quasar | d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b

Resubmissions

18-02-2025 16:21

250218-ttqadstlfr 10

17-02-2025 18:51

17-02-2025 16:12

16-02-2025 19:06

16-02-2025 17:04

Analysis

max time kernel
1768s
max time network
1770s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
05-02-2025 14:55

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

test.txt
Size

18B
MD5

5b3f97d48c8751bd031b7ea53545bdb6
SHA1

88be3374c62f23406ec83bb11279f8423bd3f88d
SHA256

d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
SHA512

ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6

Score

10^/10

quasar office04 credential_access defense_evasion discovery motw persistence phishing privilege_escalation spyware stealer trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

rights-regime.gl.at.ply.gg:51212

Mutex

8c23d3e7-ae43-4572-a3d5-031a5b2fc0c8

Attributes

encryption_key
69EA6DACA02503818E2F78897AF719CE2EDBEB56
install_name
Client.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Quasar Client Startup
subdirectory
SubDir

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe,"	MBAMService.exe

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 5 IoCs

resource	yara_rule
behavioral1/files/0x000400000002a689-2010.dat	family_quasar
behavioral1/memory/2784-2152-0x000001FF3EEF0000-0x000001FF3F028000-memory.dmp	family_quasar
behavioral1/memory/2784-2153-0x000001FF3F470000-0x000001FF3F486000-memory.dmp	family_quasar
behavioral1/memory/4980-2272-0x0000000000FA0000-0x00000000012C4000-memory.dmp	family_quasar
behavioral1/files/0x001b00000002aff1-8417.dat	family_quasar

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 4560 created 3284	4560	MBSetup.exe	52

Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Active Setup\Installed Components	explorer.exe

Downloads MZ/PE file 2 IoCs

flow	pid	Process
804	5556	chrome.exe
813	4560	MBSetup.exe

Drops file in Drivers directory 9 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	KdmMbOcpajQr.exe
File created	C:\Windows\system32\drivers\mbae64.sys	MBAMInstallerService.exe
File created	C:\Windows\system32\DRIVERS\MbamChameleon.sys	MBAMService.exe
File opened for modification	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	KdmMbOcpajQr.exe
File opened for modification	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\mbamswissarmy.sys	MBAMService.exe
File opened for modification	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe
File created	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe

Modifies RDP port number used by Windows 1 TTPs

Remote Desktop Protocol
T1021.001

Sets service image path in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys"	MBAMService.exe

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	mbupdatrV5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	mbupdatrV5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	KdmMbOcpajQr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	KdmMbOcpajQr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBAMService.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 29 IoCs

pid	Process
6548	playit.exe
4980	Client-built.exe
4560	MBSetup.exe
4444	MBAMInstallerService.exe
708	MBVpnTunnelService.exe
1748	MBAMService.exe
3048	MBAMService.exe
436	Malwarebytes.exe
2408	Malwarebytes.exe
5052	Malwarebytes.exe
772	Malwarebytes.exe
7136	Malwarebytes.exe
4756	mbupdatrV5.exe
6376	ig.exe
6404	ig.exe
5876	ig.exe
6676	ig.exe
3084	ig.exe
4756	ig.exe
7052	ig.exe
4700	ig.exe
6316	Quasar.exe
6656	Client-built.exe
6912	ig.exe
2740	ig.exe
1320	playit.exe
1848	playit.exe
6416	wnIpiO72dIOc.exe
488	KdmMbOcpajQr.exe

Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService	MBAMInstallerService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service"	MBAMInstallerService.exe

Loads dropped DLL 64 IoCs

pid	Process
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
708	MBVpnTunnelService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
4444	MBAMInstallerService.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
2408	Malwarebytes.exe
2408	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
2408	Malwarebytes.exe
436	Malwarebytes.exe
2408	Malwarebytes.exe
2408	Malwarebytes.exe
2408	Malwarebytes.exe
2408	Malwarebytes.exe
2408	Malwarebytes.exe
2408	Malwarebytes.exe
2408	Malwarebytes.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PVCNH0 = "C:\\windows\\system32\\qq0pbq.exe"	MBAMService.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\W:	MBAMService.exe
File opened (read-only)	\??\I:	MBAMInstallerService.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\M:	MBAMInstallerService.exe
File opened (read-only)	\??\T:	MBAMInstallerService.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	MBAMService.exe
File opened (read-only)	\??\G:	MBAMInstallerService.exe
File opened (read-only)	\??\K:	MBAMInstallerService.exe
File opened (read-only)	\??\D:	explorer.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\O:	MBAMService.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	MBAMService.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	MBAMService.exe
File opened (read-only)	\??\Y:	MBAMService.exe
File opened (read-only)	\??\J:	MBAMInstallerService.exe
File opened (read-only)	\??\F:	explorer.exe
File opened (read-only)	\??\U:	MBAMService.exe
File opened (read-only)	\??\U:	MBAMInstallerService.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	MBAMService.exe
File opened (read-only)	\??\V:	MBAMInstallerService.exe
File opened (read-only)	\??\Z:	MBAMInstallerService.exe
File opened (read-only)	\??\Q:	MBAMInstallerService.exe
File opened (read-only)	\??\X:	MBAMInstallerService.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\S:	MBAMService.exe
File opened (read-only)	\??\X:	MBAMService.exe
File opened (read-only)	\??\E:	MBAMInstallerService.exe
File opened (read-only)	\??\O:	MBAMInstallerService.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\G:	MBAMService.exe
File opened (read-only)	\??\P:	MBAMInstallerService.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\E:	MBAMService.exe
File opened (read-only)	\??\K:	MBAMService.exe
File opened (read-only)	\??\N:	MBAMService.exe
File opened (read-only)	\??\Y:	MBAMInstallerService.exe
File opened (read-only)	\??\P:	MBAMService.exe
File opened (read-only)	\??\R:	MBAMService.exe
File opened (read-only)	\??\O:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
652	camo.githubusercontent.com
652	raw.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
179	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	4944	chrome.exe

Boot or Logon Autostart Execution: Authentication Package 1 TTPs 2 IoCs

Suspicious Windows Authentication Registry Modification.

persistence privilege_escalation

Authentication Package

T1547.002

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Notification Packages = 73006300650063006c00690000000000	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Authentication Packages = 6d007300760031005f00300000000000	MBAMService.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtucx21x64.inf_amd64_d70642620058e2a4\rtucx21x64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7447D0CD4A15D8A8E94E184F8B1DF8DF	MBAMService.exe
File opened for modification	C:\Windows\System32\msedge.dll.pdb	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\201DA8C72BE195AF55036D85719C6480	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usb4p2pnetadapter.inf_amd64_a9fd59ce64f17c8a\usb4p2pnetadapter.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\fastprox.pdb	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_2E01D413E600DA01958BFB19A6EF6010	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_D94F4A82266DCEDAC0F3F1BFD0843F4D	MBAMService.exe
File opened for modification	C:\Windows\System32\wbemprox.pdb	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_5229ee1dac1c624e\usbnet.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\wbemcore.pdb	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\201DA8C72BE195AF55036D85719C6480	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_a31306bfdf7135b0\bthpan.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{91125f9c-0bd6-8b43-8062-aacb2b636d41}\mbtun.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\Amsi.pdb	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\66AE3BFDF94A732B262342AD2154B86E_0D0888CE7AC1F2D5AD77780722B1FE14	MBAMService.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_56DB209C155B5A05FCBF555DF7E6D1BB	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8BD11C4A2318EC8E5A82462092971DEA	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7447D0CD4A15D8A8E94E184F8B1DF8DF	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_62f41b89e0dc2537\netwtw08.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_2299fee965b7e92c\netvwwanmp.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys	DrvInst.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_d54f628acb9dea33\dc21x4vm.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	MBAMService.exe
File opened for modification	C:\Windows\System32\kernel32.pdb	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3E3E9689537B6B136ECF210088069D55_EF6C9357BB54DDB629FD2D79F1594F95	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_04b60d124553a40f\rndiscmp.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_3aba8686305c0121\msdri.PNF	MBVpnTunnelService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_6686e5d9c8b063ef\usbncm.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\System32\ntdll.pdb	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637	MBAMService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C3E814D1CB223AFCD58214D14C3B7EAB	MBAMService.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_a39ece60dbc76c55\rtux64w10.PNF	MBVpnTunnelService.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A334956C3F99BD182BF4859935BADE72_FACA7E02B2152427A5B3C5BC1AC9CE92	MBAMService.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pl\PresentationFramework.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\PresentationFramework.Classic.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pt-BR\System.Windows.Forms.Primitives.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_wireguard.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Runtime.Intrinsics.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Security.Claims.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\PresentationFramework-SystemXml.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\api-ms-win-core-util-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\es\System.Windows.Forms.Primitives.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ru\UIAutomationTypes.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\tr\UIAutomationClientSideProviders.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.runtimeconfig.json	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\Microsoft.NETCore.App.deps.json	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\System.Diagnostics.EventLog.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.Protection.Interop.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\cs\UIAutomationTypes.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Runtime.Serialization.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\de\Microsoft.VisualBasic.Forms.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\de\PresentationUI.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\fr\PresentationFramework.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ja\UIAutomationProvider.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\api-ms-win-core-heap-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.IO.Pipes.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Transactions.Local.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\cs\WindowsBase.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ru\PresentationCore.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.TrayNotification.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Collections.NonGeneric.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\msquic.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\fr\System.Windows.Input.Manipulations.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ru\System.Xaml.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\api-ms-win-crt-multibyte-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ko\System.Windows.Controls.Ribbon.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ko\System.Xaml.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\System.DirectoryServices.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\tr\System.Windows.Forms.Primitives.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Threading.ThreadPool.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Private.CoreLib.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Security.Cryptography.Csp.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pl\System.Windows.Input.Manipulations.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\PresentationFramework.Luna.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\System.Text.Encodings.Web.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat	MBAMService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\mscorlib.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Net.Security.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Text.Encoding.Extensions.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pt-BR\UIAutomationTypes.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Configuration.Abstractions.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Linq.Expressions.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\ja\System.Xaml.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\pl\System.Windows.Forms.Design.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\System.Security.Cryptography.Xml.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\e_sqlcipher.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\System.Management.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\es\WindowsBase.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Console.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.IO.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\System.Security.Cryptography.Algorithms.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.36\fr\UIAutomationProvider.resources.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.36\api-ms-win-core-processenvironment-l1-1-0.dll	MBAMInstallerService.exe

Drops file in Windows directory 30 IoCs

description	ioc	Process
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\SystemTemp\Tmp39D3.tmp	MBAMService.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\metadata	setup.exe
File opened for modification	C:\Windows\Installer\{8C17366B-843B-49DC-AC1B-748DC264E06F}\ProductICO	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\Installer\{8C17366B-843B-49DC-AC1B-748DC264E06F}\ProductICO	Taskmgr.exe
File opened for modification	C:\Windows\SystemTemp\TmpFF97.tmp	MBAMService.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	MBVpnTunnelService.exe
File created	C:\Windows\SystemTemp\~DFE9D4A4CE39A22DFC.TMP	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1759E5724B50701E.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFD5261102F86D8C5B.TMP	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\Tmp15.tmp	MBAMService.exe
File opened for modification	C:\Windows\Installer\e588d57.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\SystemTemp\Crashpad\settings.dat	setup.exe
File created	C:\Windows\Installer\e588d59.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF241CBB3945AF9829.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8EED.tmp	msiexec.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\SystemTemp\Tmp3771.tmp	MBAMService.exe
File created	C:\Windows\Installer\e588d57.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8C17366B-843B-49DC-AC1B-748DC264E06F}	msiexec.exe
File created	C:\Windows\Installer\{8C17366B-843B-49DC-AC1B-748DC264E06F}\ProductICO	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MBSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	KdmMbOcpajQr.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000004c79797f2efc73ee0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800004c79797f0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809004c79797f000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d4c79797f000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004c79797f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	explorer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011	explorer.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	explorer.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MBAMService.exe

Enumerates system info in registry 2 TTPs 23 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	SearchHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	SearchHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 14 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000"	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	MBAMService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000"	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\GPU	SearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000"	MBAMService.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	MBAMInstallerService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MBAMService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0	MBAMInstallerService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MBAMService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%systemroot%\system32\FirewallControlPanel.dll,-12122 = "Windows Defender Firewall"	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\ci.dll,-101 = "Enclave"	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	mbupdatrV5.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\OpenWithList	MBAMService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)"	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption"	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption"	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MBAMService.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CFFF19F6-ECFE-446D-ACAD-8DC525DA2563}	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{44AC1571-055F-4CC8-B7D8-EA022C4CC112}\TypeLib\Version = "1.0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6696D5DD-4143-482C-ABF4-3B215CF3DBFC}\ProxyStubClsid32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B9F73DD6-F2A4-40F8-9109-67F6BB8D3704}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0D8223D-D594-4147-BAD8-1E2B54ED1990}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "13"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7AEBAD20-B80A-427D-B7D5-D2983291132E}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5D448EF3-7261-4C0C-909C-6D56043C259D}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DFD7E94-47E6-483A-B4FD-DC586A52CE5D}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F22E03D6-F159-40A0-9476-16F3377B58C9}\ = "_IMWACControllerEventsV9"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97EB7268-0D7B-43F6-9C11-337287F960DF}\ = "IRTPControllerV12"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A2D4A69C-14CA-4825-9376-5B4215AF5C5E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\Programmable	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53260A87-5F77-4449-95F1-77A210A2A6D8}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0AB5C774-8EB7-4C1B-9BBB-5AC3E2C291DD}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1D8E799-D5A2-45B4-9524-067144A201E4}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC5390D0-3831-4D42-BD1D-8151A5A1742C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D88AC9B4-2BC3-4215-9547-4F05743AE67B}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24F9231B-265E-4C66-B10B-D438EF1EB510}\ = "_IMWACControllerEventsV7"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5BA2811A-EE5B-44DF-81CD-C75BB11A82D4}\TypeLib	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\Programmable	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E90361FE-F6B5-43E8-99F7-1BD40500981F}\TypeLib	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CB653AC-F9CF-4277-BFB1-C0ED1C650F56}\ProxyStubClsid32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}\1.0\FLAGS	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FA6C70E7-6A6D-4F4A-99BF-C8B375CB7E0C}\ = "ILinker"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0F2D6C4F-0B95-4A53-BA9D-55526737DC34}\ = "IMWACControllerEventsV4"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97EB7268-0D7B-43F6-9C11-337287F960DF}\TypeLib\Version = "1.0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A2D4A69C-14CA-4825-9376-5B4215AF5C5E}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68E3012A-E3EC-4D66-9132-4E412F487165}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8FEFED84-854E-4029-A986-1D7774D4CF7D}\ = "IScanControllerV17"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3BD2053F-99D1-4C2B-8B45-635183A8F0BF}\ = "IMWACControllerV6"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A3E14F0-01F5-492E-AA97-3D880941D814}\ = "_IMWACControllerEventsV5"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B860FC17-5606-4F3A-8AE5-E1C139D8BDE3}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\TypeLib\ = "{C731375E-3199-4C88-8326-9F81D3224DAD}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{72F290D5-789C-4D8A-9EBE-63ECEA150373}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD9CB7A5-5C46-4799-A3A4-20FB128E58F1}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADCD8BEB-8924-4876-AE14-2438FF14FA17}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F}\TypeLib\Version = "1.0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F77B440A-6CBC-4AFD-AA22-444552960E50}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{735BE2C0-5A9B-457A-A0A9-4B27FCED2817}\ = "IScanControllerV13"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC60FEE4-E373-4962-B548-BA2E06119D54}	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{83D0C30B-ECF4-40C5-80EC-21BB47F898A9}\TypeLib\Version = "1.0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\ProgID	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD67766C-A28D-44F3-A5D0-962965510B2D}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6696D5DD-4143-482C-ABF4-3B215CF3DBFC}\TypeLib\Version = "1.0"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4215DAB-7574-44DE-8BE9-78CC62597C95}\TypeLib\ = "{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{893E5593-9490-4E90-9F1E-0B786EC41470}\TypeLib	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.LogController.1\CLSID\ = "{251AD013-20AD-4C3F-8FE2-F66A429B4819}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1E3F0FEC-3E40-4137-8C7D-090AFA9B6C5E}	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CDA4F172-98EF-4DF6-89AB-852D1B0EC2D4}\ = "ILicenseControllerV12"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B5186B66-AE3D-4EC4-B9F5-67EC478625BE}\ = "_IMWACControllerEvents"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C4652FC-FA35-4394-A133-F68409776465}\ProxyStubClsid32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{56898B37-6187-4F81-B9C6-8DA97D31F396}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA226B90-F6FF-4618-8AE6-1114E82CB162}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DAD5232C-6E05-4458-9709-0B4DCB22EA09}\ = "ITelemetryControllerV2"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FB586AB4-56F2-4EFA-9756-EE9A399B44DE}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe

Modifies system certificate store 2 TTPs 37 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D772DA0874059418FCDAACE3F4FF2AC964A852FF\Blob = 030000000100000014000000d772da0874059418fcdaace3f4ff2ac964a852ff140000000100000014000000246593980801e84ed4d64cea6455e1c0fafbcfb3040000000100000010000000fe9ab1791f2f2a2a01fce48d6b2a093c0f000000010000003000000054de7e1f5b9b2c1834c8e4fedef7bec89e6e7117ef761a80d1bccec1d63888d0d4ad1b6c5c6a4ea556436ddd29aaf904190000000100000010000000ce4cfdd3ed415f0993c3c8bd5428ecbb5c0000000100000004000000000c0000180000000100000010000000ea6089055218053dd01e37e1d806eedf200000000100000048060000308206443082042ca0030201020211009e02b0e94aceb2109ca1e9836be0c2db300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3231303532353030303030305a170d3336303532343233353935395a304f310b300906035504061302474231183016060355040a130f5365637469676f204c696d69746564312630240603550403131d5365637469676f2052534120436f6465205369676e696e672043412032308201a2300d06092a864886f70d01010105000382018f003082018a0282018100bb7bff8fbf4b2d43b6f1661c00ff8d9d2a7840c4234c4349a709395a45510b16fdee6031f53470e363075bec932a725a16385216091d2f53efa83eec3aa07ba25348802d95959b14ddb213f617c13b2612049cde3d4c4a3d33c30c26256f3d6e0f9503b18433c690499ef9e636778f006324606f5d61e44d1b0df783548cbc4f8a7c20f42a20aa61a02d902877d351569c94cca6f421cad8be289a4a1e5486c3f6ec6c6ac10e69d339b273758ff0abf75b77391ea30672e23287f97fc61413e468911d33a9c7b3302db6a9c581ef21848aba96ec110364e5dfbaa9c18d4e7e2cdffbc380c1a8296a321225fa20451c29f5549adf8ae067f1310f0a11c63170afbc803b177ec3f23626be3c37cf37b85d795497b8bbc37f76056a359f8213194f2af37dc9b988166a4c38d82b61e5615b571a0ec7fd7bb76b0a42401ff30fe0ec70ba6a79571889c71df7309f430a0715067245a3575ebfa3ed584c62197566c21b0175a6560d1461b5765bf137b4040503c1c4a3ff5dcaf49dbae72f16f6b67b0203010001a382015f3082015b301f0603551d230418301680145379bf5aaa2b4acf5480e1d89bc09df2b20366cb301d0603551d0e04160414246593980801e84ed4d64cea6455e1c0fafbcfb3300e0603551d0f0101ff04040302018630120603551d130101ff040830060101ff02010030130603551d25040c300a06082b06010505070303301b0603551d200414301230060604551d20003008060667810c01040130500603551d1f044930473045a043a041863f687474703a2f2f63726c2e7573657274727573742e636f6d2f55534552547275737452534143657274696669636174696f6e417574686f726974792e63726c307106082b0601050507010104653063303a06082b06010505073002862e687474703a2f2f6372742e7573657274727573742e636f6d2f55534552547275737452534141414143412e637274302506082b060105050730018619687474703a2f2f6f6373702e7573657274727573742e636f6d300d06092a864886f70d01010c0500038202010055d1f2be5bc5485740e5ecd9faeffd6b92fca8754779e9cfc23d14f9a109e565b9ad9fbc4ef29da2e735cccfa2392b472bc0e0ba36902366d1126488d95751add00f6f5f8a90cf1bb17a6956fac2400a85bfe1bae0cd72337817684ef2eb0276135b8529532e1d3caf14b46c0333f437a1ed90453ff573bca9925017ebfe39ca4640eafba3b4179b585ac5004f6cd30cc05f6f867781a63d2516f62fa249f093bed557723cb3c8d21b129930221003f64a89e0928fa8c338600f2156d4ebab5733a777dd27e591539e2f671f4bc38bf4656392ce9512561e1daee2ed8074beec4dfeecc717d79493974c464cc54662e53b9d1a08c0630ad519cc0ab089cc8b2e084578d969ec7d0db7cf86a12ec3e0860e3709e44bc50c73c8f628dc9ed5959a235771ce406d9d5bea1bc3b2492444f41004caeda6925f54d6097b3ab992d310111499b6ce40ffe5c6a3776635adec33a03bc8c69e3ea19985587cb1a85a38e62e53ac7ffd133beb57d46dfdf21ce2f78cb42ef6d754ef23ed29b10ccb1f9a3cd82f9e0d66499f508786a0f1f9ca1cb01dc3f14c9efcd3a64feef466b642d170b95b948385bbd44479771188b1a071eafa4bf0ff8708cd8a8866ba87405c9488d8ad0a0742f7bee4cb993791318d9a6810fe9a03bc150226b79e70bd19804cecf00280fbff4ca2b76ebfe3d8e4dcf7c8856b986ed21371dceecac9ae317e7b05	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0400000001000000100000001d3554048578b03f42424dbf20730a3f0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186819000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 5c00000001000000040000000008000019000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b0400000001000000100000001d3554048578b03f42424dbf20730a3f20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	MBAMService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D772DA0874059418FCDAACE3F4FF2AC964A852FF	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c	MBAMInstallerService.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\playit-windows-x86_64-signed.msi:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Quasar-master.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Quasar.v1.4.1.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier	chrome.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA	MBAMInstallerService.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1964	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 4 IoCs

pid	Process
1544	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1996	msiexec.exe
1996	msiexec.exe
6440	chrome.exe
6440	chrome.exe
6440	chrome.exe
6440	chrome.exe
2052	chrome.exe
2052	chrome.exe
4560	MBSetup.exe
4560	MBSetup.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
4444	MBAMInstallerService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
5516	chrome.exe
5516	chrome.exe
3048	MBAMService.exe
3048	MBAMService.exe
5516	chrome.exe
5516	chrome.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
3048	MBAMService.exe
6604	Taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
2784	Quasar.exe
6604	Taskmgr.exe
6316	Quasar.exe
3452	explorer.exe

