa3f12dde15a6eb8c8d460081437c77359184936b88186c9c3823fea4c1380c668adf3cb9615b675 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
| MD5 | 246a1d7980f7d45c2456574ec3f32cbe |
| SHA1 | c5fad4598c3698fdaa4aa42a74fb8fa170ffe413 |
| SHA256 | 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147 |
| SHA512 | 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
| MD5 | d87c2f68057611e687bdb8cc6ebea5b8 |
| SHA1 | 27b1311d3b199e4c22772fa1b7ea556805775d37 |
| SHA256 | ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8 |
| SHA512 | 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
| MD5 | ddb20ff5524a3a22a0eb1f3e863991a7 |
| SHA1 | 260fbc1f268d426d46f3629e250c2afd0518ed24 |
| SHA256 | 5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a |
| SHA512 | 7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 5bdbf2c6032be63a5e934a829316cc6d |
| SHA1 | 5f3ff49b4df2dda5afd3b7ca05403d07e3012a38 |
| SHA256 | 6234c2713957e662b8cb3c6da3fb50fc32f6ce6be4f166d19bb3298caa1e0158 |
| SHA512 | 1487375e65e85db67d54cae12f2a56be76dd0b4a3a68e7b8547bd65503aeff617ffb440ed19875e9396aa5e4fba5ea13c792ea5201643677b8fc59259d21a973 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 875d216db19d52abc4d767af91042c1e |
| SHA1 | 1a9747919b059f252c7255de1baee18389b52e09 |
| SHA256 | 7d05f42d3e92a69d632690270d0961ea38f77b0e56729e640cb68ba14c0580e8 |
| SHA512 | 2f4a10f2e1ca03255799939bf7b49864271a478bde3e7205b1bfc190e72ed85baba47c716c73655b679763e1ed01bde263911d6ba8490b5bc1b6fd3a2caa564d |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
| MD5 | a6425d85124a1c4587f96051048f139d |
| SHA1 | d33b2947ecd86f5581ccfdcad5af97c8730a7622 |
| SHA256 | 868a92264f099d62a745ec02e63d6bbb6164899dcbba66124f63ae4aac97d5e6 |
| SHA512 | 9333fec092e3d49c2a339cc080dddbd5453b51d72a5c71f04758db2e906f961873ffb64b52e80333fdd8a5e85089d005aca74c41d1c04541b5799f44e916f772 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 447c3b14106a740740b5e68aac5df31d |
| SHA1 | 9625784ac8fab5c62201ec09f4e1b8eef5b95bf5 |
| SHA256 | 1d28d139e9eb0d6482adc21fa6d719d4d500eeb36abfba14794ddcab859476c8 |
| SHA512 | 382b4feb9e3901fb29aee1685cc67462647baa288490f793e9507b95b6cdf60a899324e7c285e573a1fc4b6b3405a52531201225baf4a98b91f7854a6dd6e09f |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 5ec50d1fb388318b73a28b7f675bae3d |
| SHA1 | 07e10c2920db42a2910c28a644aa37eefa3474fd |
| SHA256 | 37555fc8899ed075619782efb153b7165c26322ff44b7bafbdd1e7ea0d0c3d07 |
| SHA512 | 301bd504f33ef67a4b283bfee572ebe88f3b05711215922b22aca943724d7068195a79577b846b0b7facb0002e902025aac9399bf256a1ed9ed483d4c9072fea |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 771ab9ce5d210eaae46bfe5d9eb09303 |
| SHA1 | 13cceefe3e38566a4891084a41506b183f07c2e8 |
| SHA256 | 4f0a8c5c5b3331c12be5c93367a24139228d71a95c0aa6d03d599e951518c1dd |
| SHA512 | 39f081cd35f136c773e36cef9035200cabb8eaf6a8b512a87004007ded79cdbd776c967399c8694c74c088806bc7529602e17d4be94d07b5b4e00a46ded61ebb |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 541a834d4e040edf8498ac4267b1f21d |