Suspicious behavior: LoadsDriver 4 IoCs

pid	Process
680	Process not Found
680	Process not Found
680	Process not Found
680	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe
Token: SeShutdownPrivilege	1772	chrome.exe
Token: SeCreatePagefilePrivilege	1772	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
396	msiexec.exe
396	msiexec.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
2784	Quasar.exe
4980	Client-built.exe
4980	Client-built.exe
4980	Client-built.exe
4980	Client-built.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
1772	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
2052	chrome.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
436	Malwarebytes.exe
4980	Client-built.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
4980	Client-built.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe
6604	Taskmgr.exe

Suspicious use of SetWindowsHookEx 41 IoCs

pid	Process
1544	explorer.exe
1544	explorer.exe
2784	Quasar.exe
2784	Quasar.exe
2784	Quasar.exe
2784	Quasar.exe
2784	Quasar.exe
4560	MBSetup.exe
6316	Quasar.exe
6316	Quasar.exe
3452	explorer.exe
2840	SearchHost.exe
5784	StartMenuExperienceHost.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
6316	Quasar.exe
6316	Quasar.exe
6316	Quasar.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
3452	explorer.exe
6316	Quasar.exe
6316	Quasar.exe
5716	PickerHost.exe
4060	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 1964	2068	cmd.exe	78
PID 2068 wrote to memory of 1964	2068	cmd.exe	78
PID 1772 wrote to memory of 2836	1772	chrome.exe	82
PID 1772 wrote to memory of 2836	1772	chrome.exe	82
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 3724	1772	chrome.exe	83
PID 1772 wrote to memory of 4944	1772	chrome.exe	84
PID 1772 wrote to memory of 4944	1772	chrome.exe	84
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85
PID 1772 wrote to memory of 4320	1772	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3284
- C:\Windows\system32\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\test.txt
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2068
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1772
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca747cc40,0x7ffca747cc4c,0x7ffca747cc58
    3⤵
    PID:2836
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1796,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1776 /prefetch:2
    3⤵
    PID:3724
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
    3⤵
    - Mark of the Web detected: This indicates that the page was originally saved or cloned.
    PID:4944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2200 /prefetch:8
    3⤵
    PID:4320
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:1244
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:1744
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3772,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4448 /prefetch:1
    3⤵
    PID:1540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3668,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4288 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4616,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4668 /prefetch:1
    3⤵
    PID:1824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4896,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3468 /prefetch:1
    3⤵
    PID:1092
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3152,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:4988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4816,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:1
    3⤵
    PID:948
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4344,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4660 /prefetch:1
    3⤵
    PID:3204
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5192,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
    3⤵
    PID:3152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5368,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5416 /prefetch:8
    3⤵
    PID:2512
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
    3⤵
    - Drops file in Windows directory
    PID:3016
  - - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff76cdc4698,0x7ff76cdc46a4,0x7ff76cdc46b0
      4⤵
      Drops file in Windows directory
      PID:4824
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5452,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:8
    3⤵
    PID:8
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5508,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5484 /prefetch:8
    3⤵
    PID:3988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5552,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5516 /prefetch:8
    3⤵
    PID:244
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5460,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5472 /prefetch:1
    3⤵
    PID:4876
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4832,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5216 /prefetch:8
    3⤵
    PID:2768
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=4912,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5784 /prefetch:2
    3⤵
    PID:988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5764,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:1
    3⤵
    PID:948
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4372,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:1
    3⤵
    PID:4812
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5056,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:3988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4956,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:4860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5744,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
    3⤵
    PID:4416
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6040,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4704 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=5580,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6140 /prefetch:1
    3⤵
    PID:1312
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=4564,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5556 /prefetch:1
    3⤵
    PID:2856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6264,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6296 /prefetch:1
    3⤵
    PID:4264
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6288,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6444 /prefetch:1
    3⤵
    PID:2520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=6428,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6588 /prefetch:1
    3⤵
    PID:2260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=6608,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6732 /prefetch:1
    3⤵
    PID:1064
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=6760,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6876 /prefetch:1
    3⤵
    PID:660
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=6884,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7016 /prefetch:1
    3⤵
    PID:412
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=7052,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7164 /prefetch:1
    3⤵
    PID:4132
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7324,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7176 /prefetch:1
    3⤵
    PID:3704
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7448,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7480 /prefetch:1
    3⤵
    PID:1508
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7592,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7616 /prefetch:1
    3⤵
    PID:3932
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7748,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7780 /prefetch:1
    3⤵
    PID:2204
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7764,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7916 /prefetch:1
    3⤵
    PID:3024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7452,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:5424
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=7756,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6872 /prefetch:1
    3⤵
    PID:5432
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=6912,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8188 /prefetch:1
    3⤵
    PID:5488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=6992,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8308 /prefetch:1
    3⤵
    PID:5496
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=6932,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6880 /prefetch:1
    3⤵
    PID:5600
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=6952,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8208 /prefetch:1
    3⤵
    PID:5752
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8700,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8684 /prefetch:1
    3⤵
    PID:5820
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8836,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8876 /prefetch:1
    3⤵
    PID:5884
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6996,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9032 /prefetch:1
    3⤵
    PID:5936
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=9148,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9168 /prefetch:1
    3⤵
    PID:5988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8692,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9292 /prefetch:1
    3⤵
    PID:5996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9460,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9472 /prefetch:1
    3⤵
    PID:6100
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9300,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9056 /prefetch:1
    3⤵
    PID:6108
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8520,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8508 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=9724,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9892 /prefetch:1
    3⤵
    PID:660
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=9908,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9876 /prefetch:1
    3⤵
    PID:1444
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=9604,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10196 /prefetch:1
    3⤵
    PID:5656
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=9416,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9296 /prefetch:1
    3⤵
    PID:5308
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=9784,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9400 /prefetch:1
    3⤵
    PID:5552
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=9312,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9404 /prefetch:1
    3⤵
    PID:5576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=6880,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9168 /prefetch:1
    3⤵
    PID:5868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=9700,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9164 /prefetch:1
    3⤵
    PID:5876
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=6916,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9952 /prefetch:1
    3⤵
    PID:5956
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=9612,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7500 /prefetch:1
    3⤵
    PID:5972
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=10204,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10328 /prefetch:1
    3⤵
    PID:6068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=9708,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10324 /prefetch:1
    3⤵
    PID:1968
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=5876,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6068 /prefetch:1
    3⤵
    PID:5916
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=5116,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:1
    3⤵
    PID:6088
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=10280,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8532 /prefetch:8
    3⤵
    - NTFS ADS
    PID:4820
- - C:\Windows\System32\msiexec.exe
    "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\playit-windows-x86_64-signed.msi"
    3⤵
    - Enumerates connected drives
    - Suspicious use of FindShellTrayWindow
    PID:396
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=8628,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10324 /prefetch:1
    3⤵
    PID:6756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --field-trial-handle=10780,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10712 /prefetch:1
    3⤵
    PID:6772
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --field-trial-handle=10976,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10960 /prefetch:1
    3⤵
    PID:6904
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=7068,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4320 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6440
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --field-trial-handle=6576,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7616 /prefetch:1
    3⤵
    PID:1404
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --field-trial-handle=8732,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7792 /prefetch:1
    3⤵
    PID:6796
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --field-trial-handle=7812,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7868 /prefetch:1
    3⤵
    PID:7152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --field-trial-handle=7852,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7820 /prefetch:1
    3⤵
    PID:6756
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --field-trial-handle=8308,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10056 /prefetch:1
    3⤵
    PID:5344
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --field-trial-handle=6460,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6532 /prefetch:1
    3⤵
    PID:4616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --field-trial-handle=10084,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7940 /prefetch:1
    3⤵
    PID:6148
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=9532,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8268 /prefetch:1
    3⤵
    PID:6152
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --field-trial-handle=7396,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8292 /prefetch:1
    3⤵
    PID:6192
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --field-trial-handle=7360,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6064 /prefetch:1
    3⤵
    PID:6196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=7412,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10348 /prefetch:1
    3⤵
    PID:6208
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --field-trial-handle=10308,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9084 /prefetch:1
    3⤵
    PID:4640
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=9912,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
    3⤵
    PID:5664
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --field-trial-handle=10908,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5556 /prefetch:1
    3⤵
    PID:6084
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --field-trial-handle=8412,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6132 /prefetch:1
    3⤵
    PID:540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --field-trial-handle=6304,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8364 /prefetch:1
    3⤵
    PID:952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --field-trial-handle=10468,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8400 /prefetch:1
    3⤵
    PID:3024
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --field-trial-handle=1132,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:1
    3⤵
    PID:5148
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --field-trial-handle=8332,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:6524
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --field-trial-handle=9340,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:1
    3⤵
    PID:5296
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --field-trial-handle=6132,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3520 /prefetch:1
    3⤵
    PID:5584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --field-trial-handle=5784,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6356 /prefetch:1
    3⤵
    PID:5300
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=7844,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=10128 /prefetch:8
    3⤵
    PID:1944
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8348,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9852 /prefetch:8
    3⤵
    - NTFS ADS
    PID:2316
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=11044,i,10377687315597900147,4962533571915277889,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5892 /prefetch:8
    3⤵
    - NTFS ADS
    PID:3188
- C:\Program Files\playit_gg\bin\playit.exe
  "C:\Program Files\playit_gg\bin\playit.exe"
  2⤵
  - Executes dropped EXE
  PID:6548
- C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
  "C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2784
- - C:\Windows\explorer.exe
    "C:\Windows\explorer.exe" /select, "C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12"
    3⤵
    PID:5196
- C:\Users\Admin\Desktop\Client-built.exe
  "C:\Users\Admin\Desktop\Client-built.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SendNotifyMessage
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  PID:2052
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffca747cc40,0x7ffca747cc4c,0x7ffca747cc58
    3⤵
    PID:3328
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1764,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=1760 /prefetch:2
    3⤵
    PID:2828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=2108 /prefetch:3
    3⤵
    - Downloads MZ/PE file
    PID:5556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=2212 /prefetch:8
    3⤵
    PID:6980
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:4668
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:4988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3592,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=3588 /prefetch:1
    3⤵
    PID:5848
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3256,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=4964 /prefetch:1
    3⤵
    PID:868
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5200,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5068 /prefetch:8
    3⤵
    PID:2392
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5508,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5520 /prefetch:8
    3⤵
    PID:4648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5664,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5676 /prefetch:8
    3⤵
    PID:3476
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5816,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5828 /prefetch:8
    3⤵
    PID:4324
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3452,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5384 /prefetch:8
    3⤵
    - Subvert Trust Controls: Mark-of-the-Web Bypass
    - NTFS ADS
    PID:4188
- - C:\Users\Admin\Downloads\MBSetup.exe
    "C:\Users\Admin\Downloads\MBSetup.exe"
    3⤵
    - Suspicious use of NtCreateUserProcessOtherParentProcess
    - Downloads MZ/PE file
    - Drops file in Drivers directory
    - Checks BIOS information in registry
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4560
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5596,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=6048 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5516
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4360,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=1404 /prefetch:1
    3⤵
    PID:6088
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=1172,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:6608
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5704,i,3413666211548636930,1487872123501401687,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5588 /prefetch:1
    3⤵
    PID:716
- C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2408
- - C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
    "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
    3⤵
    - Executes dropped EXE
    PID:5052
- C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
  2⤵
  - Executes dropped EXE
  PID:772
- - C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
    "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
    3⤵
    - Executes dropped EXE
    PID:7136
- C:\Windows\System32\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe"
  2⤵
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  PID:6604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://run/
  2⤵
  - Enumerates system info in registry
  PID:1048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca2a73cb8,0x7ffca2a73cc8,0x7ffca2a73cd8
    3⤵
    PID:6708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,6561553899655779154,14954801725074694062,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
    3⤵
    PID:7060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,6561553899655779154,14954801725074694062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    PID:6672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,6561553899655779154,14954801725074694062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
    3⤵
    PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6561553899655779154,14954801725074694062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:7052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6561553899655779154,14954801725074694062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
    3⤵
    PID:4204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,6561553899655779154,14954801725074694062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:8
    3⤵
    PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://run.msc/
  2⤵
  - Enumerates system info in registry
  PID:3760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x78,0x10c,0x7ffca2a73cb8,0x7ffca2a73cc8,0x7ffca2a73cd8
    3⤵
    PID:3096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,18171076803534619761,2504637208358422517,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
    3⤵
    PID:7148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,18171076803534619761,2504637208358422517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
    3⤵
    PID:2260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,18171076803534619761,2504637208358422517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
    3⤵
    PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18171076803534619761,2504637208358422517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
    3⤵
    PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18171076803534619761,2504637208358422517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18171076803534619761,2504637208358422517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
    3⤵
    PID:6008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,18171076803534619761,2504637208358422517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:8
    3⤵
    PID:5852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,18171076803534619761,2504637208358422517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
    3⤵
    PID:5436
- C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe
  "C:\Users\Admin\Desktop\Quasar v1.4.1\Quasar.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6316
- C:\Users\Admin\Desktop\Client-built.exe
  "C:\Users\Admin\Desktop\Client-built.exe"
  2⤵
  - Executes dropped EXE
  PID:6656
- - C:\Users\Admin\AppData\Local\Temp\wnIpiO72dIOc.exe
    "C:\Users\Admin\AppData\Local\Temp\wnIpiO72dIOc.exe"
    3⤵
    - Executes dropped EXE
    PID:6416
- - C:\Users\Admin\AppData\Local\Temp\KdmMbOcpajQr.exe
    "C:\Users\Admin\AppData\Local\Temp\KdmMbOcpajQr.exe"
    3⤵
    - Drops file in Drivers directory
    - Checks BIOS information in registry
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://swadwasd/
    3⤵
    - Enumerates system info in registry
    PID:4308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca2a73cb8,0x7ffca2a73cc8,0x7ffca2a73cd8
      4⤵
      PID:4064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,5978115784483030260,3444304973284490140,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
      4⤵
      PID:1928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,5978115784483030260,3444304973284490140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
      4⤵
      PID:3568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,5978115784483030260,3444304973284490140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
      4⤵
      PID:6196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5978115784483030260,3444304973284490140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:3948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,5978115784483030260,3444304973284490140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
      4⤵
      PID:3288
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /K CHCP 437
    3⤵
    PID:4864
  - - C:\Windows\system32\chcp.com
      CHCP 437
      4⤵
      PID:3208
  - - C:\Windows\system32\shutdown.exe
      shutdown /s /f
      4⤵
      PID:6224

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5088

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1996
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:5232

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3780

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6128

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6240

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:484

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies system certificate store
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4444
- C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  PID:708
- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Modifies registry class
  PID:1748

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:5344
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000154" "Service-0x0-3e7$\Default" "0000000000000164" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:1784

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
1⤵
- Modifies WinLogon for persistence
- Drops file in Drivers directory
- Sets service image path in registry
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Enumerates connected drives
- Boot or Logon Autostart Execution: Authentication Package
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:3048
- C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SendNotifyMessage
  PID:436
- C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
  "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
  2⤵
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Modifies data under HKEY_USERS
  PID:4756
- C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
  ig.exe secure
  2⤵
  - Executes dropped EXE
  PID:6376
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  - Executes dropped EXE
  PID:6404
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  - Executes dropped EXE
  PID:5876
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  - Executes dropped EXE
  PID:6676
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  - Executes dropped EXE
  PID:3084
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  - Executes dropped EXE
  PID:7052
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  - Executes dropped EXE
  PID:4700
- C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
  ig.exe secure
  2⤵
  - Executes dropped EXE
  PID:6912
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  - Executes dropped EXE
  PID:2740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5888

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:6348
- C:\Windows\explorer.exe
  explorer.exe /LOADSAVEDWINDOWS
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Enumerates connected drives
  - Checks SCSI registry key(s)
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3452
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:6228
  - - C:\Windows\system32\nslookup.exe
      nslookup
      4⤵
      PID:4124
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:1524
  - - C:\Windows\system32\nslookup.exe
      nslookup rights-regime.gl.at.ply.gg:
      4⤵
      PID:4432
  - - C:\Windows\system32\nslookup.exe
      nslookup rights-regime.gl.at.ply.gg
      4⤵
      PID:6812
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:6716
  - - C:\Windows\system32\nslookup.exe
      nslookup rights-regime.gl.at.ply.gg:
      4⤵
      PID:6976
  - - C:\Windows\system32\nslookup.exe
      nslookup rights-regime.gl.at.ply.gg
      4⤵
      PID:3952
- - C:\Program Files\playit_gg\bin\playit.exe
    "C:\Program Files\playit_gg\bin\playit.exe"
    3⤵
    - Executes dropped EXE
    PID:1320
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    PID:1196
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffca747cc40,0x7ffca747cc4c,0x7ffca747cc58
      4⤵
      PID:1912
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,13614135107644579242,2399058257373359192,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=1948 /prefetch:2
      4⤵
      PID:3336
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,13614135107644579242,2399058257373359192,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=2008 /prefetch:3
      4⤵
      PID:2648
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,13614135107644579242,2399058257373359192,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=2388 /prefetch:8
      4⤵
      PID:5188
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3644,i,13614135107644579242,2399058257373359192,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=3660 /prefetch:1
      4⤵
      PID:3612
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3664,i,13614135107644579242,2399058257373359192,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=3760 /prefetch:1
      4⤵
      PID:2432
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4996,i,13614135107644579242,2399058257373359192,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=4964 /prefetch:1
      4⤵
      PID:5092
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5276,i,13614135107644579242,2399058257373359192,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5284 /prefetch:8
      4⤵
      PID:6764
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5408,i,13614135107644579242,2399058257373359192,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=5428 /prefetch:8
      4⤵
      PID:6680
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4248,i,13614135107644579242,2399058257373359192,262144 --variations-seed-version=20250204-185839.162000 --mojo-platform-channel-handle=3868 /prefetch:8
      4⤵
      PID:3932
- - C:\Program Files\playit_gg\bin\playit.exe
    "C:\Program Files\playit_gg\bin\playit.exe"
    3⤵
    - Executes dropped EXE
    PID:1848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    3⤵
    - Enumerates system info in registry
    PID:1084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffca2a73cb8,0x7ffca2a73cc8,0x7ffca2a73cd8
      4⤵
      PID:1516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
      4⤵
      PID:5724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
      4⤵
      PID:1140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3256 /prefetch:8
      4⤵
      PID:6552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
      4⤵
      PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
      4⤵
      PID:972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
      4⤵
      PID:5084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
      4⤵
      PID:4000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
      4⤵
      PID:4204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
      4⤵
      PID:4308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4172 /prefetch:8
      4⤵
      PID:1512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
      4⤵
      PID:3316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
      4⤵
      PID:3408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
      4⤵
      PID:3952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18396307176210648181,11757593843716079434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
      4⤵
      PID:3356

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:5784

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5880

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4616

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5716

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38c9055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Authentication Package

T1547.002

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Authentication Package

T1547.002

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Remote Services

T1021

Remote Desktop Protocol

T1021.001

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e588d58.rbs

Filesize
9KB

MD5
2b0202a107962beee91cbe66f14a843d

SHA1
0ece6f3fbfea2677b320fcf9b46304a3e188e364

SHA256
2b8e27c6b3e400ee957bebf0a1f53c22e73d8331f6a450ccae55f1cbb5ecae7c

SHA512
1313d2a7d67194f344f06842e30fbda15d8a376409c1b7e7ff342cf8e48c22d7f1a7e4e6aecffc2e52ad23e6e7582aafbe0a38464a1c6b834e8607c4cd3cb1aa