| SHA1 | bfb03cbf4c23d5ceb2894c276def225e70b72589 |
| SHA256 | 66fbb9e09deef8e6c1817ba99e9eb849452cd9d3dee003d7874b31f3abd2cafa |
| SHA512 | fd07e47c1223aaf849b7875cca3ae525c6b2c06d6ce18eb18df9145f1396893b3678a8eeddaf5c3e3ab004faf3324eb24d001a126fa0c4ea5f86c75b08566ef4 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 1505bf8aa64bf7d82f2a6f73231e47d4 |
| SHA1 | 1b535b0de18b690d30b1558a973b9c103df5d1e7 |
| SHA256 | 45bc81f30c650108597200bf41b3e644f73878a10fdd2c1502f617b7b01ec34d |
| SHA512 | ef5e052048108b111d5f175005d3640786affb5e4ed2ef7f4e17745eeb6d2106aa74e7b2fcdd872f82ec33465ee9d384b9b6c07b49f53ef8bc4f8b29ba1e1f3d |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json.bak
| MD5 | cc83fe8fe4bf5d2cbac63a72c00baf2e |
| SHA1 | 887718d61d48346ad6f1a1af5e0b7cfbdc0621b0 |
| SHA256 | 1a554fe1dac7d2e26954b2ba246557c4bc64ba9a9059021371d96cf307b9173b |
| SHA512 | d0c65a52a7431904be22571f254ef04c9120340e4dd0420823c1df37069de1527a800f67508d0a4bfb6e3ac50c0644385f7ffe3b73af9a4973ebe98340a04af1 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | b7c795943b0edef8e7267816bbe48174 |
| SHA1 | 8b5a9f168b237d0f26d9e11c84d2688938b0089c |
| SHA256 | 8cd6280658b40117e6f9adaf2eff5ccc6e1223939b8c1677e27ba4511c646f59 |
| SHA512 | 4079c1001bbf5a0b8546c0bf9ea1cf54092e9e5d368c4b955dac0b8e11ee29f9926ebd279ab1e92870cf327e044a2a2b4dd37ac473ec751e81e4b385d1149e6b |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | e0ab3e885ceb616b12ba980bea1c44ea |
| SHA1 | 1f5533fbb809972546bfd774115c8f8c94d8bac2 |
| SHA256 | 3bb126fb4fd4d3155ac6f1b00682de8e01dd62508a246ca16bbad78cec55226e |
| SHA512 | 5da7024b367c09bb9f12c7a89c9c8ccd5773fde4778afcadc068bfa8b722d148b750edca4a80d199216b0a26088c60ebbc1a8f615b80351c2cabcb28a02663cd |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 3f6cc1273637fe48da7976f9cb6038f1 |
| SHA1 | 09b8b497b375dcee35fd6e64175a17c53fe6605a |
| SHA256 | a9f6a87d8e9e1ead09d453a34d967c3f8beefebb355b3ed7da0452578d56412d |
| SHA512 | e72943924a5c2a76599ad118198eba5342ff85a2b820c919b8ae241e479bae4077125b9aca866c30bb66040310649b1891f3f083c442fe47dd5847bb4ee045cd |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | bbdf3b4ebf794762e31779a3d0f22924 |
| SHA1 | ca9c53bd74e275e54d84a20fdf54df5b094da230 |
| SHA256 | 711730d6f18cd6901bf6ae3829052149fb55f4fed0f36fc7d914ccc33b114a14 |
| SHA512 | 48e4a036e630c4d870c63e91b6c66bda5cbb28fd041c4311c9d90209a6593f8e43f22051456fb21fe53c0046acf4c23fea4f83163fc80dcb24578e8a7a3d6310 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | b4c72dcfb502a7c1a9336182c4335821 |
| SHA1 | 542b0d74aca93dd248d0d7ceeaa99cd4eee15384 |
| SHA256 | 81e4ccec02e1310352b641abd29d40876c08e1ae67beea20fdbe93b11feb709a |
| SHA512 | 1e94f916c8b36cc523cb208ef6ec832ce1586fba4de2cd2c35ca411fbbee562956874e3ed9e3218e154feaee169348a1dea1608097cd3f41f14d58deec225673 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | b01499dd415bb028ec7183a14ed7cdca |
| SHA1 | 047259805d072feec73c52b6f561d47a441c1176 |
| SHA256 | 926528aae063d68f545141b801d49f7783c4c8e36460ea1efae0087886194618 |