Download Submit
C:\Program Files (x86)\mbamtestfile.dat

Filesize
6B

MD5
9f06243abcb89c70e0c331c61d871fa7

SHA1
fde773a18bb29f5ed65e6f0a7aa717fd1fa485d4

SHA256
837ccb607e312b170fac7383d7ccfd61fa5072793f19a25e75fbacb56539b86b

SHA512
b947b99d1baddd347550c9032e9ab60b6be56551cf92c076b38e4e11f436051a4af51c47e54f8641316a720b043641a3b3c1e1b01ba50445ea1ba60bfd1b7a86

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

Filesize
2.7MB

MD5
e04e61828c9fffcee59cd90ef155c90f

SHA1
7a97b65f11d2b3f30d8e2dde4c44bdf16f3d3b24

SHA256
05d4d87f43646f7ca2e50520d8850e8808748a508c2761838d5fb92d66d6ce35

SHA512
04792b998628cde88bc2601534678e55b2d6fde290496e5af08a2955a992ca3bb767bd025dca4373abc55141de8d270f62f628e51c887de54035bbee10379ce9

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

Filesize
291KB

MD5
6128e12077c5624f5c767f2ce7495bf0

SHA1
e7c05a81972ba6285d862a4aa384f6f1fc6173ce

SHA256
07f432e652b38fe99eda2cb253e5e0fbbba6c07f39ffe63d67472f8f62ef7e4d

SHA512
d5da570dd58f8be600ef89ebc5cde5448ec8e7e6c8d55e5572f0939576cc377e373927357473486435e6a4afb531d5a930ac6c67f6e99e9c3fe5bd6cfeb087ed

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
621B

MD5
62696b7b79627d1849bcf0b4c7f0e783

SHA1
7e8bf0a3a410bc200d0fb60e2ace621b16fbdbb6

SHA256
19db3a81ed540d07086dd702d97ab55912a128f51dca637277cf42e52abc5654

SHA512
4ca9e23c7fd6c4d0278c5ab5809ea72cd7f0213c83537d1bc5b4fb48987ca4903581c5bd7e97da806cc66d488057379f2ba73816321a165e3cf3d0a92c3dd9a6

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
654B

MD5
61c1b3cc9c890176b96a306b8f51e3dc

SHA1
4026e50d75978dcc6c4141a7476ee4a7bcce1d4b

SHA256
8c7857217fb1745ac083d2df8be273d0e8192e5fe1b5480805721517de05562a

SHA512
3da515a28d22ddf6e2aa598915f8eb2038c860f7f049b82068f1d4c7d6381f82627a07406c0f22276644f0f4fc9aca138345f25daedfd2870e52d1bf086a8fb7

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

Filesize
8B

MD5
5c8f4080a2a697aa7369c2f318f4b9cc

SHA1
73822b034b05dc5608622ec9f3ac6e79303d50d3

SHA256
e76b145216653bbe3adfafbf0db31408781d5d2732e018bbf76ca3eed6dc4500

SHA512
2bef9d8ebdf682407f179c7acb453d6f623f7dca343fb5e4fa759750033b267cf63e24c5187345e3ad35cb795bb223be0fbbb8ebfb041505a3ddd76ff4d8ccd5

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

Filesize
2.2MB

MD5
b39ba8b6310037ba2384ff6a46c282f1

SHA1
d3a136aab0d951f65b579d22334f4dabbebdb4a4

SHA256
3ecbcb6c57af4456111f5f104b8fb8a317cdb0f16e98412249f7a2d62bca584d

SHA512
a8b98f47c30503029f2dc80398dacd5f8fc07db562d04c56b8c7902bebf11517223350c41850b81aca770ebc9e68fc365921bd6cce34b57b2c945f1c51b538b7

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll

Filesize
3.0MB

MD5
552132510df12c64a89517369f07d50c

SHA1
f91981f5b5cdef2bdc53d9a715a47d7e56053d6f

SHA256
3bfc8b26e3a44d2444837b2125fb5c94eb9901faf3d49a8a5de1e2089a6b50b1

SHA512
c30a893fa36a056db5ecdb765bcc0fc41adb02696b22a30130737d8b1a9d020b30bc651d45c63ff73b621459eca3668aa51e4a71b01b00a499bffa941cd36930

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

Filesize
1KB

MD5
5d1917024b228efbeab3c696e663873e

SHA1
cec5e88c2481d323ec366c18024d61a117f01b21

SHA256
4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8

SHA512
14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat

Filesize
10KB

MD5
ddb20ff5524a3a22a0eb1f3e863991a7

SHA1
260fbc1f268d426d46f3629e250c2afd0518ed24

SHA256
5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a

SHA512
7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf

Filesize
2KB

MD5
d87c2f68057611e687bdb8cc6ebea5b8

SHA1
27b1311d3b199e4c22772fa1b7ea556805775d37

SHA256
ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8

SHA512
4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

Filesize
233KB

MD5
246a1d7980f7d45c2456574ec3f32cbe

SHA1
c5fad4598c3698fdaa4aa42a74fb8fa170ffe413

SHA256
45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147

SHA512
265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

Filesize
9B

MD5
dd62d9c70629c4d2a8e5e333680abdf7

SHA1
63c4f531f7c35a74e8d3508b96fd370caf0a8f80

SHA256
01c5e1925d661cf223497a44b193ef25e554b93fa82faefd7dd8d231afd0ee5d

SHA512
d4251abe15fd1007dd8a02c66de356a97c97849129cf1ce615e67a58b0d0cde70b91b3f070b5c647fa93112d1a416de349bfa693e2a825581cd2480ee505ee55

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\version.dat

Filesize
47B

MD5
49cba02f90f0b4896cc8b74b1b351e2d

SHA1
942da07d014d21a1d33c5f58faaebba914fc455f

SHA256
4f627b580288dfa31056b814911770681c9c2745a3d568a1d43ee5ebb77ec114

SHA512
84b995ac168a251885855de3dc5d3ab80ca23a0cffe1e123a004eefc3e0b61380b7fd2b3824717b9e1a6916038fee3211c5162d36a4e7513a7dbc4b24ec71c26

Download Submit
C:\Program Files\playit_gg\bin\playit.exe

Filesize
4.4MB

MD5
241ccb769e4aeea48edd83ad6f3e7020

SHA1
e97a24adc53493545cdd15f461383e734e531530

SHA256
1c36cc49894b8effb0438a0d810f90b0064178b0d73bf4af7e526273c56dc090

SHA512
e99285da2ef1c431465086860f15fb343e00e978c03b4880aeeed3ef916f19a48c455672cf8fae95c6daed5744c49368101afe307b99c7c3c7464f838a43e03e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\AMECls

Filesize
883KB

MD5
73d272bf79e3e090b13c89164b7c9e68

SHA1
967b268031bc8eab835b0255fac93cc9b11e2539

SHA256
0a44564acda167f5f006437167679597eebcf9288755ac5c22f76b9d5778c557

SHA512
dd2915e562067d56046fd17c22182ffef0f9fb4d95d95dafafcfcfe64c703159a4e3cc3172632f2485d24962f11cc1e798131e1f64f230274b9b8f4409e9f255

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\AdsInfoCls

Filesize
72B

MD5
dd9c99e2cf9b3a6ac38363dc4b9fa91c

SHA1
5a693ff8cd59b8b1bfabbecd340633a31f867dd8

SHA256
7d0310b4a1eb1520e9d0b3a59d0211f7ad447f5d42fe4582cb47ffd37cc97b47

SHA512
98d9f836e060ee7010d8fa313cdcbacceba6556390a05a6e765d82cff83ece86aacd7fe56e270d83e95241f4b5b648404fcaed4ca5c1338ca5af64b2d6e30371

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\DDSCls

Filesize
300KB

MD5
71db639a6c7d8af761f1de7338b96ab0

SHA1
e82166bf9158d13d7accf1ddf1956ca14202fc48

SHA256
c798c139e0dba3e63775db7e50a46f8770830eb0bf961ba77b8bbb33920e4f19

SHA512
2711eba62dc639282c1cd3c5c13a1c1d0bd06ac885fa6aa4cc26c792b44bb432cd6bf38150165b8ab89e929cbb3f61486a257680d4b5fe160319f62c40aaa3a5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\d468481e-e3d2-11ef-ba1f-661b819d71ab.data

Filesize
2KB

MD5
0aaad2f2fd3e5da6dbf3ff5503b1d987

SHA1
99d5e8e40d70030f083c9065f2c8ecd674c2d3f1

SHA256
b6e134066f0a87e180663eee917ed38c7a0c3e1dc4bd5ed20b7108de4ae66edd

SHA512
529cbed8a70d35f108ca3b309e5f3b461ed7d6f7112df1fbf3b91b86a54df251e98b89b9b0ad36258d08e80ec8730133773f6bd7c98a4d602218b0ec2b216fa4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e667ac30-e3d2-11ef-80d7-661b819d71ab.data

Filesize
2KB

MD5
25065310c006d21728030eb724798b5a

SHA1
e7e6fede84a69872b656ea25506841a9fd804beb

SHA256
f2c8857c7bbcf1744cbbabe4db3a374b285266f8d9a3ed449246eaf076f27f06

SHA512
43372e6b73eb606af1351cc1968ef05d4c11a672ac82365be1cdb1e366a233c575fd3872104b052395a9515d221518170d84a6c0584aad32e7a5d0d438597375

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e6c90606-e3d2-11ef-b492-661b819d71ab.data

Filesize
2KB

MD5
4cc3cfee5f76d68c093382ffb9cd721d

SHA1
19f81b0ca5da3e725cfca8c1e3d6092add606fd8

SHA256
cbf77ba37d4ce45b383fd9193a95d717a6bd87e12e208d9f47dea1482dbc66ad

SHA512
ed73f32afeb5d724dfc425b62cd940c1d01100f8a5221b937da3a5a111ea140af6f05a8f71649613946602de244c48c8353617dd4e5e6bb231a035ceb8287ac4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e6d477d4-e3d2-11ef-bdb6-661b819d71ab.data

Filesize
2KB

MD5
47a7c96ee6117b8c2a461c574f35e73a

SHA1
ceed270e94b245fb0e9b3e7bbecce076bdbf4db9

SHA256
728d9eeb3523eaa4d0157c59b21d39dd644f57378af6f0e8d56a11a0b753c71b

SHA512
4455d0600068d1313c463dcd83ca6cfe4714b8d5464d79419e8a833a1f9324e7e5213cbe0a56a530ff5ef3ca94aa912548ceb1aac81c0eb816004c8687db82ef

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e7fd6710-e3d2-11ef-9f24-661b819d71ab.data

Filesize
2KB

MD5
aa2ff87cd81dcc6f8242a60257d569cc

SHA1
c05c9f96a661f541a95aa48086307ddc488f30b6

SHA256
3a48cb2184b74e2f9bc91959cc5f888d98e3a25304fc994dd951586ae549be14

SHA512
58287569fef521472dc8253ea06d883fc158f2e57ffa94feef8f0646a896d97cdeefff9ed3ec5fd69339939c4406933cd7aac227377526a7732cc5285d079f45

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e9538162-e3d2-11ef-ac1a-661b819d71ab.data

Filesize
2KB

MD5
1e005bd8112d93aff9c0ca235b2346b2

SHA1
cb4ccfe7a455a12af08db078d86c031e453316fb

SHA256
870765d8c5b22fbb0bad04d6d0c48ae41729d28f3c4e3dbf55adb207ca655b80

SHA512
1e38d11810383c8c61b7309e98f71296899a96cc4c7655ba5c59a76f54c98d1425aae795b33088ba23667c32939a35796aacda1f8a945d3f6b82fbfedec23187

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\e97d9e70-e3d2-11ef-843f-661b819d71ab.data

Filesize
2KB

MD5
d35af9f1b5ab3ebfaf45927db4c94e17

SHA1
9f98b9c94a51d6ab500ba8599a51888a2500917b

SHA256
785caf94d2b78f8475de87c945fbc49497adb0a63ccb3b22bee89aac7273e862

SHA512
6fd5ad1a2a474dc06a3a3f06e42e52965c40bfc970c6bdbdb524b352a14d61264e152d4458a01df991791ae20f69e1e146caa1ccb45b091bbf9c94fd6a61b9fb

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\eb63c3b9-e3d2-11ef-b9a5-661b819d71ab.data

Filesize
2KB

MD5
9d410a67538dfa91037a6280b273cfb9

SHA1
acdcd4471f15a97c8c1d8e9ee4e07d6f765c857e

SHA256
c31dbe94f2f52ea3d04731e2e4b9ef1e252a65a607e37cf7ddc27813224082c5

SHA512
e35ed3139569bf99c639954b728ab774df6eb91ac72af914c39777f9f5cc5edadb5ddb166b63c2ef926172a678bac655e23229c17ee4de425483f3da990a4c9a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\eb93862a-e3d2-11ef-bbb5-661b819d71ab.data

Filesize
2KB

MD5
6ef41ee696b8186d9585bd90336f8897

SHA1
1fdcc4bf881f790f0df7fa5787e34c664003c24e

SHA256
49d1cb4db987ae202ca20d927024292f0cb19ac108f08a001d857244cc63ec9c

SHA512
88366f6641c111b8412ec0fb20fa146821e20e779a5016319d4dab54f1c6fc6aaa1e900b9d615680b7d9c0fa4fbcbe87f405c1586e63cd244f8e22cec483294f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\ec2cdfc8-e3d2-11ef-8070-661b819d71ab.data

Filesize
2KB

MD5
f5e7cf14f95e38c71fd0b599ab66ecbe

SHA1
44ef7b1abbab23973dfdcc78191bbf3ddb32e3db

SHA256
e7c642add9f5348c7cfefc835bfaafc4a92a3b06acc4f760b3e6001845aeb43a

SHA512
e9ea32b64749697c1a9d9c313f62b2d45b8b093092cf85c62bc889c565087447b2605b0354dea97e69ce0154bd78ba68ec1504947554f179aad000d34044aec6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\fc6715f2-e3d2-11ef-938e-661b819d71ab.data

Filesize
2KB

MD5
366ab22bb09c36203091af1162e5cc0e

SHA1
362a0f913d2fffa6b4eb1fb6bb1306e49ed2de52

SHA256
7ef57913914346f6a1d6eaca9c1c5142d236b3ad0597bc35f8bd6da287b11708

SHA512
c119440976d0572147cf0a9b8d24b9c92138f2c607186563500557f34889ce64caf456923356d3090db070da6d8266332f3e9837ecc27bebd76bff5f0d0e8bc2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\84699e2a-e3d3-11ef-bbe8-661b819d71ab.json

Filesize
59KB

MD5
2da79c82b3aa6233a71eaa95dda59d80

SHA1
c3e8e7735a52c7792d4d4b12be788b7bf0100f90

SHA256
95c36251ab9e69f6d5e8ab9acf7537e00a17de4a602330a0df9594bbfde1d759

SHA512
a9be035829de68425cc07bf8981629726610d7e7f1fef1567a04b408c633fc6c2bbfbe58c1931c4ae11ccd69a36b8a545c25dc172b10123aaefa53c9ea687a80

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\cdcb0398-e3d2-11ef-b756-661b819d71ab.json

Filesize
59KB

MD5
e92db276e50f2f7918cf591f5fa2353e

SHA1
428571719c18caa190af54712758ac7c5001b4c3

SHA256
7ccca26b5f48404a6c8ceb2e0946836b7ff8957312104d110c8df0641f515ffa

SHA512
3c8d24532b0764d23e2b7d1f207af68a2c1baf6d86a291b57d27cc325f11fab1261dcff3c37262d84217b0eed365eeee4201622eac1bef7adb5ba0bac03d740b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\cdcb0398-e3d2-11ef-b756-661b819d71ab.json

Filesize
60KB

MD5
1d6d56a2e2f2b8da1f3639045343eb48

SHA1
87a7b02eb9fbab86644a4c2f77efe4aafd2e82bc

SHA256
a645a1eda35c2e4f820bf6bafc9b92bdd0dc8ec12d1405197de77025ead4e7af

SHA512
4da4a405c4d1b368951a16d8e44b379d1c8941bda0786e085233872fcc707da0c59a15ca65ceed1da18490dc56e7a50ce2b30c153eb8c61c817f9e6981576d25

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
1KB

MD5
1ca5b25adfb32608ac1cd8b5e48a073e

SHA1
85c3af5e8baf5d5d86e9562458d4a880aec4b784

SHA256
258db26850c0591d48ea9bd1ffabe7dc7971a94eea8c9b6ede32b857fd0cf68d

SHA512
33e08cac11eb672cc161e62cc868432034a902fb8959baf46a2cf8fbda3e1407acc99a17f2eb7af15784ca90122ef7412737644ab711ef66056ce5abf839f98b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
47KB

MD5
693549bcef689df794202671c8856f83

SHA1
b9521a18c382861162f2905eb284670c3a14d5b5

SHA256
b92b8ab4e9caf135bb2e1c1e82e3921962aa5c10d5d70e8c15b1f184fa4fd17c

SHA512
53823dae0a6b45845c94882302f1a874b46e3755ed1515072208b3ad1bc5644495761a217d16b45f230703a8db16206e87c099213c4c4e25e3ac0a27ada86237

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
66KB

MD5
9ec70de1dc1481f829dde798eb38287d

SHA1
da7ffa916d301a9fd3da96e9e04e3af4e82e3816

SHA256
86129fae6546da6f34c925c81685e0ded0ad321cc6808fc5ab7a86923715ed6c

SHA512
d9c2c2d1f2d7108f66fccb2718672417fd39241299462d5b9713408bd6d60517df64200e2023f25c40ad0acd40537108564d5abfc82baea436dd701bcac3ee55

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
66KB

MD5
c953d228902ce3f6bf6e626168723827

SHA1
171ba0d8d71f8b23f4788b2bdafe29c0172eb07b

SHA256
232efb36f7f80e470a464cf337977e6be6ab4f201f5de1798719f866070045b0

SHA512
01074fc2da4ff5332a92663f16c7667245863bdff1d7941c361afdfcf3b158f94ee4a7699833e345f3cdf3eceb4a7257dbf011bd5b9697dd15cee2bc3eb67b5d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

Filesize
607B

MD5
6e0bafba12fa142ecb0fa3fd6971b340

SHA1
b08623d03287e554f63618c1578dd3a721dee7c3

SHA256
ecec738a2db0d507617fd3ef8e3889493f4d9eb9b48a5fc1f93c316a0898dcb9

SHA512
fb26fe338b61c0b355afdc28fa310781fc8bb4b69ef4056c9cb6a5294f372b6e1f7100a169f0c32f47a347bcae755777bed8203007f662c972a45cab63d63abc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

Filesize
847B

MD5
ef4052c352f81a18c5264639984bf227

SHA1
6e158503da2aa15ad0a8bfe92b73ba6961cb876a

SHA256
97edc05506853b1255ab2a5708ae7a2d2540acc6000689a164761cdb8fcaa2e3

SHA512
f36d67b9169f1865db0581eace6ed4474d2b1ec432ad8134dffde5340f5c72eccc2503a6b0b4fdc7f3f48158001cd62248a8e25f018d480f167e1af1b01580ab

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

Filesize
846B

MD5
a1ac4325e5241254d2f4e8a709fc168f

SHA1
eaf57090b8e99e0affa5be235fccd49337353af8

SHA256
24f3b1045ba4d095dfac43692994d02fc7324110c55a4d36220a3924e1eade4b

SHA512
93f4597015455812fcc6875dca3bc8f82a472dd9f261863e0d1ce08ad7297b957467587e02c7c34bf2f78ce3bf0fac6fc5163ce9ddc80e5d43a371d94e293e3f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
827B

MD5
f3a5ace66f3019a13c7e9728516f3a37

SHA1
c21129984de4986cf61309990409368b58520226

SHA256
357c0435276c892304399b69114045b6b0606b998e97e0e60c40a3fb1a056d9c

SHA512
61ee5e35616224ac63e6a647c6c483e177968235a6676e55db712f0de2295b4e7b2e3f0a36d872ab7e534c779d1fcad58addfaa02a326d59500eab83194547fe

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
1KB

MD5
17a68e4264c4df4b754eceacb2cd8467

SHA1
b94a1477a1ffc676359e0d2a0aff63eb64aaf139

SHA256
289ee8d402c52077b65182d39e1ff2e650c01c8eb94d58979cb700ee7fb5260d

SHA512
5e6ed1881edb80c39bed704d0d4eacca79d65be3ac819e21da669e249163130227405f8c225cdfb7033a731b0d7c2511ab2ec4d1622a7c6b82ab25f60ba297f6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
2KB

MD5
cbee4adb7595df8927804674768c4b50

SHA1
acad8bde68d49b24bbc2abb904529bee87b9dcad

SHA256
4e00593fecf7ac74be722cb6f09239196c8af37c6a38cf306bf5c6bd0c51aa68

SHA512
49246943bbc7b41f64bcce8c53b53a5dcf7903f1f6d6e30e03800e824f2213a2aeb5c20d400c872f202ecf5f634b1d112ab6baa5b2b9db0df24760fccc85d208

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
3KB

MD5
9c888894684dcfe8d85f8856253ea475

SHA1
31d9cb80a8a277934fc3baefb3ae46d00b5ccc31

SHA256
94101c97c8693663490b449d16b9435a0e8e04a1343e83529e574f62df274a67

SHA512
5ad4f3b9cdc037ff31afb750105194a1fa93e512ff29d7dadefeb554c4ca0502811e43a5682fabbad7f969b8cefcbea594581707df9b103c7b0ff25cf6586f0a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
4KB

MD5
4bd671dc542cf9ea34d5b932e72dfb57

SHA1
09194f045a4937c7a282a6824b54540df45d8bd6

SHA256
85f9b5ff5e55642adf58826927b9d9c8d4471e0fc4711358dad7c61c26e1a7a2

SHA512
942ab04b78d465a4ae4cdc41a645ecc124b913440cc87a6dbe8d90478b2de4bf7ca3e8f1e7134f7c1f5ba45465db13a92eea4a2399a6d734add376d5de7d1494

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
5KB

MD5
c26af1a658b830f5247cbf78757a6688

SHA1
eaa3ee45bb54ad48aebde631a72da50707521e4a

SHA256
23e5c2a7c2275e2e3db3b7761bc8d6050f614d2f25a8067c0071878cac6408c1

SHA512
ed6af87f92f7a89860d9824b9e6a0d84dfc03d228bc4c7f2bac3672799c0a77a64ec9d7ce74d3fcafe1cbccaec386f844510a4396061c6520499ce23686d6e18

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
7KB

MD5
a68b5c30b36ac259f9014e9650521af3

SHA1
47f23d38fd89d1d4f9ee331b90540925e46de723

SHA256
e850c32cc7d3a8344aa54d646bfbaba1d429e95cc757397f7967104feea0c326

SHA512
b36855436e066308b47b54d03617d6636496906f75bfcb861495f82ffe1c78967d85041119acdbc0c562b78734f2207da040d110728a7bd52fbd57ad0d7e4d09

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
9KB

MD5
254dc04a8c2cd71dd48a1be302f6f0ff

SHA1
abe707ab902c0e16ef10bbe37b47f978bcf331d4

SHA256
10d36fbf57179f05c1472dc7f9df92cdfc27f6b38a2ee2d972b8a1ce1b084a07

SHA512
2d69972d6299a2670d8859e4bc1bd9a11188858c69d9f9cb58a7535d6f897a2ea85f199e3db83ee94434a2c4da48bbddccc1a7494442ca88a69387ad3f748d5c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
1KB

MD5
682e90920f4a6f3369ec49650257d9f5

SHA1
7ac998db5c30c0898016854fd3b6ec599b65555b

SHA256
11e6cb9143552e4c70ce94d8986ba10254f74ce9d064b987fbec97e64d980255

SHA512
6582fdb8d3b5d63c76db22580e64aa901117686c37057e53e237129ef7db68768c1e1a8f1ba7ed979635d0b136f653323e53e409ef5e21bb0239b46d79e56958

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
3KB

MD5
e4bcfe515fc93fb0718d13c6374b6506

SHA1
76753091dddc997876151b3e08848502733afda0

SHA256
46594f33a8b9df10b48031c4ffe8b8aa18b2de06cce1edad9827e8dbd9e4bdda

SHA512
2bf6d0ec9989b029f19738541c2e99e41108b40e041a1fe2c45f7d9b4e72964d46da00d037be7ac25247f187a3bdd193c7dae4e2600ab469fff6c69ff5dbc987

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
4KB

MD5
602bfef223ae0c7f1c5043fbd153fc08

SHA1
9f57a5bd322617b57e6bb4eb09defebda722fdfb

SHA256
86e0b8cb11b81a5cc02192bd60e2d41dbc9fa64daaead39071a8782f67fda3b0

SHA512
e42b7ad2815879eb67b7699fd854d24eda0633469f9a5b838f92c48e6a8c770d5bbc6a348fef5eb66a0dd80639b34c9ffa6b20f0e4586e184d9d9a628a53526a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
5KB

MD5
3545194e94b93a2f9af1b15c1639f458

SHA1
d7af76196c328927c15eff9dfb71e7e96a825704

SHA256
d0cd91c47c9eaebbb1f351fd0101549f434810c3e8d8ca591134ef3829009279

SHA512
edec5883ae0336dd09da85d81b6b00e9aa73b613850e15522077cf80e357712bcd564927b3ac2ee9cb98a4d23ec92531085e75891b0e61df2c10f7ffafe03d6e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
6KB

MD5
2c05bf34c4c1c39ff9b882849ec7e078

SHA1
d2d35052595ed11e300028945deee2b2c0791a72

SHA256
a05e40d3d10fb6932f4efa1db1f4259c9f9ea4dc0c2cb002313946ed0c1cdaaf

SHA512
f45bc47e9a6400c10b3acedd647baab8e2737d5839653cc7a422d88e6ab80e403a6ed31e5279cdbabde4b5430d2dd74ff6b1663c91a4dddb6fae96b3d58d0d0e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
8KB

MD5
dde7bdfee7928d1631cb4e2c84b1ad14

SHA1
368d081fccdcda25405f43dfb55e92cf28d5c02a

SHA256
c6123892abac814920cfd0a4f2eb0d084a02cbf65047720f830bde9b9ab780ce

SHA512
08859fe2dbe41f389fc5b10275869023ee141e98f0bd926ac5f30c8b16d75b0fd3060d15cd13f4444a40bdedd5fa1f2abf66eac8d3bec2e13de635d74bea5e0e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
10KB

MD5
06792c893aba2590eab768fde5addf5c

SHA1
981ecdaacbeb4efb5e46e1c3551f9df9f05ed959

SHA256
31705e407909648eaea8024f01133e3d2f63bf97f66fcd3f0b598e8785ae37cf

SHA512
7c67f4cd787b3eee52f962a5ced8cb19166ae942b8c0ad93bf7418941737b9912e5218e6ef04e729f2eec9cf1580456f497254d41bf104e8fa54ad96d6e20514

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
11KB

MD5
cea46c406ad05a75308f63a5de7ade8d

SHA1
b98a7ec4995a98afd719edccd1e1eeaf21eada62

SHA256
5f4aa64f5cf79e1db69cd5f5bf1d58c69d83588cf31a22060206588fa0df1658

SHA512
78504bcf48054f0d130a634b4f1fabc3df6e30eb637d86ec967238b3e9d00501ce247d373807c1bb6fbd74487b5404a04521737368e8a110f2ed27a991f0b1fb

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
12KB

MD5
59dda16e4250039188c60faf5ef5982e

SHA1
af41d661506c95d825d69b91e6c736f6dc49b05a

SHA256
edddbe934186238a1bbd65cfe794ebbd2583e117f35c2751e572341c7b19e196

SHA512
490d941d0613f7bca05f2059ec1a0dd8d9df398828f0302b09df21dffe51b4016f16dd96b0f38554b6cb3eaf3fb931c68216b533e92589890833b94f2906bd1c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
13KB

MD5
65aefcb57968477e0bf6abf0214420ae

SHA1
2edbbdcc2a66e15c3e9bb4cebb4ba9672248425f

SHA256
4936fc168d23e44151a2c1fd2849a18e54b8b1ecd688efa6fd78c48f71628111

SHA512
92668483d750e8c69a979c4e3f2be60fbab4908743b583d0400c4bfe03c94fa4340efddd713c7e994946374a8f4c68e8ab2241d59d0db81f5f72f81179dd8c29

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
15KB

MD5
b43359dcb7e4da0b7843a6726328d66f

SHA1
635a0978fe69ade872bd08eb412a5820c265b791

SHA256
cdfb15b2008e30d94015b0200f98c2cc95ba670c4fc1f633978c11bfe2b79092

SHA512
5a291cdf0e78bc57cda20eb63cb238e3fa2e3d1a49a29b86f3b3432dde3f9866053dbb9c8da3605a2870c67b875c86423675a4c3c968efa1a04240f509fcb02d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
16KB

MD5
5176c079017434ed1cc61c96823d2db9

SHA1
5535da07b8e7f786f5291bab1042c2e1c03199a3

SHA256
79e6988ce4bc2153320d41c1bfb0dd881459b29ce09530c9aad5c55044fccd11

SHA512
cd151518a781bff2a5f5ea83e554dcb3c7c4d63d9979d801c227cef7ac95f1b9bc573e6fd2dd574b479aa16383d809037c0d16869ee85e65ed3022fe3d00f67b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
18KB

MD5
8202709d1b83ed97a5c9e10bf69c0946

SHA1
4e1a9715865891d0cc5b9b77836fd7ee944a167f

SHA256
a9588f229b0b07d48502556dfc45cefdf1ec37b358e12ac7b77024768b69d24f

SHA512
cff9d49a1bc5e956d234711228a57defb87d7371cf3e5c0370c6254c9d741772712d40a48d2c6875530c400c140cb1e84dfe2df7e9a46f9345717727a90811e3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak

Filesize
9KB

MD5
c94cda93622d65559da0b1aa4096a40e

SHA1
bfd59306df582fcf534ac207fed7fcd8b2e6a829

SHA256
0ccab712f5d4849b91def581defaaa55af40814e4ce1b54268a320c0ab6b6d7c

SHA512
e29a43c3b2bab33c50a2bb30e21b8147ceacba114f2da85e9e212304ace87eddc0a9614451c16d82fbd140352d0e0d3aa17bf0de62f57566ffc2241b98cedb19

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak

Filesize
9KB

MD5
a8f0d1e5169fc657865e6a654633d522

SHA1
bd64b7f90d8c61cdab0c81fcea5157e13dc918a8

SHA256
bc2ce0ac4ba5168bf906fae44a0f4253a304ec8e2d4e13117c6c8e1c2baaf06c

SHA512
58103919a46d1895bfd72502cbcaee853b5042f94191a85eea0e4494d2c858fcf48010a3bd59b9481eccb91d8056001bab78e5d878a760bd27f1e450e662b10e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
11KB

MD5
d5bf1b93f2a9f95409867edaf8dce2b2

SHA1
31e3d5e9e844826c930256c43e8d68b8a55cce4f

SHA256
a60cdb307ca9bc8fcd7b4bb1bba7201a7f92b396d3044b5453d7d52ffe2136de

SHA512
c8073757101001ec3bf870a7523a0f3b5875dc3b8f6ccf4dd5e17545f7e1b493690fcbd7a682b30bf7c671ae638b58a9563dee4f91876bf3e2cdab9336a0f61d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
12KB

MD5
5c51e7b5073afec9905d2b6ddd80d6ec

SHA1
4a057aa6b7d10132ea3232b5b2159a0c57e903a2

SHA256
bb8170f314195c29f0f13ad8d9c49766fb189dc6dfe1d497cdc4665e50712a13

SHA512
2d5dc91a3eb63b03b2221208c924d47d2d98d5da9bfe6ef26a1b92b577696892450aee9f65b1ec99c863a854c61f29750f081c0791c7226e3c48d976ef2bf3f6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
12KB

MD5
d85a280bdc08deb482ec070908bda3b0

SHA1
bcdf80c704e508e6cf3e52c0b119bd8f6e5e1a3b

SHA256
fd00c65bdbc457739a3973a87f67de69bec9c7378485127698cfaaf2555211ba

SHA512
e136e540d0ea9df6e9acb1635db6b44c85bc5c38b879ce7951a0f971dbeefff7e92d44198600304e418266c9418e3df15ad35e58e01998ba40e39a232006e737

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
1KB

MD5
1607980be6dda276fe6ea6741db62da4

SHA1
1e8007bd5a2597d5d7c8f708d543b45e0cbbe4d6

SHA256
e4ef0ba399f795e6956487c71d9ae7ec04b7cd77cb6fc93f0d09ea6e5cc62585

SHA512
85bee4668364eb06feadf6ff816d2f77d8732edada18de6fa339ceabd9967c7a7464113035d1bf6ee853ba1b3c3f263bb3b6159f8e439715b5e33231de8cfce7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
2KB

MD5
22fcce55457cf0b04af78425192f416c

SHA1
d80b3a95191174caf43d41192ba843d1eb8fe001

SHA256
6dadc537a0c716cc0b5ca001d07c5870efc30be67c1e079bf7a54e5b69cd1231

SHA512
3df98a981a635612b803e21bc39b693fa47f1c6ed600c6fb429cd3f23fc2d88f337af83ce35d283a3128abbedd54842749da115860b14ffd49928d9a8acf4085

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
814B

MD5
3b01037837dccab3f354a5b01dc17fe3

SHA1
3240f36174491c2fe16769f7374baf3c5865d28a

SHA256
7022914d8a7058ca349d2e42ca1e6787f6c02c12a35671cbc51766c55945ee4d

SHA512
0e2e2eca70e6493eab6715486b6dcacc694cc7a71ad1d08f6c70600851786cf812760f80763fc728dc28d5c74c81353c4d526cc78b145029bb34f2ef3c24c519

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
816B

MD5
1481b39fabf29fedf7a3a00b582d56f7

SHA1
154e0eb564fa5b23bd3a882c4cbb1be0658b0e81

SHA256
ef618da4876b9d4160a177e27d433cd3d4e4be52ddaed6294b27c3be5c435750

SHA512
7d159bd7b60df4e53b6bf27af682a0f647d5911af214b45472e5f9da55bd54c2a18179f21799a0ee4ecc32e0460ee0db599ebfa1f88033ef5b894ee6253f85b1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
928c192afae910181b3c87e6b2b22043

SHA1
f4e7ca33c2513aa7546832c62dc1bc2e564870ff

SHA256
6483d4ca74bb563cd948243e75c4bfb642bbb26b083abd79c3153db5a02b0104

SHA512
d48a579da1b5ab4467a09148c49a5467981df8d0f00702648af1118ba0cac5170ed8bbed80a8f9a17b34327b5317a8147c9de8e7c480692143438db6f7dc6c1c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
c8161ba1f40456bf2457559375560bc4

SHA1
a61a91daf44a6dfbe423323ba07fb06d4fde40eb

SHA256
e18ef8b612cdc9b13c0f2ecd97c75df0c6ffe7780378ea5cfcc01cdb8a94ee3d

SHA512
b863778f582ffb04aef09c30c17e72636a05fede25dbba48cdced7acc824ad4ebf21a4ecab7d8fe1fb23a864ac785f0d33b4786ef8f1c1f0e3630e72b09d922e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
01676417d2e0dc1a9e78de5c87aea513

SHA1
967e5ca7a721feff7ea9f31919ddce829d989ead

SHA256
76ad21aea47c73b6c56402d113f9d3d19a57ec7c0759d169b29d420a35a381f1

SHA512
4953199f5991c5dfad3fba526c5f290408bcd602860283e71ee1834783c5824ee6e7d0b35b5d14e2b437e9045fb4d1c9bb3a28531f5641f4794e1879bbea2c7b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
f4563f8be79b5234c26d53e375924644

SHA1
3937bd935e85ac13fd94b2fb8aa6a8b02269ab50

SHA256
b327f0c316c714914b43d8b8e1112799978f2ab12e1a27fd3cedb03900370b0b

SHA512
14eed95dfa4672753ee473b6274dffab01f73a75ff39fade641281abce5e2d0f3283a89c9c2ed59b2dbc9fab332399c18e2659ce9be6ddc48e4798fd72869b95

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
0f20fc2dc7d27dbb115674946a6a32df

SHA1
982ca64dffa699f3020b0c3987027390e499344f

SHA256
71cc002e8d06722d3537b2eb059bb2fc35cc84ac86d442a5d4c8f0107625a224

SHA512
3e88be1666e3e85937d0b734814496fa429627a821fe44548bffd0f59aabef37b4f21f3650cace9842b972e6faf6a2c0862b980e2186ca6b8cd6652673df1de3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
dbf4a19eef7db8901b311ff16777b5bc

SHA1
cdd61f2c8e1b5d48804341fbbbc42b840dfc5f48

SHA256
1c71adeebe36bd8fb5a559dd6157fd65029caa9b88e75360e861ac3fd68c6d62

SHA512
1457a450cb58b3f87f6d51de5bf76628e7e383e81d236a1e7346153b979252934fbad153dd3c954ee96771015fd4bdaf72537149e8af355484d23e6bc84600c1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
2KB

MD5
ab215e665cf739a0d3f97dddfe43f78d

SHA1
9c605ee031ec1d0ac62bdd9037384a3341639999

SHA256
a25744cfe2e879df586c94a6bd8aec68b22a660ff89ba1235229c3dcc18304fc

SHA512
53447fc3c98be0874d2e9f8ebce270cbe3818d675b6f2561bc5e51bc4eaa3a36028b0aa4254fa54184251ae13a082d6eefab73fe198a40309ae6f620583a9b93

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
2KB

MD5
4d55d278e454b2a24aa3b4cae7d0f249

SHA1
d3a0c7f30c375f8a15bfac81bd373614b8c50f54

SHA256
1db60a841a18702c5ef5a9e377523b9e13de186ec8efcaf772586e27c98587f7

SHA512
5d421e05ca4dcedb94a8ce88a6f671b2433a6be51f3bae9001e9f267bd3cf8a94da010de81b14cc5e5a463840c5e4001dcac2af3240df05a8ac2a5039fa3dbe1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
2KB

MD5
c44b35edb11a5ad833dad3fb3210a453

SHA1
e5e910e9727fcf20f7bc36ccc694f531d5e70673

SHA256
f47fa6263ff90bf5cb77f2a974df35f60f5322fa5fa505072150fd2fb5fa72a6

SHA512
a774a3503a4cd074d01e74a13c2065fa7d2a6b0347ab092e7d59de90d4358b5aa6115565e1fd6df3372da5b647f1acd5d0959025a11610a3b58b99ee0d09827b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
2KB

MD5
3975c5bf60d1783ebbeb97f7d37e0bdf

SHA1
a2a9cd1dfb56f7a62b5ad5e0ba6dd93699c09805

SHA256
36b2d4e4346a04f40686efdb2c217cabe31a2518a25f051ec1158d26900a579f

SHA512
f6f9db3b3f82b1e04769eda914fe6f3ef02ebccbcfc5c22bd8c7a8b97ff9b429bd1bd7ce28e8adc3e1132d855ecc40a863e27729205a214eec58f2cf0d0c3d90

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
2KB

MD5
924ed6ea3fd3cf64f415b464958480f4

SHA1
f903673ee56edb5a85c8f3a8700428bb7a4dd040

SHA256
283fca91dd79812040f8e2a3b977028464ca7b854798ab5ca6bb80a7b66a9dba

SHA512
faa02b73a64d71e112a37c9db7e9ad3d3d74c5d0eef3436e19ec3d9183a950fb0c6b8b90fb57a40e6b7245c0617d787be117069d749ebfc983892cfe46ae3a74

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
33d9d7e10489e2297f87314d414402ec

SHA1
6da8345d8b891f071113819323ab0b1ab8992f1b

SHA256
426b4336c48e831e75c2314b746f329e96614136106a607dac82f78c491c89ae

SHA512
7f14346b05f1a059b26540d1da8a9dfe3306dcf690fb323c86ad28c5d08ce2e46aba9a3a5afbaf9cbca8df896b2080913ad441a0243d67cd1abf3bd9c27aa224

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
2dc73c66eef5a4737765addd8944598f

SHA1
e2bef3eb979f0d4cc9bb2fbc316752050f596405

SHA256
96ec9ec806545345ba72714f8d40b6dbc04c144e6b4e7ac379b4dc053317c68b

SHA512
530bebf52c0c6e848436c08887311d29f1bf7de5e60775fb90b81ebb50ab378df865052fc3fa25a8a2fa27a61efc682cae9e9e21e91a8736fbc9788b25c2f258

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
7e338f8ce0091658c0a7077829b666a9

SHA1
8cf62973959bd4f0377eba562215f5773dcbd348

SHA256
1820db7abfe4ca779d9cfbb02880a9bf86338bc12d975a9fcb62723393e1774b

SHA512
ffe0d52cfefa7cf3a9b9f1e32f5e396b8d767bd06dec6d8b21c88b28846364591a13de8253cddf12cd5bdff35e9f9e07b05ac5245348de7c7096d331ce762dbe

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
22a57c9beaf77e5a088f98949c8aa39b

SHA1
50513e7cf9ec702e485fed662de6e1d49b938822

SHA256
45016795414473426b360986f059dbb715861bbe3432c1bcfc10239232f0bc71

SHA512
f548fa9db043b81422d7cc93a185e3ab036e1b68366177de42925613e28ef9a3cf6a7e088dfa701d296090ce83e880145c7b38ea29f77e616bf571fcca9c969c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
adc8952d6558e925882be8ce86ea9b0e