| SHA512 | 21fd01d9dbcc17cb18d2788fde12bb06ef689fa9a9ca6656783d954e900443271e69733e248b8a5cf9c41d36f8b7fc3783abc9263c4738b766b9ae283ee86f9c |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 17fbd3f4d3c7316a054aee4151fbf1f1 |
| SHA1 | 34d7672a946a2c6f19cd441c42f2d2176f78e801 |
| SHA256 | 20d452e638f7f25c0d47ff7dd7609289b1920deaea1007d27a907fb8d55a1dbc |
| SHA512 | c027ec63c87ad197ba7a44d68a103fa5479726d34c34fbe113f3e702e6e6ef5a2dbe218eac59dafbca0a4aa90b925b83d5651c417455ebf11403775374ccdb4d |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 32a1600fd602e2d471d543521be4ca28 |
| SHA1 | f1fd8d87689e3d2eb3c130f4ca952584ca26e77e |
| SHA256 | c8b3b327a7e531094125a83665750d9d4709fdaf720409aeca0e6ae0821d1935 |
| SHA512 | 294ca5e8d570e9a01f313094d4ad51cbd28f3801b811113b4aeae202ac4d62c8d15a795e550e47eafc6a9c04784b9e4b0474d2b99031bfe61b428f7705817687 |
memory/5756-5873-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
memory/5756-5875-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
memory/5756-5874-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
memory/5756-5883-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
memory/5756-5885-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
memory/5756-5884-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
memory/5756-5882-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
memory/5756-5881-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
memory/5756-5879-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
memory/5756-5880-0x00000191C03C0000-0x00000191C03C1000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | eb8b92efce66efaee5530dfaa3d7561c |
| SHA1 | 46b12729b0eab700d89bcb5de0745a2e9993e922 |
| SHA256 | 22374af7ff9fe57bae1da68dac7c5f5edda9fcc6fae4ec440701329599f7d651 |
| SHA512 | 8d58da46d3f3ebe0a7251e5d8c3d613954e8e0e87db7819650c0846db91eca58acba9033137b9745e3e192a14552387044a442c8c769d7869cd844a6a6c7c407 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 1eaf551551b42388edec810d2a418981 |
| SHA1 | 13222a11748b45bf3567e95b15a7db3efe47418e |
| SHA256 | d24514f00905a14224763c2d29dd185980b9e14f17932ca0bcecea05e319a392 |
| SHA512 | 29f1d76a681950b187c7e1d0ef7edfe37affe439937cdc14619216573552d7b9bf81127d14f68d72245994620e38ca2d61003b8ca15e105a89d4d4da371ff329 |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | 42a9832fdccbeb097ea863d580c84c8a |
| SHA1 | f802df41b5a42b2ac86dd6134136dbdb79f80b35 |
| SHA256 | 265b6121e7c1f69a09efb05c1569a648c03287880f60d6aabe587a0fc0e0b828 |
| SHA512 | 573ae029cd8f7c0bdedcce7a32391bda6646b242dea3c1931a778d61422176d3a767c2118ea3d9d42d9945e0e2216ce0228c3bb27e996ab01a4551689711a1c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 159ab8035eb978b5bcbf675f8b1ed3ed |
| SHA1 | bce0b4be51cbb8b5cf625ad26ea3b89165139386 |
| SHA256 | 2ac7e33bfa1e472995c51b4e27a974bffe5f1c56092d4e32a0bebfe8687777a7 |
| SHA512 | 11bbec5f2e93550cc04d9907381f3aaa1db7473c34cd953a3d9a5869e543f69968eed605a9a7517b057e7f946655afd82325d7a3dcf76b2b0e08b74b6cf6d470 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | b1d3fb6f634214924d4ac4658f16d89a |