SHA1
9b7af675a8bc541b5eb6acc31060675186b88cbe

SHA256
7da2ddbc757cb06e72616a4e1ec8373a2840c933c2cce73a02f9b196ed873fc3

SHA512
41894e3da3cbe24f398d7fd941deae62ae73f9975f5d2f1c1c817d6e7b50f64773ad2db6bf7240846cbe43019e297c731d48a92f690557ba3ac3f840cee62459

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
3a1cd3ff499f04fbda51a17363280121

SHA1
a06e75ce213f7c810a7ea2c5f5496919ac898a5d

SHA256
386360409408b31b322dcf44567e93b13bdebef322723e0d46130ba984d8ece1

SHA512
b470956e96445ed1f761fe6bcb642d33d4685daccfd6ffd99ac8ad497ff98d9b7a4b6aac5c92e0c3e765ad45c6ad7c138b51b6d27e0b81678692e6478c46c911

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
9b51db3df26293cbf1e713defe90b1a9

SHA1
a81e336d8af73aded2b82ed602e4847b51f4a81c

SHA256
f6afc792e86d6420dc6209e31196f48c5f60c6dffa4fdfa9b4dbf12d1bacfb91

SHA512
95c553acb890ac4c17e2655befaee0e4a50a905886af18b80d20bc737834f39d3fb91026d96d06ca01456d1cba2e4c473f61f3ec182e946db85bcf92cc4fb834

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
709c9c30a2eff91854091e383e9a332d

SHA1
113bfa99d33edb0d51201ccbb139c92b5e559d29

SHA256
6b3413c1fc2d0ec781ca12fdfb39470f035ec19fc0307d910e77d57ecc8f9f93

SHA512
f7498c71d50eee7d836d1f68d64dd7a469095049519988f7dd01112bbec536d354114e6b5fa05304b622400f4fa537984ca9eedb3b56214e6c9fecddb8c45dac

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
5480409fee9c4f3a63b23cb530296641

SHA1
42768d9ca0664b08c27d8d258563c68a28766c68

SHA256
10daa819d7690af21dc8cf4d907a2137371974c5c1d8aea0a79aacc89de9ff91

SHA512
0f6ce471d3c56202273e64958d5171d913bea63e0f564be7accd51469f4b4a6f652a927217246252098b896b4d45a16bfc71ba62dbcf730f43c7e9cce6b0c97b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
bad84b14935db3b77ac68ef9e0607330

SHA1
0a99a0a6910f46ec79ca4956305e365323d7bed9

SHA256
d7c0c531ec5988d83feffff4691a27496c30db38b7b022b26b2a49d0f0e8c552

SHA512
553116e09d7da6afb126766f149533dd64081d0e380afac5417cb06eb3328dcb4d01ce61e6dbba7fa7f2acc7ad9ae35fd0ceab9e264dd49c93df2980aa0640ac

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
2ba0931da69f2f3ce005ac2fac8e5bdc

SHA1
746ba7779be93628034a77eed97bb564b023602f

SHA256
ef127166cd93eda6c0df2186b5c63b978c131cc3ff1053fcbe362cdc1a598f9c

SHA512
41a631aa60e899111f9a75c68ba8ae49fe170db2bcc0e12a0d927200bd494a7da9368ab2625b16ba598c8b55f45a8f74c4d297e508a253829afd2797708307a2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
69d268770778c0298cbd203cf10b7d3b

SHA1
1ec78b313d878555bbff1ebdc3d5a069fb9ebca4

SHA256
f5243543351137453f48855af79fd274ead3fd9f6fff91187a8b6fd5210f2430

SHA512
c32199a48629e0ac78bdd1e27dca3484cc453402f2a5f8b2ec079c8a75c32ea74211eb17e2254374b6d3c2f7a4dcc9d32c90c82d89324f9d02ebc0197a0b569c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
56604646b7e65cec53caae76d6090cb0

SHA1
01cc2100180da8f19e2056173eba4c727d3fdcfe

SHA256
c188e1e7514fe16b231cddbf1a6d4b40eefd19a37e96c9372cbccb9a619d95e3

SHA512
2b730024c2c101c2e87b4803faba8339ee01780c720e85ab605fb049c00d4d3670f7bd980a2eef0d3ff138017d91c6aac2484312f26815fa9001adb3a589669e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
8010425e28be2774fd64f9e91505612d

SHA1
0ba505924444755c0654683f1a6e6a8bafff81aa

SHA256
2034edd12f289a9087518562eb1d8d1c81a416f157d17de6598b56ea2ec6c7f8

SHA512
ff1cf0c1c9cb9a47e0b550aa1f7a33d17db7fde354c55dea370380342159f7a3192da66a669135abfacef9f51524be0a6c52490e202b3fb5fff6e41bee46ca88

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
bd0678a117f1a6e77f087e8f547b777b

SHA1
1a171bed86072db37f93531a74dc64da85c49551

SHA256
104af9df36fd226a592edc64e7e45ddc60f539c7c576e201b6c18e8b9c6ee63a

SHA512
f437015cddfb25e3eac404771728bc24ccb840e7703af9f30252128a88963b3374104e82ed6f15da5c42c7096d1062c2494dc3969f6d6b94a7fde0b32b7fcf8c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
19cddb03d8e82d0f565af156a209cd9c

SHA1
cd06c994987a614b9718c6fbeff93283e5ec653f

SHA256
3e0d38a0eaa7568db3d21a7ec23984f7cd08dfa1210f28a0122d5f0ebeaf853b

SHA512
de1d30bdd909661d19a1bf13e4960bca8826c6e2e6ed043ba4054c70e0a9d5336ef9df373411482c03ee02b46ac79ef63bce2d944f01f7396c29b8001ebae598

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
5KB

MD5
e935e16786c9fa4bd172bc28d816d40b

SHA1
86914d242c8de3507ed19346b943ab8abb2f501b

SHA256
01fe11a4f11228df6c452a170595b6e463aeeb158575b82f56b1b6e0c699afdf

SHA512
5d791724321e63be42fe0fc8cc98037863479c22bb6dcf871b058c6fcb9a348ae1ee5eeccae64e3f45aa2088bbe26451b23765ead745a9aca88d4713c3431491

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
5KB

MD5
8070d7539cdac3b3e3b335a4a6c3d182

SHA1
4216f4c3ea0a7158eaffe387afab65dd13ff89a2

SHA256
d7b21c5d3667f45f41991c989b842445c73bb66656879097be488eb0307f21fa

SHA512
5c2190a7dcc8b5d5abb11db338b0371b46f6731693fddf8e4410a2eec54ea9d07c93c2211ad057e50395423c254721967ae1fa295e23e49bd9527f59da1f6d55

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
5KB

MD5
df7bc53ee0cc7eb4a7a85d78dd584e1c

SHA1
8778a3cb1220ae819fd2754d51375116e87fa90c

SHA256
0eaf5fd7e8878d6a765631c414a2eaf0ac899a4c3c4177294f366ac6f0b28156

SHA512
d5d7797ef46e8a907f4f3f3f797d95fa37d541c1744916dfc8c01a11930e556bee57bdf864bf3009ed12aa65e13ee4e7029c2cfa239f3ebdc6d489c74224d359

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
5KB

MD5
16012884fa84a9820513a0cc94ee5a4e

SHA1
42901cbff96607413fbd09be7a82411e312450f9

SHA256
ce37366ff1587fd6f947c38063f8ce91d854f0db3f28faee367263da95e6079b

SHA512
21dace4f2e83e4c96e74a2dbb46c27ef5e497e2fed62085bcdb143c3b00ef14be6b04732190b4ef8748e6722b7d787707651e4e3cd823e1179155dbbdc7935dd

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json.bak

Filesize
5KB

MD5
fa3b6b9c7b4d5c336337cd06fab04b12

SHA1
fa741864a17786081f7c53c44e29683299680627

SHA256
08946676cb571c9b3fb28087b3c95feefcd673591a49b5da32818b3faf08f904

SHA512
54567d01c944351729237ce5b6ec52916c9c73d6aed844e5170b142a842d2c64b62888f7215657aa5b681dd263e42cea50b18bd46226f31afa1f73088c8d5b44

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

Filesize
11KB

MD5
df21d9b470168fdd6a4981e76c917f73

SHA1
1c44fe23771b8bded34490c4bff4aeb8dbf8d669

SHA256
e637f4ea93d5820596908e4baed415790fbf9ab91447afa36cd2d41f857d58bf

SHA512
c22146da70a0ff09439f53cd069873acc6b949d3bd3db97339843a1b848f7da87dcf3585a93c514e72c1d970a55e7178449c5d56f509c4284bcd9bf315e1c566

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
736714bedb006e40f765ce8ee2267f38

SHA1
0db66e648d2f4cb3f400bf5f2cabb3d6cd85dd7a

SHA256
55811f17ee1b5f0ad85c54de93e9c25ea2b31a70fddf4f6ec255d5579f222a82

SHA512
2d3f7177ad2ae0576ae6190cd5388cbd84d6611c16897cd6955389648f2b72e5c11dd87a7e5a79d97473bd7f743671c10c5509d42f07a312c395b17321d0af5b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
d0be9f6f9ac88b4889265a456e4129d5

SHA1
4d45c1cb06ffe106d328906559cd1e320a63b5f1

SHA256
404f3175ddb9e12cd426130800fbd4ffae83e850354cb806ce20b6b98cc48656

SHA512
c44faab8659dccb4d7696eaa85934e5fdcf676b247c14d31ceeb1229a8abebb90d0a566615eacceb45eef767802bcebf27b533dade4080fc0eb5f26704c0c092

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
c80922c04018ae448dd84e6424a4feab

SHA1
b7db96a180b278de3db3a0481b79af6c1bffa911

SHA256
1231b38eacd0847b0908a70af9cbff6de109c4dbc50c244e9698f17d24a8cbca

SHA512
59c45b28cfa57e97f055b4e437507767e9c1133efe828d474b20bf2bf28e00be2f9d19c4328faecf21d48c32bc505890c9d7a1ff5cee24291244fa2011498d85

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
58d63fdfb7a91823deb597408fa56539

SHA1
f36845c0f21a222818d2f9be7f8d38eba27b98a3

SHA256
7fc8459b53d978dda85ecd1f20c6a963584a3941ea324fc3aeacfea16fa75fc7

SHA512
82bbc47979e19c91addd92342af55ac304045b88917b6b75eaf7d3f9690e52ad1c8a604f1443201cb64091041bcb55f146a1074dc2fbeca7c6de52e73de03f8b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
83302a87d81b8f35d1ba5de7c620de06

SHA1
93e6f083b457079305ceec6d28db4e39fcb475e5

SHA256
da6aa49f2825e54267ac7915e973f6583e3dc9c3696c0ac3b8ae5436f5289e19

SHA512
e74c4ae7b33319e18c256717b24a3e9523b2f28e4461f6fa4a209e7b595008aaf3cea6012cd716b3fc0b9a60a14363899a9fcd1c547008aba270f1c8ea60fcae

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
2e10b8d7160cc4a3141221967c09e0f9

SHA1
3c537fed301749b8237245af3214da30bb118b22

SHA256
e4b3f9dea7b730bdd140991b8ea6511304cd84006cc0976a445673918a42f45d

SHA512
d78febffb41f5758baa056efca29ee87e670c4de23bc42a91f7de06be499c196cf077f90bb019f86896b135d82460ac48600571b67a2a39d5adbe80cd5653703

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
0b4c7af1f523c1c87d160a7dca5abb76

SHA1
9c3a38dc17b17bbdcac761b41d17cabb0d90f85c

SHA256
ca438da0c44a60391f304aeb67ddfc47873033a3b10f8a5d3fb135912edc0e8c

SHA512
8113494ee19083b2b5ee0acf694b3af16f311606b5b7481ec6532a42672a9833537e0839c1e72138250b09ea13f5d1d0bca3dc07a52d0f18a482027e0ad6544c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
95f35abf610985871882f54942c389b6

SHA1
202a5e7c31ac178d0a01f902b6cafc38cbccb2a7

SHA256
dd3696e64b6ccb3c199f81469c92bfef1f755763e09ebc0496f49a4daf712667

SHA512
1e9c6128162f822e06fffee248d0ca6ffae605531b94c95207302fa16e529b666650913d159958896e6f03d7c56960d6cae04d99d3a624de4b6cabd7a93dd052

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
6efd74929bcc4aefca04221b2427cb4b

SHA1
204a5e877764448f29dd16e39ed91da1ef30de9a

SHA256
57bee1098f0b224cd021382c64a31ea6209c88526f85b79efa00bd02beae6c5f

SHA512
ee54fbfdb1588d914164fbe71509c2c06bd591ee4d361abb977866cf139ea3a51faf208ae46f4997c5eb962ab2dca052438ced1ebaf566778b246117c4d0e9e1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

Filesize
1KB

MD5
054e21316167227e4e6e065552c29841

SHA1
56bcbdc0b261877a555700974be2d5d867937691

SHA256
8b386c0d74e6cf9288d70c1e7f396755ab9a8c5af7740fa5d5dd75b5977f14e2

SHA512
7e32902ebfc60c79709fdd7f24070ad14b4ebf2eb69bff2f2a189aba1f75848be6660ae1f97718fc63faeb6e7239acbbe4fad9d46628e99725663b3a3fba9fa3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UI_WhatsNewSettings.json

Filesize
346B

MD5
ebd9101beca1df0ec9ff89b465c6f3f8

SHA1
6345255d285a4961b44fd0c14f45ae7c0921df45

SHA256
3ee0f13be7694acd32ce45f00ab44b0aa8b5f043f609cd75b0623ef35a7726d6

SHA512
2c373415a6c51a52857146bdd15052a27d6020f081aa92a0ff4c9bbec917a1f58e373c3ea4d62bc1e3fb7985d897c1cebfd99371f397ffdfbd830d6fb2543e8c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
e46f7ab51d2c397bd8e8856bcf40b728

SHA1
e6bcde4798bdeb34e638b7be98b7b49b31846ff0

SHA256
137372b08ac35784a64a82e12d5e4d483906b76f8619038b44159362cdb4d926

SHA512
f7753ffd2be9df8691250b18a22d9ecea6c13a0f730d5ab496bf584cd44512d3866865628563fcb796107426c341eb1eef2da3f19325a581b4caeec07818616a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
a539131749d63dbb3d23d4ec74e4b7d9

SHA1
2a0753cbf61c30c3144763e0ccaa8f8e9a3ed488

SHA256
08774299905c32b1fca5165e694e08b8b7d846e13136fda7bfd41ab9cd6b5fd6

SHA512
db5870289907a2521eed0db147e9de7250cf70ffdba4ac8c6ad7812481a4f41691642322d9875a67a289db518d2a750c04648633fa96649cbb512663a71f0f84

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
bdb1faec082dee37ee34994a737587e7

SHA1
0b62c9b04531c4df16cf68d3331ea99c151a8a90

SHA256
05f60f43327967b3f1e68061c15204e26831396cf9bce69199e42c33719deae4

SHA512
b3e2cc704f3a31355d911448cb9ee6715582c57d82df603c58aa98e119b69c7157e4504540c60b162db62ec584ad55faffe258ff98c70ef74c09862b63df3526

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
a0501c4c2d2ceb5ad293fbbc5b854f7a

SHA1
ed0c3c091d2ac246632c46bf9b3282bb111bad7b

SHA256
5a51de2c746632861044e596d3c41cbd9d28a0696d3759796d4192f63469a038

SHA512
6e9af08194967cdff8de110cfb02481ee27ab009e2ca93a61039f3cae35e640251e22048f14615a08a528fc1d09fe88e9e38ee548ee182a7a969a23d05f350fd

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
7258501399d2e14e6b9baa616621b758

SHA1
d6ccf4f0270a1162306b217ff70e99862d502f4b

SHA256
307e227cd4286ffa8b85c4ac0196068e7ed8e7877f695423bbe3afb87267bf30

SHA512
fee4242ba67a2ed24b8842af718fa06d5068add23428f71108d389cef4edf0225c888c54c0cfd0377dffada5bc48c244fdb3502d4c4b4969a1f9fe0391f534c0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
92518cf8e4fd3e66618d54d68338f2dc

SHA1
f60dd4470ef125cd71537a024ab09bbb25204f9f

SHA256
efdd19125ce11f6d657bd900ab544371b397b040299f096d1f785c7c57a935b0

SHA512
ecca201446c8a53773745c081904479d629f751740d18d07ff614aaa9aabf2f42cc01563b2be40fec398ed8cbe8f4be173b7cb88626c02a8b8ab4befcd6efcd7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
0b89689e26cc91a19c5ac878b75064f6

SHA1
1f025ae0ad68e5907e890bbdfe3cd10f8e78bdf1

SHA256
6c437b5497f4126acfb7394953e852a53ab56ed2aa0b9b3dfd1a294fc3813985

SHA512
c1f39c078423a81c71fef63175955874e83e39e0f71b66129da1a21ecb9cd6287d39e929bdbe8477b4cb348731171ba5958ec1c56a3c2d4c5f01033763c0497e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
c9bf6e2e694b42816faeba86cc1a339d

SHA1
dee9a058a7986f9d1e3364468d9f0a057e808f0d

SHA256
181ced87c247ff2e101d7f99fa7799f6c869291434f5bb71b188b9ece271fd70

SHA512
991baabf96f8318ba8c495fcdb0b2ab81fd1f4e75beb3bd52ad401f554c03b023aafe661b65adb526b4bf5c4e9cc87143ffe99857f3caccaaaffdf04790cea40

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
336495eeea4363107570591941b33f2f

SHA1
684ec4b888361245518124d2606df445cb288807

SHA256
b1efac864d86ee908910a58128d858ba77c661690ad981aeb32927a5709c38d4

SHA512
7846f46bff64a8866a962b67ad1c33e9c0f352fa26414706c4faecd294944edbfdeaba3adcf3718ed692a56e662b7fdc97a7d4ae876126e3cd53cab9cd32221d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
0403bb3feaae3fad155419c33bb8e682

SHA1
dd0c42ba3ccbf8d8f45b8d700e72877f19acd323

SHA256
6c2a519f9459ba77b816fec837c2988c9094563a9ea1fe1fdbff600ad75ae272

SHA512
07e1f024dada011914392123083192f3f96b77d9cc54ba7d96b0df5faeec15223636106fbff89460d7226d1e42fa8e75f6810dbcf8ded6e1f9307d89871d4aab

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

Filesize
1KB

MD5
df6d7cb9b71303ed9c3b1acd30515460

SHA1
4c860c6910670cbc2d1187724e2d44be3727f044

SHA256
1f31addda0a8a8d37fdc323332efbf14dcc0113fccde77b412c5fddfa4156de2

SHA512
6e211efe12a2669386a12bb6e92d834a4b54543473e4c6c3ec20e595c667d5a31d0748437af729c6651140916d0dce0dd0242bdc71ecc1a2730b37ca530d8733

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

Filesize
1KB

MD5
112699d5420afc9cc60faab47065f0a1

SHA1
c01b6f6b8f92c1bfa31dbc15891528981efa35ab

SHA256
cfede1f9f892f7b675a5ad04d8339e9a7cbc5d1c252049ed130b5fddd5ef92a1

SHA512
b2e7a15b455849a103a13db87d4481021d85f112fbba1d80fecbc2b531b57d8a3e6b08128e870ee84b4db1525b0476db940278f9c4f090d27a405eaca51bd005

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

Filesize
125B

MD5
b70a7f9921a35e0d653ba10cd32151e4

SHA1
4467fdc1fa923805db9f5b3988f833419aecfb7b

SHA256
e7152112dd685abc59b0aa9d20217a8490728cd6103854fd4d797024f07f4e04

SHA512
44e09dd8bdc539385e8e50a9f48a406ea274dfd4944d078f45f442e460826f677e81ef2519197d9451cabaa200e0b122e383324be61801222753b9a3a5f63b7c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json

Filesize
387B

MD5
1acaa979236e289cd8d3f43edd240cdb

SHA1
5a621eea2262302a9ba3312f7febf6b2f3d02948

SHA256
2b4b3aee0840e353c4bcdca597be5e9173489696c8a9ec6c592cf10c95cdea47

SHA512
7f3513bbe27188d505217776c61e0e53a6d681141055a448db725a65f04069d7b0d85ca3e181dc7e8341fe519f040f68cdd9a2dab90aca4c09f88061cd0b740e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D1E.tmp

Filesize
504KB

MD5
b5d0f85e7c820db76ef2f4535552f03c

SHA1
91eff42f542175a41549bc966e9b249b65743951

SHA256
3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c

SHA512
5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D7D.tmp

Filesize
68KB

MD5
54dde63178e5f043852e1c1b5cde0c4b

SHA1
a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd

SHA256
f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d

SHA512
995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DD2.tmp

Filesize
1.8MB

MD5
804b9539f7be4ece92993dc95c8486f5

SHA1
ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c

SHA256
76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b

SHA512
146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DDD.tmp

Filesize
116KB

MD5
699dd61122d91e80abdfcc396ce0ec10

SHA1
7b23a6562e78e1d4be2a16fc7044bdcea724855e

SHA256
f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1

SHA512
2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DE3.tmp

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DF.tmp

Filesize
1.1MB

MD5
3b337c2d41069b0a1e43e30f891c3813

SHA1
ebee2827b5cb153cbbb51c9718da1549fa80fc5c

SHA256
c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7

SHA512
fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

Filesize
4.5MB

MD5
f802ae578c7837e45a8bbdca7e957496

SHA1
38754970ba2ef287b6fdf79827795b947a9b6b4d

SHA256
5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b

SHA512
9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

Filesize
5.4MB

MD5
956b145931bec84ebc422b5d1d333c49

SHA1
9264cc2ae8c856f84f1d0888f67aea01cdc3e056

SHA256
c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3

SHA512
fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

Filesize
337KB

MD5
1112a9096e189ba04e506ccc2cd0c492

SHA1
548a811619c3105f90d5b4755fbb06de65707eee

SHA256
ece4623a31bb9d587671978f7e79922a45fa6aa6e12e50c08b5f7da81b2faf87

SHA512
c6a1d2490f08b475e2ab6ffd1d0ddac9bd57399e3961fb778a1f11b5dd92e5105c7303c31fa9208dd50d33baf04f4325d4adaabad2df1f8f7cb87a120b5e0377

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

Filesize
26.1MB

MD5
4338deeced442c3ce928fe86fff0d99f

SHA1
537ee5f86bd17fe2d86191638e8f461510d327fc

SHA256
b8438f27aec5ab1f5e71789f171d4c3f919e58d459bd6af97639361e2ed09947

SHA512
9f2f7f1a691ffcdd571386d94518038d05c767195788fdc0bf147e964a140fba3e3fc708d78b84d0d1403e6fb07e05ede8a5b749afadfac94e66cab8973f9585

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

Filesize
935B

MD5
de80d1d2eea188b5d91173ad89c619cd

SHA1
97db4df41d09b4c5cdc50069b896445e91ae0010

SHA256
2b68990875509200b2cf5df9f6bdfcda21516e629cab58951aac3be6a1dd470c

SHA512
7a8f5f83552dbff21be515c66c66f72753305160606c22b9d8a552ab02943a2c4e371d17dce833020d2779c6d9fe184a1e9ef3d1b8285c77aeb17b2bba154b3f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

Filesize
17KB

MD5
47b3259bd6b02c4906299384d3e0f363

SHA1
4bb9ce4a2013c3bf6db43a82ba017eaea96330eb

SHA256
883547ff511cc8ec84a49247fe6cf270a4681f70f5e8b21ca8792321caeb483a

SHA512
f3c8755fb70ddf6d3b19387b49f26515a9b80342a59aa158966d385ed4b4e64f712090f5e5d1de6468ccda4727a722bbe77ccdc58b3fbf62213b91742dc624b7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

Filesize
924B

MD5
b99537268972dfb8616f9385085804d8

SHA1
f733591f58ae65f3b2751393bc3b27ab663e3f25

SHA256
69d1ca1e335c43b0c2f58ae953d12d1436b2a7a9fcb51895db0722ae18fc8e44

SHA512
6f536c9392e3199fef6627a4708a58acf1064c8f6baec9c12c16a6ada106e89248a3738c5d6a3e3c5fbcc48b78486772bfa96b42632cee03b0a471931a2bbd25

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

Filesize
39KB

MD5
10f23e7c8c791b91c86cd966d67b7bc7

SHA1
3f596093b2bc33f7a2554818f8e41adbbd101961

SHA256
008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

SHA512
2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

Filesize
23KB

MD5
aef4eca7ee01bb1a146751c4d0510d2d

SHA1
5cf2273da41147126e5e1eabd3182f19304eea25

SHA256
9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

SHA512
d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

Filesize
1.8MB

MD5
4f5d9b3e30eff8215c3458bac572350f

SHA1
f98db6f578ad7df1d3adf234e78a2783841654f6

SHA256
33f6023dc30aa88118203502ff95ba992e3b4438f820d0c183049ec45ec368ff

SHA512
837531f75e249fc0d3efec27c3a210c7aa2be3ffaa2155fae6e65fb167a73c58e01a267e9e8dbf273fe1a38df7278501f203848a48dce717ba28dedd8c6918d8

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

Filesize
514B

MD5
c662c7ba82013dd62a68eb7423b9f73d

SHA1
f805d1cebda85694cff80f197246514c54ced1ef

SHA256
bde9cd53145cbf3e0fe1ff2e788656ca198a862f7b15412cd02a22338404cdcd

SHA512
f9e91b66e2d834795cc65a0f7a8cf97950b275e9d5335bb59a092f910b05a3a1e009701ef4faf7ac315c2418bfca5e1c81c0b42e410fb1bc832d626833f62469

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

Filesize
24B

MD5
546d9e30eadad8b22f5b3ffa875144bf

SHA1
3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

SHA256
6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

SHA512
3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

Filesize
24B

MD5
2f7423ca7c6a0f1339980f3c8c7de9f8

SHA1
102c77faa28885354cfe6725d987bc23bc7108ba

SHA256
850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

SHA512
e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

Filesize
10.2MB

MD5
f563d650f3b91f4a2d1a1284322f6ddd

SHA1
aabb282b888d0ff8d5f8c59786d7acdf3c8c3bbf

SHA256
8a0afe1e3772f8b98695eec9260d29e6c11bcb885ea9c77ee4eea680a8749bf1

SHA512
ea6345c7cbe7213963e0f7075cc780528815766c6ee6c507f937761543b3bde6b2cb8250d1a55ba151a0be8e22ea9f7c747e2a2961c189d6cc665b901431f73b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

Filesize
528KB

MD5
51dc1b42215ba96f830e88f934a22837

SHA1
65a526afc8367ec9b6d9693867c54ddb35221375

SHA256
6ddb6b67267435cda87d1f96934ce64fa758a6347d23beb145e372fefe05282a

SHA512
6e9ea2e641df7e564c5ccec15a69fdce31c567d1f0c2db9b5abe86a2db336199e56c32ae44da7a0533378f7535ca24d15f503280bda28526554af2aecfee29ce

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

Filesize
594KB

MD5
abf11eb811b7caee5c5f5e91ce1f8ac6

SHA1
17a9fd89696917ab94fe66bc0935ec62e6977197

SHA256
a51b3733a7b5bd5370ef71b53ffb5cc9c76fb56076adb9dc6587eb4606a31ef1

SHA512
7a42fa650aeb60e41db74deb12f90df2abebb0ab56c26d9dc8572cede92719ff78dcb0bc9c9bd96b913710a4cad88dd8a62c6d369e4e1aeb26cef3e81deb0a78

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

Filesize
149KB

MD5
97e6c038fbae95d7779571ff06b7ce62

SHA1
179e7957bfc8a0f89660139e8a464ec5d6470bbe

SHA256
bbc14ebd89a94812b1624b564124bdd1f9944fd4aab0aa5aee0024135b6d7feb

SHA512
e770911ae67d78a312ca880014ac678706eb18b4ec551fef2ceb2b9983c145b2dce41cc647b9745b1a417c49c4cd8dc9ae8f9f03f3f5cb102ac237eff8e3a35d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat

Filesize
26B

MD5
5e7753e4d857c1b96e54c8d1a20bb709

SHA1
31d98101a6b45972c8135b51aabf6d74b43cc432

SHA256
381968cfad7c7b400f0b23e82c9a1ebf6117d13e6ed19780d50da1c7e51af5e8

SHA512
481e33d7d85af616e59ed00c5ca5a48fc8bbdaafbb2a77a386bb43862540dbd2e93bf2a78cbd549e5bc470466497cd7c9fbbea2d81814fbc3a8898b806c9e16f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

Filesize
20.2MB

MD5
1ba8bb2bdb1dba58eec2a81f422dd796

SHA1
af73b5ef8720023e8427f02cae0dd3d889b82281

SHA256
dad329549153a3075be050d1d8c180b2359cee581a553a12980da8151188d72f

SHA512
1aca6a17cd646db79dd27fcf15533a45a31d64539cf901f3e3680317584dc95406eb7d84ef1fd369690dd90a99fccf7483908750cec1737c4a3b26c0b873fe83

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

Filesize
75B

MD5
030fdbc361969eefcdfbbd3ab465f11f

SHA1
455ff62b424123a8232fe5447ffd1a2f9a5658bf

SHA256
a9cb8a67a44a20c94e6e0fdcf9dbc8b718785df0bfa0e24c34435a9a4ad5508a

SHA512
98199048077e6cb6cdb93e64f8b9b6d62d2fecf3e171779dba79d235e2bf6d9a2c26d42e0177a02d05125dd752974daec9966859c1e79966ecb8a87d86c110d7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

Filesize
2.6MB

MD5
4ae5b2843ac5a5380465cb735e1e7aa6

SHA1
96a885853139d84283bb912099979a5ff7639cf6

SHA256
b2b67621405eadde60621fa1b3d3c4f06c2d6c700aef4da0bae6271895379856

SHA512
e0022f64991945c332e4c9d470d69221584dfc59095e7149cd6ab1c9fb32a63a048e2d65fc294ec866a018e0a5dbff37907eead96453668d8a6f70e4432622a9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll

Filesize
473KB

MD5
76a6c5124f8e0472dd9d78e5b554715b

SHA1
88ab77c04430441874354508fd79636bb94d8719

SHA256
d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d

SHA512
35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

Filesize
5.9MB

MD5
262fcdaec9a52e05b682ceda3bf0028b

SHA1
fd6bfc92e187fb0beb2ee1f8c53ea6b086ad2664

SHA256
956db24a72cd9753187b3429ecee2abb07de690d58e5989e4a333bd018b8791c

SHA512
3a1be6a74e8e04ecf3b54f65bb530ad1059aae7a64ddadbc6363357e9fcb08df183c7e40de2d063f2a2a01b7f57235e0e741a104e8e686e327b7d7f823ed2f31

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
76025b9fb7201faad57e95ac873e37eb

SHA1
25c01eb7d9a63723eac365d764e96e45e953a5c1

SHA256
03bb8cf70d96e562ff19d80ef9a01f8255aaa1a6ffa2005dbc004bb718e05269

SHA512
6f5c8680823f3fc01c4668585518a1a535959ec456bca88f81eebe0484dc6cf6bbc40044db4ac7d18798529a20feca039bd986f243db817f27df220a7917a28f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2ec54180-0333-4377-9340-e44f25be1fe0.tmp

Filesize
13KB

MD5
e81c50071d61a9bef8fb55298052e272

SHA1
83492be64e216c10e09b031802b539d6ae847cde

SHA256
9418ab44e241ef672d1021f814cffa585a56448213d737989b494a153c8c9f58

SHA512
7a96e592d20e20c3cb5ce21df135a3734ca820403a6174c260973a6e10347194507ca3e517041b4bc409ef23562dbe607305dd4513ea2b0c4841b97e007e496b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3149acfb-aa88-41d9-bf55-3a917d5a19d6.tmp

Filesize
12KB

MD5
79b89178eb786cef3a4085d391029585

SHA1
e81ab475e235c9343563519d3c0d558e2af2e08b

SHA256
1c9fb7f58e74f5c8f6ba3a5b589ce578933acf32f39121fd4e722ee1d6c8a718

SHA512
dd312bb39857135e66d428cc11e5d927a5ebe7d3f51ca4d9c6d5f3bc0cdaa6bb77d07c001081c7512bb42d6f456cd0b05b57310781a02254c6387fe130d08157

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\37b5d209-4ea8-403f-8b44-80e682422645.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3ad6bf7b-a99a-48fb-a2b9-a777d9daf608.tmp

Filesize
11KB

MD5
f2e15c5bd5a2d05c50bd4ab060b6bc47

SHA1
3a39cb2eef1bb44b5a1fcc04874aa7b3ddbcac0a

SHA256
be9f404765d37146aca01e0d272441fa6e3591b6785d4b4c921bbbe16b19d106

SHA512
33e03d31a02e65003fb148d2d8c97f3ac11fc48378efb6b4f7a33c0e2796a40bb16e16c05110bcdb34463016d10a7548e447e5a9105654af43f2998aa419bf22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ffc50f5f0f4399d93b06e85baab4fcf4

SHA1
7e5a822f2b434128f83464ed4a1800faa88fdd0d

SHA256
4920c85ca9f34042c9d241ae2e220f03257b4153575cedf8e9a8dab841ae1955

SHA512
1c6fc0223aea6eb316d56110638a46c73c5bf636c047c46c5d3a1b507745c92cece38a3cb6598a019452a69779110e690a7265d43aad5a351c6eff82053dab6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
42KB

MD5
c4b98197a24c1bf1d1dc87d4e44ded7a

SHA1
5bb87686486d5644c991148b5eb49b2548084048

SHA256
3d292da1869d798ace4b0f667bc97fa08766678187cc32a239027a93510f5cd4

SHA512
3c4b084822d61ecd19b8b40990b995b7f04d90ed51ca2f4e3eb61ce47b2d5e5ab02b8c2c5a413edd95106d207dffb8ffc3e20ae79e2ed8ed317332964481de80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
27KB

MD5
b07b8d96b10dc66e9b2dffd0577d677f

SHA1
d1342f5ada9ddbc8ff6b7cfb9ac2b6a13d6aeb87

SHA256
29f8b5c28b9464cf233fc6c0205bdc9a5221f6d2ae6320939bec8807bfe0d5f6

SHA512
5f1bc3cce9b36674ebdc9951c2e3b9af5cb7f0660b2847974f94e6e4c5585be136fd8f5cd7962d407ccd6d7daae378ebdcf89deb0c4f9f479b85e89ba11f1080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
dc2a6466867f08aa8986282c2cf21912

SHA1
4c5566635ae3e30496bd921ff848f38b5095290f

SHA256
3479459441c0a79dc4dfa2c3a5fe64cb4791e57356f9686b0abea319432c8b1e

SHA512
c93dc5b0633a04c34bd853a0dd451833407c1b8bfcf1f67bf221b5bef3eebfd50cafc0c3689f3d879615180253c12d024fa64becf84c7d11d4bdf3c48c160eb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
79KB

MD5
c1da38d79dd37ab8a199b81297c267e1

SHA1
6ed448a4aefc549f842832eb6b1e9cae87e9f4aa

SHA256
c6ed2fd03c44f0a0d2f9e1c42059a564f4ed018153ff1d240b0cb6c97d91a89a

SHA512
15c1248eddbb3f33672c5435c896a97c788093d577763b354af3d8eddf25f618ca7bac77eaa4aeafdac46dc904a24805b18ed790678479e67d84d9447fa830b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
39KB

MD5
9a01b69183a9604ab3a439e388b30501

SHA1
8ed1d59003d0dbe6360481017b44665153665fbe

SHA256
20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2

SHA512
0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
19KB

MD5
e8730678d4610fa908d3cba1ef0b4ddf

SHA1
1efcbee909ce74bf04878d74867f12a1e41ae7a4

SHA256
e921785496ed2d98c2257c88a6f838afa6acbee05cb8467048501bfe2a301461

SHA512
d7c3f81ad11ac5b3e6f454fbbb9be0940b3e8da93cde0b80f9a91a8259966be466b4d6a0fd5527fcc6c8f218aad8ffd0124bb29dfa08f6ca658ce49fe9e37e6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
107KB

MD5
4b2a409938d68472321b223bb2a7d138

SHA1
c99492e43c964dea06a2cf8821e7583f560616d2

SHA256
900a1b84501985b068123078f817f1af4798c84806bf3e56245d48a10f9f413b

SHA512
9686050dab178d7aa18a6f6e5842eeeec08b3fd980122653948cbe822546b5e5a6b2c5fd174fe04fb475e781f4dd7bcee123f9509919d44b176edab4078d6496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
151KB

MD5
be4dccbe54eea47a0ad5d7bb60a3c17d

SHA1
1979128e8ba1517d85f5e4ee505abf486c51557c

SHA256
52bbd916956b4ed8b9d71d1784e4008b207814ec506203326fb36052f3451adb

SHA512
7f7b2964cbeca667d4c26a208be85ab5cb77bb0817318fa3b9045643475ad50b0686427f71588ce52f340df9d030a979b12282da36d9cecd02e86962ff21741f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000053

Filesize
20KB

MD5
cd2b487b040fe8be065187396a981a39

SHA1
6e7d100191aaf135915aac159f47bf9072390edf

SHA256
1441b3e440dc6b2835e410e22d39c07cc1a446c738eeec3d0e1f821b04b3a1f6

SHA512
35b182d4573f3f175d8a97cc5875d215650d88d222b72755051bd5ed2155bf96712fc4c71f2b5eb12e0073b8c5eadaf941dbd83617dc92e7c3d725a3bf1d3262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000054

Filesize
37KB

MD5
4c0a7d97898d984078239033559269d2

SHA1
a3633dfc9744c790606ac243ee52207b826c1e9e

SHA256
189d8dac5d80bb54dcb1b9054233e3d64c90017af89d3290eacb67089b50fbb0

SHA512
be19c6b55b37907f7864f8efd855590354d49050250d77e5d7057895b7517ef89243e7529ad8efd596988d19481c753bda06dca5e4bee582fce49a4bb096ae6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000065

Filesize
16KB

MD5
d539b638dd41263e8839511369cd2dba

SHA1
7ed0b62369946be27b368bfeaf75d571afd2197f

SHA256
5e18ecc847567b103979c7c5b3f6fe65737c6a6f2a9cc7a87b902fa2d4497e35

SHA512
b8b03f7291855db66ce3c9fe4f37efef7a613c975d11e12e3b3e2b02504907081760df49f2a5124795b75f7b4d2f1601ac6492e903908ca0fc0ce7b0931b1ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000068

Filesize
556KB

MD5
210c02a45c8af3f649c17d851f116970

SHA1
7952ba03131e4ed976c9ed999277cdd0dd8c0cd6

SHA256
b833aaaf87f63e1fc971a3bab008bebe5fe13f1d927f4253ac7999444770276e

SHA512
c134050f98857c1647373c29237e786fa8980285fb43b5b96c02532d67fc5f473651e21a469af481fe7a2691c3d727a9be76851677d9c9740df40b7993963895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
3.3MB

MD5
13aa4bf4f5ed1ac503c69470b1ede5c1

SHA1
c0b7dadff8ac37f6d9fd00ae7f375e12812bfc00

SHA256
4cdeb2eae1cec1ab07077142313c524e9cf360cdec63497538c4405c2d8ded62

SHA512
767b03e4e0c2a97cb0282b523bcad734f0c6d226cd1e856f6861e6ae83401d0d30946ad219c8c5de3c90028a0141d3dc0111c85e0a0952156cf09e189709fa7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
71KB

MD5
50d55589e2f9aff46325ac55f3aaff93

SHA1
697ac92c5a34cf3087957799c4d734e3a8c4b2c2

SHA256
29210259df6acde535e7659d277fd21b4ba3266f1900556795cc39c3c8a94312

SHA512
6cff98171a6982ece4736a66bfbc282361b9416b246874b15079a594e09185dd369573d52aa8e2577f675cc9bcf0ff47dd23c93c29b9c98ad0cd27db90ca6e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0670f8c5d7603554_0

Filesize
238B

MD5
c5bbd84ea13ce5a4cf57170ccb95141f

SHA1
e7c43ee2f5fea5817cdc2e83541f098c04fad5ad

SHA256
ef94d86d65b44f3bb50b023f29656dc4d163c69327a96c80c7d1b63c3862d365

SHA512
692e54a7f996e6f95e901331ba62557b3b0cda79d7090b2e072cf290788600748b1d3e142c9eef6674c16fbfffde99cef4ee99b2dba8e272747bba3945c804bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
449049e120cf185c64d9b3a324c14a6d

SHA1
9f1d0ac4177e6a4389f8f7383e54d15f04e5003f

SHA256
3e601d2d2b84d34e804337a66707e8c1411067cf83575e8bf15c33d6b6ca4921

SHA512
979b42e8eccab85ab95a76199b11cf50bf74c037cde6689332ccd269493e0e25ed1e261ef7d0188efa15674cb44f074a8e9c644edfdef61104a87706c59eaabb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
66f495411d761bb1a2c0b4e7770b668f

SHA1
8d22efafc33ad4ae4140300511ccf462c306ee1a

SHA256
9ad40c6d2475b6a676832681d1c53bfde9e906511415ad9186cc7e2d85db84a8

SHA512
58ebc98f5db068a0235253c325b49282c053c66d444be71e72952ef1b8986f80c29cd26ca2c3a7e4b13ca0cca5b43cef2f8bd8291aaf03223ad5a0545d4cb8c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
015e97d292f780d475d2ac763d9fd935

SHA1
f3627fedea40fec361d773ad4dc93ba72958d9a9

SHA256
c0412eb7e2a3828c7b2c03aad579f98b12b96e9c8e0507a141166db62a760f71

SHA512
7dc2c542ddf3c1f9d8e4a0d78f8f3896604418aedd5f8d0b4fa966108c82927fa510cf0c4782ef9bbf8e1d4f02f66ed09be45d24bd6fa1e169599d5f5844d8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
64ec281543198c9b2af756aa10de5b61