| SHA1 | 4bdcecdc221d378ab9c79237e860850abf8c0f4e |
| SHA256 | a57c00e3f8ec24c63b6308baa3b21665d61db11752f86f5483da8583f812f5d3 |
| SHA512 | 7678158fce031fc4f269f04919ddd3927730ef59d3321946613ee2c2e8570e49cd11ee23dda680cddf5a98b9422275daa6d1003944c5cfa87a648d25c13b1b94 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 3baff338960aa562f05588a1f56ab01c |
| SHA1 | b10c57971fd00a287e5eeefd8dd332f4a2d29f33 |
| SHA256 | 8f8666cd5d7a35359a68d273164d5e9f890e516ce00bdbbbed7c02d28820e247 |
| SHA512 | 97daad8a5ff54d1547cf4541e7786cc62d24869939ec61121b8bfad7cb40963093140a55f12880ad0c55dfd6ca2bbf27178b507229ed035eb456cc254a17d7a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 713677ab24b4750034e8193eb8f7e29f |
| SHA1 | 68f0cb034dbe10ef927caf65ab5290f021bd8fde |
| SHA256 | 685c365f6486a9540f6e9e4880fad7fffc815784f15efa943e9a49cdf560efee |
| SHA512 | 87087e836da1bce1f38097eb7eb5838801cc6f9946720c35ea1f208cb294a45433ec428cabc2998b152fc4e95daae5afe803f6803f0dfc3beeefaac4c3debebc |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | e957749da9e84688ebff5ffb6f390caa |
| SHA1 | f110b83fd313b4a8c421bdb02a4368cdbfc12f62 |
| SHA256 | ce8b2799d7553899ec30538c7c7abde5edbf402c6c58cbcd69a20147daea3058 |
| SHA512 | 9606625f9a4094dea2c2e819dba09a51dcf5d8a234d2c500f77fc3866e0663c1cf07278653a96e0f22d41c9755973b542c7a88a57cc47c62e3a3519c9a0ba625 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 355347a81fd2ac2e10fa7780743683b5 |
| SHA1 | 9c56cb229a882d07666bca4dfd75e5a26f4ce7cc |
| SHA256 | b76c1d3d3b05d53082fd615214d14d6da55cb5455ca0ec4869c15e5af88983de |
| SHA512 | e9839ac8ccc4168a0e743d1b47aac4b4a37a80c24a13b35c9a258db818544809b92d1cbc624381eab8bb4f47360e3ed2ac68933c26858992de5b1c6a0cc20863 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 99fcd82da23a6b6a8516d51a301f345e |
| SHA1 | e11729956ff809d1bed36467d92ba9ddd00adc8a |
| SHA256 | b26e091cf3ac0aa842e9c64d75630e13a1690e1251502e1fbe2fcb5307108500 |
| SHA512 | 91ea2e71371838c879e07bdd20c87ecfe80cf52162c268ce4aea3b751fec61d59a12821398e2f8b576518fde6c17155f1faaa16c64e9bd1687fdcfca4161987c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 1b1227398ef9d57f0763784f0d0cf924 |
| SHA1 | 27a223fbba18f2ca5efac0d69815c015af06a956 |
| SHA256 | b9a0ae308d104c31d08d4919b2b4779808624a760794215eb0120d99d8cc48c6 |
| SHA512 | c0b508f99d25e08e7a0f05993626ac8c30c0a60d3a6412fe1d196ef0f77bcd163f1cb29a94d8b18b29d482bdd5b67fdfe93c15fd87b0e1653627da5bd8b6cd4b |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 1712ac07144f17b8448a9cbe8c3a9fbe |
| SHA1 | 0eecece03cf5914cc3e9e41b8577338b1538c896 |
| SHA256 | e1c66bb74e1b9f69d73e9d6de96ae505a28cfd9f3259bf7785643ac05aa77c07 |
| SHA512 | 69606b811114d17fc2827556ddc999d7f28d4e76c3e9ca77fa92dde927490f6d251f5aed7fbdcb4d93b4000896c4e0458b4cf43c02a27af6d5a0fcbb102eb553 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 31bd115479ae55d3c15a0253a539bc42 |
| SHA1 | 2920c7a13b657db7e82ec452f1ee433094394af0 |