SHA1
525cbf61c4eb62f69e82e5f2c43fbab6fd21dc00

SHA256
a6397d679d9164af945f9bf37bb6205451d0db823148b48d9fb181697c606f54

SHA512
f0ec17e752edce1bbce82057db5a5d8536d40743ee54d9c7c0b3665725ffa44ff403595da8dea42e2b83319fdfb2ce637dd2f214a3a6d834da0dc70ea220e5c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
3d680995d5ee7f17388ed9abae62864a

SHA1
a507bd90a110a3b56f6bd6ec78e3e16daf70d176

SHA256
bd2bb75d40244c23c6e304db0d001824610ed074e49c3730e5e0783ad1ec930f

SHA512
5f7078bf87279522dfe3e42d297c7952c069099fcb4db916034404c4a4077180d4da0d089a38a3fed43aab8169bc1a328a15d8a909f0da7f5368487b7f97a11b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
eed8833affa9fb31220f457c8e7ccf32

SHA1
bd7d7d197a46018c75f5b204188c8b2d3c371521

SHA256
09933d4550b2fd25ce44e6c787d79a0ab6a13bb0ea4f27bfef21181c9b169fb3

SHA512
f91e936b2549c0346e0c7c34d13a2314b45f6ca851a64a0ef6e8adbad34a0fd4bb5a4b40bd70b5241c94a129d351b921ecdc7c558daa1fc7d009a59b1a8ad20d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
e00ff03c970d1f1176080d45868af80d

SHA1
e47c1b05d5075c3a1653e4342b506711a99dc0fc

SHA256
882f9ab0d9d18744d59eb6a2b9db7778a9f1344bb52967f59c4e910b612fb891

SHA512
cc62db85cc5df130cea1c880bba5c7be1c6d251f90f344f47ef40cc6f820a289522fae134251119a2e0a75bdefe8780dc5a1cae88f9fb4ca7fdba5c40875e8eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.86.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.86.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
34KB

MD5
7451ce017c985b1c0be9b5eaeb0f58e0

SHA1
53f93610e6da2e436978312186faffdd30e2271d

SHA256
16bae39d87b649637c18476d10f2fb93a1b94fafc2c01f6bc0405fd33480fa5b

SHA512
ebc3461ed068289b70e28bfbd418fed273cceeef296c1cd81a7c7d0189691e202e5e0c40bd36b0dcf297c2ded9e1bc6defb07054ab7369b12c40e8cd0760a201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
28KB

MD5
079ac372055ccd5ab104784bd53bfb31

SHA1
e78c4817f04edaa318db6b9efa4fee88a8efb13d

SHA256
a72b5889ec45b8f1f4ce6ab1702bd49222d5cd5125a0160af49e87a9c4fe5ab8

SHA512
47da50564b586f70f3c0798dca4aae8cd8d2c3e6ade7281c66c03311ec10708097308b41883961292b37b9f27b47b84b05c43af4e7dcf40c1e911db8c4304501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
39KB

MD5
a4b5e061874dc9f6511850524718ea3e

SHA1
11fc83e98bf5d8734e340f7a8fa9cc49af0917ef

SHA256
58d179d18e61e20b9af3d0433cbf99e91466da3f87d3962ff9af44d60a8936dd

SHA512
58dc5a036c70dd745407a941a5dc511b3f395d9a7dda14f92cf5a30eaa4d8f3651ff00df96403f2fe74bbbd1a4080a65de349b3bcaed20257ff0d22a30e853fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
582037c8ff2fa000b26b653fec6c2a82

SHA1
39607f49719e9769d19a8ffe0d493ce5bed3a033

SHA256
553946784126c9ab104bee1578683401c1af2f3c047d55f537d01bd3e51af9a2

SHA512
ca95c4b19783f1f20fb112dd5f41871fd02070944caabb92096d125e0fdebb99431d44f33687c0386ee25963d07ec701add4453833f35022439551cc75df59c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
83fd4bca96414b7ebd0c5b10793f5482

SHA1
493c04d5f4e0a85de34fbaa3484478ddfc5b06dd

SHA256
e319df6560e1327fe6784cef53a3e139806cadfd84197b32196c908ef097fee3

SHA512
7a33ce4177d267aadf0e55528f68839403cd20564d0c07f0d6d65e9e95d5d17f98e4d7c86e847b5cbcedbe0401664e60120649d6bc61fff6c698cd93211482dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
44KB

MD5
8a849aee382c3d7979a70516ba70aaa8

SHA1
aad8e29ad36776b9b76ae895a5be20993ff1d369

SHA256
7af5fa8e49c22340acb3da7e3c53d809e6a3fedb3aa1559e29752091af8ae868

SHA512
1e5061c56573115aaa08606217ca8a323949a9b0c6f73b205b558a6a019c4118e47d31b6c4871c6e4a08c2c60b58f2262212a0fb5168e2e6bad32d0903c2fed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
058c685959ff784224a224ec50c99c60

SHA1
653dc75545c8cc8679cfec03cb4d878ab44354eb

SHA256
c176811249c0c5b62d351c83c2e14678bf243bb95f5459295dae143d2ed06a26

SHA512
57377fb1167eaa9d0609cda2291dab279f8f526aa8f13a93f94cfad0fb5947c086d1ef8961f604a37698ef9491deb8fb228e60e575d052c4d7c242c4cac31ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b51381cc481d366677aca336ec77038e

SHA1
77a0fbc85ea28216846982855e8380308779ae9a

SHA256
366dbd8c5bf9439cf9e280e961f7b86bbd84e66b164e386309856956476da0f6

SHA512
ab3c96bc29c41708f55816bbbe8cf9dd5da767eaf9bcc6d2d894d063c113b4117d122f197e76ab3e12b95805b040006f91bce52bc9d6da8dd8ffb43106625d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
2045f4c4ca6b648edd2cf73d99282082

SHA1
584cef1804d56b6aa931af246dd2c0754e5676a2

SHA256
2b5c9f92777e0cedd5bc1d3950746e10497be76ea88c7e9a675f38adc053b4c1

SHA512
7414e4bc236a179502d8e15c58e0fe101848952039ea10a09c597fe6b2531d644f00589add3451beda46a329753c54a9d2125d38593fa7f459f5f36c2c1bfc39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f13c5da742508072966989f1549f6f5a

SHA1
b678f99e5d4c57d014bc8f37f78acbbec60fddb7

SHA256
a92285340f3b05a90bd967a2102a5c0fcc058874743f0db8781cdc050c8a2cfb

SHA512
c14f0d35270e82d76be7ab493908db1deecdaf2ee9a9d3ad2b1f1de2ca77671fead38e15bb966f6d77e0d8ead667b8beba9c5c412f4eeae451a98b041f36dacd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7395f97e609bb376ed8ad1baf280c116

SHA1
c3588b82546b6e7ddf90082ccd0d0dd165775bb3

SHA256
5d1a6e0a1447b106a88bdafc5ec5d20a2d1889c6d33d810a187f51599ece48e9

SHA512
c3865c29181c50241bb8f9c8452fb3487246ddbf0e4d32d5ae1e45f39669d4d4f5483b52c38f4d5ee203380f888ef1972417ce194c6e60c6996933b475c7ac96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
a1e4c6155e26b5864a71db20f2f0f512

SHA1
54cce324d456e3cf3caff9d4387a938f20b21098

SHA256
df97974fe73185578b864709bc773dab53815b40f44838e548ae71f6ee3bf232

SHA512
21974e88927c152d107f202b97499e241d854637449d5b32076921985cc2ba2048544778dc3e29977f376a2dadf48c535d1eeb8fec6bc01b4ea4749c012016c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e4241db44d9675d9a548a13707ca3719

SHA1
9a638c322c1a3827bdf488489d990e79393afbde

SHA256
ccaf8a88d4c363b7f3b549dd71012ba43c52ddb96610c022ab353950e32055ef

SHA512
e142fcdd0444773e0d9b52e2ce4574d3eee84b61fe31e4ccbfa87cdd8e25dcf304cb7b2765367592bf1667f564b85c3c38aa5509f41cddffb4b44c149d7dffaf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
d38778997c0054adfdf3280561d9106c

SHA1
50ca5d2d98be4c5cfc88467289a60c0eb4e244aa

SHA256
1e22b0be1f1613aad87e96b3a244312fe306ddb7ca1d0bdece82e7e01ef53b11

SHA512
09792e54de34b6410f5fbaf1f484ae89c79de4f464e6d73de79893b4e02e2c514e508160005af6307c8b562f68f297ccacd299b4c65ddcc6cbfe807fb5053df4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
7ab186ddf36fba26654b914a3698b27e

SHA1
270df3e2c6de4493c5d216531e91bbdf23286283

SHA256
33f8ca6d7eeaa04e411941c84b981d65cf25b9462a36256628d6d632bc059ade

SHA512
094669ab0df2d17a3f0406ec518ebceeda18e41bbecc889481dd6dc141be3a121b643032bc286f352e00a2cdad5d9aba54d66a590a45c19871e5bceab0b4bd8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
23025d8f4b4f13bf76f3e3cdd6efbdbc

SHA1
d13a9834c029f22d8c6c9fce3d58a62b89ce3515

SHA256
89b7634cf30984cdb24e445efec36042fb405cc21f5557b6d8c08ea2a7f89b3e

SHA512
d202667330406b64d99dc264200ba84b45a110aa0914e773988e1b665c38fd9e2ec4696457303e54287a5fea3b9c26019d3e99361ccd528a3d636718b636010e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e385a0d974a2962a6644c898ff6a6fb7

SHA1
a615a6450a7f8af47996c596f663b0b1c21ae305

SHA256
ff7a252db9acac8aeff9fbe393eeb0daa5264cd446ca07450bb1607dab4f0dbf

SHA512
c9bb434bf7217796dba6eb075293f5fcbe33149e5472e5617bc83697e59b38e1f3a9ab789dd5538a480889a21c574f192dcc740aa422df71adbbba4882e50910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
2663c483049220a0bed473d097551b90

SHA1
450bfb2d3ec6356d607eb2081b00fb820c9989bb

SHA256
b266f08c0c5f9468f7c56f545aafc65248b15d39b8a0bcc82047d640aaa222fe

SHA512
5938b75cfd4db3a2096e18c0c6bb60efef7685b7b801be3d7bfd2ffee67361731d762a47e67be4ebb14b23c0a8f6775babac86b705359c2d7b2e47fbfc3594c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
1db806181462d3d5aa2766cdce2c443a

SHA1
b6b028a24e41270d318f2464b1888edc1b466c52

SHA256
1de4b6e5a158ebf7a703bd2dd847c6a40be9348dfa3dedcf6de6c894125e7548

SHA512
baa33c53aa7707d6d79ad2be3d8707b5d7a7fae48db78100fa194c4de6b111755004e204a76f41b299ac5e00c8cd409afd0767cdee6dbc51db5103968edceb34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
c6d6ec3455c0cf89d62284a07823a17b

SHA1
a83dbe96955f85ef48c59651ba69014e8e99a4d4

SHA256
022ae358bd5b844da869ed5a717138cf286bff498627012d0a9868716734a868

SHA512
20a88814934d6aadaeb58760dafbe93cca9611fa76cdef806be49eac7679cae74c98d5bc5fc0682c8ab00ed3dbf0199584922aedd246226eecf2ca81be4cbce3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
d52c41c712577ea4bba020595109b155

SHA1
0bd1e311e02bef631bf563c7f1c9c593ff7ee524

SHA256
f07826cb8d1b8016b05bba56a9f09fe79261bd2ba8810a365b2396a0f31f4d2b

SHA512
eaa6da04c2c8530ac2d7f83edbecfff3a5b09114421ca97cd55512031a5b0ed350b4aa4d6af25ddc52dc4ab9cbb3959be07b90fe6b43f69d3ed58ea86d7c5696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
6acc5f9c0fb60a291257f3b8eb304f28

SHA1
8e89e4d59f89b9a7625be1611913f4fdb48e4328

SHA256
460ab416e616a642d33b6462a2ac3ac25870cdb91a8c04b353afe2e2d84e0b30

SHA512
40083f9397a222cbd23866adae700f5315d116fbaa47e990a977409554d2bdb29e74e26a4f53447926f4398464f985f2c6ed569bdcc915a53d489feafc0bdd3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
54630c9fb5895198fa298e120a73e581

SHA1
0778af41f972f3f4d4f8a9f718b8edf7e53628e3

SHA256
b3b442ebfa3e32b0be0f16385b6dca622e897c1fa14db2879468ff9728141f30

SHA512
830d39df7e6c79e9c8cec31c946f8f685042d08ca742a0862b45f260d7c7f25b184907af6cc40ed26df2769ceb310ca1b7411d0a92df12af7e324fea9164ebb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
0a1f1805d406482dd5c552a8651bb92b

SHA1
9a1bcb07571d0db577046cc4d0f6d99fdc5d1e73

SHA256
28e8cfa67cc7ce00a1ab7ac979a7f57bc788a9798ea12d50f05002752fa5752c

SHA512
f6fa9a37e69ff6b9ca0f8e3f8ac2e1ba623ccdb036c5c688ebfd4e9d851e8ecd4a796bc18567ce9f0f2bd26be748a541436b257f3f29ec187eb673d4f09e9ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3534bf9b8fdfb81d90cd6011be771a34

SHA1
5ca447ec37a516e5af95ad06d149b12e3b843654

SHA256
20a9d937f617e28d135dec367f64ef2fb0557f301d89b0b34cb998e35a6560a8

SHA512
b2f76b8dde144da19bdac5a81e2d0248fb648c3e4832dc5d59832cf292d37f4f44c4d7ec33dd6206b972d424a085e2af87355581e5abbfdb7bb3cd412ae64348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
10KB

MD5
97ccdd7878e22b4a5e04184e31323803

SHA1
fd05975e48b4d7b72e5c58da7a43707b6f9bbdd3

SHA256
5368510fccb7181cb38176cfc38f749ef972ec7f30b635eda0e26010c0042970

SHA512
c0bc00b9dc341da6e3ecfee5a8d0829bdf899dd00932986e7e64bd87a1ff54535531b80c0f40cad04ff2de012d474c4ab06f033b0f3a86ebba8fdb4903cb0b88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
6c43dc9b2bbb9b283a6f98c65800a3f6

SHA1
7976d35c40e5ebf68bb8dfbd02bf905651e60d73

SHA256
6075f7957e0eb9a979b829da9026faacba2c14013bf2cd5ee0390a1004af89e6

SHA512
97229aa35b91f63520ff5d9e9eb4fed501b33bbece5c8db12308f5d01bd38d4685b378b1f05d8909d45dc4afb31ca895e43af98c3f374efa54d16d300265f777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
3f237839191ac58ee13839b2eebb9152

SHA1
47f77bdc009220b9cfa17d63e699bc8339228936

SHA256
954f688da235a9c437cbdb759575dc649cac3c844d5ba569399220b593663567

SHA512
5100efb0e8aadbbe492ca41c9a7d63bfe065af35b9f545cf3b43d0e2053e9de1826b0847c5dc094f4b594587634531b6e3253ce0eefe693027500d735a834a99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
8KB

MD5
4d849798eea52feb915740f99e5ebd9a

SHA1
11214048054932f47d256b95b2fbd3ed99bda567

SHA256
8d9c2ecf5742d9b5e408dee59b826296fd8b3abb202d585ff0e2d47d2c262121

SHA512
39a1e9c649eadb15fa5c09257fe4702056e8f641d4ee6d1818a57b62fa52fe18767c1b817d13fb4d89605281144f27a2d316c4bd834cee00a1d635f467f7f33a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
11KB

MD5
7e9feeda5c5c527c3283861e64cae3a0

SHA1
625415c388672d2c77c7f24e6596c3c6c591355f

SHA256
b3b7bba61374f1ee43efea9843209549ebe59f2ffab175ccd7c49cbb2b9b6e12

SHA512
9d641f0cad491a59435c166aea73ae43e462fc73dd17b677d013f235448b384e8fea2b5d21e43e3ff691655458be7ae495b51b5dc1b586864a4943c464758c62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4bb4c581dcac052337521102c4ef6c2e

SHA1
2f5195cec6dc4efeca82e55ccd42652bdde4af17

SHA256
479aa0999ecc028d29b699bc13cc1d2b9b49f74d7b5475eab36af77578355eb5

SHA512
4be58812b4848ff4353f4d0e61473885b40f32ccbfd85e560cfc2ba1708eba926fe9fa85a5441fda6303e1e189425e0fcfcd7a7cae218acd32c5eb8a395be805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
13c4556c6507e654d70e76921e26fd75

SHA1
f1b0b94ace23da08bf1a16d5950bf4a8e8691326

SHA256
46890c9bcaa36e7e0a93de7ef5be057ad504643e96649bab0e31e4e1ad68dc8b

SHA512
16c2374afc0d2bddac128808784939c4336b832ea495f8cb84c979e9db06c138cc67e54277c1b701cc96ab4ddd603d38302b05c1f026d2bfbfe07a157e5af4b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a552bbca76f2ad4eecf30cd3c7ccd7ee

SHA1
ad2e5a698054995904298300565a823992e902a4

SHA256
de9455eeb685b412d7e737d2b86fa2e4b19415cf168a9364fbd14d7e9c049195

SHA512
eb4070556e41f6da4fd3c59da67182f4417a39037ad5552d800ea40b0c46788d3a4d84a91857b99fb2fe7b68bdf72f1ebf58af014438cc416ce7846e03cb9892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7347086e08d1cd81ffa869c5a8bc48ee

SHA1
87c3f79be8a066ffe518c1d5845d4548a854a44f

SHA256
c5ef749a25b4eb781b4480a0feb47a4029027c810ca08d833d9e6021042bc4e3

SHA512
0c3a6913346c37348c4df896e54f290ec22c6aea4d895cf144ac30b7a5052977f00c4e653d2325ba39d305123a8abaec3eb2162d950d68063be0fba9740f93e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
471152bd57463e085ae3a826d59b7523

SHA1
7baf27d91d28e7781a2c10a559a78ab8e2db58b0

SHA256
3b1a0ada1d4cf4921d91bcc0e18ef1ec10b193cf3a0b4a4bc333aceb8fdd529f

SHA512
2c79fc9457f7bbf62cbf824e53b01e39aaf8da2630c2c3a803591e166cda9c23617fccc598851cd276ce83bb2b9eef44fc08e07d7d3625941000d62b272e3926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a0e342e6d07f9d964c5a5a424b981641

SHA1
b7c11ad27a785b4604474be80ee036d1cf75aecf

SHA256
54f75425f0f97326950ad39d942b558d2af0ab23bb9cc39a75e37c949f5eae4b

SHA512
67fa9fe362fcbf8cf670501881448d0e22a2e53e5ec403deb00af16a4364624d1f7078780338db90e2a9ef604c450b8c0735b7636b56d7ba45f56285193a3cd7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
eaabd14206e2f30dbdd827660d0db9ca

SHA1
3029f096567d97d8b15f20812d5cc7bb04e65984

SHA256
51581fc0f10bb8a2623f48e6562aeccb4449392d17b012fffb139bd0f18b9a39

SHA512
8cf3f738b18d60389bd1970fbeb142f7c114cc15ad845ab8f68ea1a89ce31b0a65e9731a485f65aef0bbd3ecc65d0522906ce09e40ce3beb3a73c47b72a77651

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5c1efbe36e9d801920bb7c53e8f5c436

SHA1
76ed4979e279047bd536a2fd731a5b8df181679d

SHA256
6737e0480ecb6b813276752ed59eef50602bafe03ba9988948df5bd95d1c4347

SHA512
db87c401015b7ca04e9ed396d0ea3d1d96e1ef4ec5b1a660cc3d83b6d2c2f90f4626d04b8a3e063da47f42754b40ab4d2a66cc76c098f5eb7bbe41ffc3088014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10f847f8e43467366a4756f43a1a964e

SHA1
f0c13072e47bcdb6c9810606e61e72d7c45b625b

SHA256
b9ee8a7af95b96407bfcb56d043429dccba671b721947a77ccdcd0c4ff68dbae

SHA512
6efc6d2ecdc19ee6dc76521409044ee9b1c42791fed7709080f35e8fcbb11d559052073058a27b1bdf75ecbbca17efc8adf3ac7c4415ea87c97b887ea9a3ed66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9364c7b6f44a4a3c3c0758106ec6df56

SHA1
003d8fa5383c51390022e0075b12b91d2db9b820

SHA256
a6c0b4c194848646863edfc23969f4a3e6d3b36b59f8ad65ddd2046f2b669114

SHA512
f7930439b60cac6e7acfd9bdd8b60700ca455f0cb52d5f7b99c8a891e75949cf16f2fe65b5390f154adcbd6d6e960229ccd1c580849c45c00e1a147ed2c0ca16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52373d956cd1e9188b8f4f0ea97c50c7