| SHA256 | 30dfae220b63c1db43454c53252e3f8636e26e533dee783d0e26dbf381903863 |
| SHA512 | cf9939f60942c63e029ae0d257084ea49b816353976f6f3c7ef28098f23b9035995f0d2e5c889042f8f8aaab3c814efcaed563e3b750e4489922e44ab66b7f19 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 387c03daeeab2e890774d7c1f69648b3 |
| SHA1 | 7eaaceffd5745686629636c8c9bb67c498e6d4a1 |
| SHA256 | d8bd7f1b09c12d8f320742c17925774ee13a9e453abe39c5d07ab3ba774e0a74 |
| SHA512 | 98d9d55a0e366bbb3d9914f3eb1a7fe19839b6ae6c2498120758bb97aef367e1ba5c5504a229e4ed8d5f85c20e6749ef537d3fa7317f7a20696e39a7c533f612 |
C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log
| MD5 | 901d12bf57f34e0084b84fa6deaf9536 |
| SHA1 | e1fc8a9337991a9fd30326dcc400b62abc819d6c |
| SHA256 | 0e5a32d05eace2ca1d94ce43bf2e1a946eaa24c0fc4f9165ca5054d0e7e6a6ce |
| SHA512 | ea5fd7c282578f7156a3c4e74624a97e5454d42f92f600607b9841d311307b25840f67d86f314860c2ca7832227bb2fa0145db6da5cd829d99f4695acf1ed06a |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.sys
| MD5 | 1484dae9eabf5eb658e3b2348a059ed6 |
| SHA1 | 8566619e880dfe75459ae5ae01152cbda2ea93ad |
| SHA256 | c39096a43345040c5db043bbadfa422216fb11ae9cf238096495ea2b521eb380 |
| SHA512 | bc2471dfcf2d2bad72a9de23f362f84321c5b60448bbad9cc63f377ff0bcc2b47cbdb8a537fefb7449d52860882b677ca78a62395eee1e67a4467e1284b86f62 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.inf
| MD5 | 1b378aed3afa33a9d68845f94546a2f6 |
| SHA1 | 95b809a20490f689a2062637da54a8c65f791363 |
| SHA256 | 6ef70c4c969b91775368b3c5a6d0dce4c5a5d59463e32b872474f0c50b59774a |
| SHA512 | fe0706f48ae52a14936e372dc1406720baf21e018b12ad79727da892c498fc62af59efd08024ba257a94442270c1fe59859a81a2eb7be54be6c7a3cb76051808 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.cat
| MD5 | b2baf02c4d264a1be3ae26aeddfbe82a |
| SHA1 | 4eb1f9a76925117802f9d0899c7afb778deb7b11 |
| SHA256 | 72d16d98f71b3d3468cea6225e0af63ca1352ddec901febad261f83ce782fbf2 |
| SHA512 | b51a48dee62eb722c68286b8fa00f3256ddfb4f585ed262eeb9449a20612e31e6334abcab4bb6333621435259548916a6ce03f4ac13515c7b5089454ddffb3a5 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | f167edffbd32843f93df642181da8ee6 |
| SHA1 | f0e99c445518699b33b405319a911da556ecf257 |
| SHA256 | c94821817a40533133d571d5b2a5636a12afeec66b2a4ebc1773ca3545fdb37c |
| SHA512 | f6529dab2049c96d5cae76816a792d45eb94f45be08e101e14e338cd688e766bd2c38ef1180a562edc9f1d0a38c36c12346976e6fa9a221b8a9643c1d4345b33 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 00b46df9c4fe1117208d3681bc2a6292 |
| SHA1 | b276680b8cd2ee4bb88ba5a9578d601bce406299 |
| SHA256 | 3aece6175b4d13ec918936032cfc82655a8bd8524cd924ada064eec05d006536 |
| SHA512 | 07805f840ed8d3f03e30a93f407732adebfee96fe5183098f8fc8d0cc57de7aa6c557486e0bc2f2861c78afb8c03d74062bc972a0769eea757698af03aafe4b2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 95950ce0cdf404b9f7cc6ae61eeeca08 |
| SHA1 | bf0d6406c0599ea1d64a40748f97dfba2307dbdc |
| SHA256 | c6dc2e4b3cd291ab9ea94ba07875262e7b9fab59a84f7ea7d03056f6595fc294 |
| SHA512 | 7f005752092ad820b4c3b9c2e28cf0afb24bf64b837e6903f3933e079737c1e9204959850b9bb15118ae96a80eba8dc1f6160b52ed3cef408dffd1059af4a1bb |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | e5bd295850b593f6d7cbd8bbe59e71df |
| SHA1 | c922df2483c7cefbed91b221299c0adb6e5a7db2 |
| SHA256 | 70cb5eb4c7f600a56e6409f58cf02de1aa2883a33063d89a68f54f28c2209ce7 |
| SHA512 | 8ff8342df8cbb255c741c42bc14c45309835f74eac8e4a498fd109b10664b788c6f573db709faeae1a781cdec4579691ec309fa66e5656a681ff9adcff3c2b60 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | caf8d71fb95546193db55c48b7491309 |
| SHA1 | 85effc74bb97a144706e275f6e55c914e900160c |
| SHA256 | f3664014305037e0b2d653df17dba587c64df2c68afbb11acf5e68eb55999b70 |
| SHA512 | a6a3413577083fe84214aba3d21d0a254fd0ae601e4ed53cc58a7bbea4a43453521105dd939c252d41c4be92c8e4b544e5130eb3acc1381f715566ec477eefcd |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.tmf
| MD5 | 545b847f7287156012827951669b20d3 |
| SHA1 | 6e7f56623a03e87bd8b4aace2ccb4b1f1d8d9e76 |
| SHA256 | c38e0a07b156c15c67d79ba03f6da9931a4fffce9f64f63bfadf8815be5cbe12 |
| SHA512 | 43ae007a39365d3dc8be74cb8af2d8102668a88013d91c93648e05f5afde556edcab15a98bc753e91eaaa20dd8798e0f98c9dafa6fbbac62010e4da5940fee24 |
C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw
| MD5 | f9b9f65909ec0d8b6febcf59831c1ca9 |
| SHA1 | 15bcea8a4238fcda1fb06913dafbf0aeeb601376 |
| SHA256 | fab728205896e25bff24545b52b2cd2a93a059281b532d5500e9a9a3d2671bd9 |
| SHA512 | 06826657cc17a8acc24c4f249a551c07b235e5fe516f746cf825dabf52d1e5217e678ecb598081250c64098ca3b374e24fab068f12fb27e1eb31d9763d7e9d62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f0b448523c9d6fd5a9a834bb394a67d6 |
| SHA1 | f1ac0dec6c953d3ceb57e0d7c254cc2c74a97c05 |
| SHA256 | 485643ae8782a566169c7ca2ff517a522e165813c995dd55b72ea01d0abb5302 |
| SHA512 | a0f52ba281a0f1a99ce931122862992b13ba99b9fcc9d45a84eb7e71ee7cea1b7a75d8180fcca48ed25aa6a744a49a62fb95bf2bd2a8361000bf92319dd7ac7a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ece960f72c8f7dc8ab6ad56203ee7537 |
| SHA1 | dd483d019344a120a013b416f5bc4c2e95276258 |
| SHA256 | 8756029b22305023b2dd02b4dbb09f6e4944c97d11a0cfda40dc620a72bb5d35 |
| SHA512 | bd00ca2a36aefb65c2fcdcd93c6fdcc3ff7191d0b87e75915d21375fe4ffc27e8a7fa3e10ae5dfc62e1266e96d1bf6536147dcb94d5f3a6795b71b108d36dcf0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a413c93d715f5d513f770861f085d43 |
| SHA1 | 13b0d34e70f1dc63f68fa64b743fb4006e9068cb |
| SHA256 | e12edbfc6ac35becbeb15d959b3ad4a7cb23154d1e48320cc6e862d63b112b6e |
| SHA512 | da1b53c9427a92428683ded1938a992e5a0f8de7bc1cfd00445ac14be8692664c48207a5933aa5acf2ed49d164c6775872ee3c2e3f64072369970be9582e557e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 13cd74d3c14445461b9d9d7c0e9e9e74 |
| SHA1 | 98e9a0b830c5a94c871f9193f495025b86d27c2b |
| SHA256 | c2b4a763b79aaed844b17efa72956d8e1f014a2a369d6ef500ea0323d9e69dd7 |
| SHA512 | cd910154c18322bbed4c8035edc7b16676309c15de7d9c2b5168bcfd2cc1feb7a11d0a6120ff862d6e93ca543f375ad4663f8574ce7a0218218bb02b47f8bc86 |