SHA1
1bc0322d3eeeba3028427c26ff14290e386acc5e

SHA256
7e941b4e55c1f0d4ea9c8ac7b4381489ec4fbeea315bc2ad97af729b3768d427

SHA512
6609cdc9858a20b30ddad504e93a31886579c9079998fe4a618831bbcae6acd60d910e99b243a3bcf14985d565798222ea8cdd4e7f0136a9cbcf2931a1e98b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93d1fd55d5cf5be1b25c11faed50a7a6

SHA1
1e5fbfe863c29005c38cde4f1c96e30c4f799b8b

SHA256
1d04a9d774ae5ea2883a8f49c5fa4f429d247de0ad93827c6479c926d7ffa9a5

SHA512
9b946397d142f397535e892cb661b0c8cff3141095d93b6f2a05dde1f7a086142722ae15effb9d1b8edfb5f1effe4593db37f6ddb3ce56aef09d866a76e8e0c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
acb671254eca9e2d3f4a9cbf03ee2545

SHA1
fcde55f96ce3524b8ce42c5d886bbccefbf578e0

SHA256
b80fd9345bf10b7805ada8a91a8f309a2e55057817f6ca70aebe812e32b9c210

SHA512
0f8644a87c46088d6ef8677c4a1fb648534c034e200caa4a91831e37d2e5b4dc9f9bf37097f43e4eed2e4a890414b4d1e9752f195b9f809a189028391c2e024b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
08e5531e728f3da2107db08b4d2cae88

SHA1
e96aca4bdf78fb8a157958211b4188e8e8f766e6

SHA256
4b62a3d6712deb27f38d1e8870568d3f08a61335068dc4b1e43dfdc1a7ef2c15

SHA512
19a67e1ada30e6d658f412f3fb721e9f92aa8506d772588b41f36068e24ad97d3c94b27cfbca0556996da917c7fada7c46686018bb55f4d43a60f8ff11813061

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9837db858f92d5f513b865548c475e09

SHA1
7c61262ff125582689ae1015d57df63ff8c398ff

SHA256
be1fbc3609881726cb96324c2e0558329a9f40168ba6c0aaed4e6a29947e0083

SHA512
3171ec2887e329f2719c50f13fefb1616c4420e896c5076683d1f12a1638634733572adfcc217766e80a4398a0f63795032906a18423ed615efdd6b16b900e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f03b15a1ac414c114bc7e81a177846a

SHA1
f252b13bf232f9bfc57fe851832803b6081cc9f0

SHA256
cc2463eadacde1af97b7754424f1d2f75297923b5f9a932efcb1409f621d419e

SHA512
a3b824d5a4057a12eda1c4254809661ab089208127665b9bfb97c011df99d666343c04f8446ca7b12e2feec68e75ca35562992fc56a3b7e9c545652896c28f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1c317bdfca302ed5305bbd86aa87695f

SHA1
653a3595d6734dc9e3477453263a938aa0532a26

SHA256
427aef172245caf1c44c77ce3901cb921a3fe80d3c9785df6b7ab775ea3ec839

SHA512
a6f8bfc11a4f03001bd80db32cf154d9e472f3daf2d4a664ae81f1b3af096c4f770110da7a4618f4a85fbe38a90e6f115ef0b782e5f4c82d45405300cca60c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25a9a3e5cba08513f4be690a8bb4b7a4

SHA1
d07d27d4553f1d66557dd4db27ad49d7c96017a6

SHA256
a7ac4a48b0123f643f53d508ac704444558830d095685c1d699087f063c3b255

SHA512
98a3294c60894f9d42ed27e0992c20295043542974f6b4ad89922e572b6e7fb38b3ed4392e4f8c5cccc8a27acc9c5c70633905de03ec69aab42b9e4452c86c97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
79ecfd531acf44650ea9fc53bceddb27

SHA1
321643dcfc00c9c83251ddbed6ebfb900de09f00

SHA256
87e1984a445b9bc9d2f41f783b7a8ad8c43ea95386f3887adfadacf075ef8f3d

SHA512
b3f9887f2750053869a35a0ff3b354991b834304225a6a368ad3a12e6ce8fddc0ebdc041ecb0f5d1db867a9937f4f78a6268a03ceb32faae943f38df64ccb748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f1c5faed6b41164b7aa437c0950f65cc

SHA1
85a135c11e138afa946e3dbeee40e17e012df4e2

SHA256
34d4416f35300cabfd8c19d33d43020bb796e15696f4b92478c0b333de718a3f

SHA512
6a282d72ac9b1b0a0ecdca7196bebf3fd49d327b19940fd97b60efb8ff30af15c7307e9e0629186e512d55b7ebf3710d344f81914439aa1b72789fecb19d3c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
40a90b977b41ea514d4de6f972417a2f

SHA1
3f383538d4c25822fed329bfe12e29c7e255c5a5

SHA256
4bafa7113dac2d1c844fcd59209791c1881b31225207a8d0a70567e5cdd7bf42

SHA512
9f8ef45eddcc72a606d3aeac4cfe6b5255d0eee07b6644671f1fef6c4be1552ec0193ca1c981b5c2b3ee91d2a8c495e8b726f3d5a36afd0414435855ce4c2859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
823b8b2994e010436cea6ff13b32bdb9

SHA1
964b4e00bdbd64c7cded43cdfe2319c207719131

SHA256
9e715225017f14b77afecd9a01c84ea5228e95e1388fe49f6d1bbea57f20ea52

SHA512
0eaa9621774559cfd35cae92f08bc86831829fa9b9af5d8636ddbfca0b2840df5ac35e0b5f664d8074eb8c026c459ba10b4b3712dd27bcfb6392eb7e507baa5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ffa73cd968b614dd4f35253135deaf2

SHA1
f2d7f009f5ebdb9e96a7e704773b1051fb344db2

SHA256
c96b2b14f72d0ff782cb8a0a815e237130a87d1a4b5c647f730b8c04755c3d0b

SHA512
2ed31de4fa6262234576de80d8ece8b2309c3953b4471b6896c9291ef193ebeeeffd6c096df06e58809717e92f91bbad72ba4bd9efd0787764d7cf8bb7262068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
13bba6e124a880e12ec643b3f2ce75a6

SHA1
228afb744d78a1287da4c8673ee1bcb77874ba6a

SHA256
2fa14efb463c60da9076b0363fba7cb5236e668f9c65438d5717007b1827d219

SHA512
dc5893c1d2fb4dedb75ed9d5754042dc0b7c2aa999dde44e1e0f02cdbdb72188deb9a1ae912e55d1a1d51fd595049a12cbf6bfeba5481ba2f2e7d27ade31bdc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5c9dc29b89878d62e7e22f1840375f1b

SHA1
d9d66a29335323eb9f1f3751f495f895bbc8964d

SHA256
e7334fafe4f3e244b8cf10059d817088be1b2f0f102e14c436003027a0e4a0f6

SHA512
a54962b872945efbece4ff5c2e418a6261658cab9da7e3b4cfda4ab04842009e9d12c6620a1dc56a9f4465694e3f7fcd82f20245fc402c96a28ff4e4c7eb624b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
95264b9e2ff5c3ad94d4bb061e94944f

SHA1
2561ab3bc5de4cfc9f8d36a599933c2073ff7f75

SHA256
3d0553668703470c88f2c9e7dae0b6092b01e560fbb974bb5d281aaa1c0f300b

SHA512
d22c60b0f951c98447124f19cc7abdeaa99d9945f3f3a8caf9aa3f2418de3cd25865b5ceef84f4f69b00af7a684a55193c967b91fceab190a6189f201a23d98f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
a9d645f0d6b0240371d3389189d021b3

SHA1
57499a44612491b8e266964f42afb133f2568fda

SHA256
b36035ffc4a793b46f7e4eec18a7d7e3b60d33d9c1c90df86599f7439073d54c

SHA512
cec4812a271830c582d381dacc24347a0b849a941b98ac755d28e4daa3ba1079bfa1c93c981415e51d109aef7942508d343016578a1e9d0572436603d574f6fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3d73214a5a810071ad9f528ed124c50d

SHA1
37cd22ad88b02f20af1e1cfa0c7e49e9e7c1f59e

SHA256
cb923e7113bb411f53c1d0e9c3d1e898f117d4d5e59727a3c42ff22242883f19

SHA512
697b984e183e37349b88b58c3c3bbe8030662ec4e67a8105907f3abb69cd97b3ac7ff4a5c926299dfbc6c8cdf8e1c58869fa60110e14fd87f125255db94df361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
7d81f2ea67a8f18de944ca01015019d8

SHA1
525e9d721f596bd44483cb7aa499adf3385e9d79

SHA256
90d7f49394b81179e6f7fe6fc5c8477dce8056d2fd406b7d485352e014b20949

SHA512
87bd03e705b53c2854b43bb80b4a2818b345de47347d8a044668524eb4c3df826fa3bbe68901adadd9b06dbd4deeb13e871a465333fdc15b04389f549cabc463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
fd28249c1d9ca30ef17a876ba9b6e662

SHA1
cb98eaf16d88240ee9799a5e58bae70508fdde61

SHA256
768c14028e7e44a32d487c094803fd2950a2c5da17877452c65360143852d3fc

SHA512
a8b19f3e819185710ceeb16e11c9ab33b9c4d7838b26385350819a44ebdb3ef8cc745cb2ab3d82d5e90eb947b30bd6eece89c6fee3c0cf5c4331f1d1f1cc4ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
aa68e61dbbc0e939f27718ac0675afcc

SHA1
1e50f6590b36c088b6c91b03b6b76e398d9b178d

SHA256
e253e13bfa198cc3b9ab8922bd60bf1c9337375dd184e1cdbcfc6c725d40ee51

SHA512
ccb22a10b68d5934f4ed88ea4e37ea8c09658aa3a7218e3cdbc110ede034ae997006f6e31bb3f92ad808f3f60fbb86a7628ae8e5cdc6dd544ef2450c7f24e28b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4ebf96379a4a54e06955f044e5c1a79d

SHA1
e186dbd29db8bf0a4ba4762592c2a58686cdcf3b

SHA256
4ad92ae70f20778ca26a3f253af94ff65ecbdfe367e5c828a2b7af4704ddc33a

SHA512
ed725eaa4f5ac93208ff341b9e31670360fe70ee4b33882ab0633bfe498e04e8b9feb9edb18343ded88c3e99d360233510c151fc354c5439d13785681b737424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
26f0f625b8f41fa82d0a93d2d651314d

SHA1
d1217f9e8b731ecdf37cec89fa26eeb8fc834dbf

SHA256
9d7c29a4d867b343d5082c7d6d05682d9b71ff0a01405314df1bc8348b357b72

SHA512
421aac5135f108fd5ea9a599d361fa18f3319856aa8284372e0592a7c6a9a7dd506e203a894afddd0b63efbd994f6c8949d414847e8f406f6cf502717b63a927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
62ac276f3b89d406a0739c84f3bfef0e

SHA1
403f4651ddcaccf5c5db87a59e1795034b3048b1

SHA256
2325948b8549dcb3bf73c30dfe33b72aedfe7ed1937d6a4004effc1ce23cf135

SHA512
c8a87db65f233a8456f8432c05fcfbc498f27aa70bb59d9fc9384fd8d313b53af7f65b51a5fee5cf0c8fd2eadb0bd93af0a2511813eb9edcd155d7ef639e9ae4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f969b865ead417fc9947cbfa6a350bff

SHA1
9922fed121dce10d2d540c56707d237969210b47

SHA256
5a44e79efc840042c28ec87b6bd6c31e7d352e52ad0078eca4bc6f52c53a403a

SHA512
ff0a633e16ba1c4d6cdb171c29145dbb239a3cb86f2f9e81a2bcf38cf3b2e9a7ff1dbdbdee31d73c48602eb332382bb39c1e86352b7a72e5a905b34ef340e3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c7b9594ae3e4045927fe50b1dccb0aad

SHA1
ac03eef37bf31085e8bffa70d7afbc3e613ac677

SHA256
da9c996f2184a91f3c28c02594729d7904d89b71a17aceff4bce7e7be5fef6c5

SHA512
fb896a4c4cf49179cf5ea4795318cd7581d58219eedeb095fccada23d9d217318ce17f40653b66099934767ea234eec6cd76b02c2a5c1fe37b1cf9609c032108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
dd2db394d6f7d3944ca0f490ff3e953c

SHA1
f04ba521c561c150b900dafc59a6500e2213a41d

SHA256
3d3db7096af5c994a59297717922621bfbbaec61101c180f343d86adc2b150a5

SHA512
146c511bb2bd7ac5edeb4a2f26e445b276bfe42e8fe937541246bb28225e9d6a1358fa8f24808ce513a18fbde07ccf27e48863261db383cf1375f81f2a7fb67c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
83e48b43d4c787e915cc37c1c5b73ed6

SHA1
8bbd10bab080188957ca705af2e5bc34df779cb7

SHA256
2258811a5baf408669d2920644006acf5626c03a0b9c27915509b1d7f06ddf32

SHA512
7e06003f8410587edbd2ac0b9b1a259df6ba8415182832c445f3600ce072f5c859ba9dba825fc2f88713ffd91bb86ea9bbfa49ee940b65796ae5a27dc5bd8b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
73032b5846cd11c946224f69be742646

SHA1
1872874b35ba4679b123d98c163b3ad5c5483b02

SHA256
365c4dd360a1851bf54ec4f168e3dffc8d6f34ea4ab40c2acafc2bfa4c2ff4c8

SHA512
5ab29c3a50399fc619bced61b42b6b9bb9b928ad05e9a32d1230dd86d97c409f1774271fbd3f084f04318a5f041a7a18dd864ed9b5de536fc145cd042d55191d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
562fd23816d4c3400f52d1518cdb0680

SHA1
9c10ff88d888444ee31f792178851c2cab81e45b

SHA256
ebee7bf9d658422d201e9e0cc8aef106e49914ad4ede1046f8c9c458e369413d

SHA512
d4c4ca1bb1d3b2b85c1e023985d4115f58feacc36136f58a08cf55b6d31a6c11b8589fc327926e54a28f99330c15a24d5ba032ec75926ee20eba614063fb5d5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9876790a5c3c85616ae485b5e5d95b22

SHA1
becbd40f0751304b58dc50dd8731f22b315da66e

SHA256
36514bb27906ef824bbb274f6ca6f76aa976e89ba4d1bbb9b43e703f9af9118f

SHA512
4225a59b87baadb93cda8e082464c84d82f15f1ac286b8a583c6879aad22267a442212e0a1575db0474355df8d6ef084d721d37d83384dbf120517e7ab4a3235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e45f2d194831e01520f9a87bd0c0968b

SHA1
eae00b03c93dfa35412a6356c362bfd390e22ddb

SHA256
8f1cb7b0fdd735e21586f6b944e6fe83dbf3cd2adc666663e2992d5b2523fc27

SHA512
eaa7a489ca71e3ba03b9ae8b1b88d164389d63e5c2b393193b1c496ada17225e55ce23e782dd55b9aaaf2f28ae1fd351fcaf390aad46c0235d6062ef9f44ddba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4d0933694b95db492323d5083c11e5fe

SHA1
21a39711c1a809f0ee99de4c49435e31be33e655

SHA256
1542a2e4b890c4ffa2565b2eb5bdf1e1fc74ffc2ca659b0e828d8be52818534a

SHA512
d795527680492b45228d7aa2ad4e4621430b42a0bc23e6bdf861b245d6d5daabdbd90fff17948b7793aa5ce08eaa8bb304731860557d53d1023689a17e1254d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f36c1fc6fa6c872f9963331d19eda7f9

SHA1
69142d9017641e52a0d3d7f4cb757f79e653b833

SHA256
f5319e8b2b41d39dab9fa8b82f66f4a71135c41a483d5fde6a19d98dd1761445

SHA512
a5e368537f0347b064c36f800d5a65daf3198e52821f60c22ef78a9c10fed096c0162029417ded16defd8ff3effa061b4661f0b4080b59301e2decbb996205ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
355508a231e4eae787af1810c7e1eff8

SHA1
85530317286ef84145b3c29bf41543ea01d6b02d

SHA256
740c836883b7178c5f09321c129958844275bc7a7886035591b94c1fad4c3788

SHA512
3b67129fbbdf1a99fe6662913bb91c43066156bc22cd17d9bf4ef000fd163d69ba6524fce8a99ecd9d0a64bce97a3dfb789c64708c2ea26b79bece062df68c20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
06f931e2ff73817923b3e11b157b265e

SHA1
7cfcab2d3db058b86743cffd780d6194307acea2

SHA256
a20b2206bced3f1b769c52c3013fab10de2a0881bc19bd47edc6eef4bbb3328c

SHA512
5cacc595c59a67bb84ccf9de65a7ec1bc3a2d4c1f0abeb8e0fa5cbad81462980b71daef5728856f12063a1a092c1ffdc8f244235f3f83d8546e337f18a7a18e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
e9464ddbeb1f40d90a1f8054cf987d97

SHA1
88245af56de5db29e20ab00fecdf9dfefd8b278b

SHA256
469b5f5571c6a086b2d8817cbc9eb7f655bfa9f2663f22637c43ea0a83a338b6

SHA512
3c6747b210bc8abd628824b33887c3d7c951bb1d5a7b0eb2dd41cb4baeaee53b0daacd629b2a7fd4f01f216c1e603b9993cebf8160337f20460af1216c4cb947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
58f28bc186fb25a2f2441b93aa48d93c

SHA1
921e0f64443b5953a96de5e28e4d21303a942eb8

SHA256
44d05fe615e323c33258e7fbf66ab9775f4a9f42aaefb98742b8156682522494

SHA512
4fa903cd767bec377077de6ec0bc3f5b8a868fab7bc5c62ee3d1fe13ac64f7f84549faca3bae3ff4792f0d9ee18ca685c0b94e4f94df42e0c2becf1a27df508f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
e30fd70c7af3d897501ddbb40cfd0c4c

SHA1
f08d9ad7a1cdd121f500e981020bdabb4f0de293

SHA256
c515d86c613a73b7df258532bf9bd38110b7f1e118130de04cbb81c23e2bd9c5

SHA512
cda4609e68a6551fa53a44542d09b6e94f3a0259d0905b6357408ed68c5826a87c28eda1a528dc827ca7862f957373ec73eb2dc1956b206a54a500bcba39d60d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3dc54a5e2aba40c32b7c74f64de02c20

SHA1
442458a965e68954980b6dc540806eedfb158157

SHA256
3b89dc859c5a648b3958c5ac22d2bf4c08a91ecd36dad91ad979a8f8f75e701f

SHA512
d54cf2e73c7001ab4ad795d9295514fa11cd388c31545dacb831e420dc5ce0a2a1fa89e3aae13a8884a8a574b3f9e762c0aaf469073b4b594f451a5728a56f04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1ab2c2611024f2a9311ae0ee7986bb4b

SHA1
1885458d0cfc839991be1f12c49b9e33f7dd6276

SHA256
1c950eb2719715ceb7abccb9c3b5ce6de163e29d310ba7fad86db03f64339087

SHA512
cc17afe2100b4182904e306176d2d00ded2cb59469842999ec1e5af5754a0489835bf45a8829ac821057fe8ff280143ebf78655ab6af9dadeac8bbb4878ed946

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
952d81d563a5ecdd00e1efae8903f70c

SHA1
0ff7b48968b9b216754d87616f5e0300a0be8304

SHA256
5b5b478d37611cacd6bef78318d0cd7ce99054016f22e9b5065fe5d672df4712

SHA512
0aca91cc2b4452e579808c575560c9e9f7b5148dd5949b0eefb5bf5d7c562458e7ff043987403cba8078be254bafd431e491375936c8fdffa026876f7eb10c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9c58598ead17e16a7c42a18981001460

SHA1
167847356d62543324d3ed30908299ab13570181

SHA256
1f5270ce2650f8e5e217dc93d143dd7d698210e257116fa6d67e93487c869fe7

SHA512
1c6fc12adaf87f77d6a973c3ace7c7b01ba4f0fb23b42e377d4288d0bd12390188a53703f7fe3bea930588800bc6eee21c95c44fde147beff893d24e5c923a1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
86b1a9e8299e1a3940d215ffded18167

SHA1
d0532ceb456d6372743eac7384d36ffa98e01269

SHA256
0e313ea0662b95afecbc88995b8ccd0d3b631b6982824a48d5dd55ccb46b9e7d

SHA512
cd0fc4445d553f190440c5c9d5b144e15038123828945ca7d615842061e7c980bb0447bc3b26aaff46a5d8becb52c12e1dbf086a5dfbf8414538e62e493564bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
8b352d978a5283d5dea28430a6546ee2

SHA1
aa9237136e719b8fb8bdb422e48f27322e0daf92

SHA256
30175123646c2d2f8896f82e7a505a4c5bd8645287114255a21e3311f18bf637

SHA512
138ddc82c82378ebc2bffac78a7784e8b50073a76d241cecfd2c1a9274be60cd074ceadc8639d39d623be2470d726557071b572fb7beb44636d40b76986105e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c13db6c69c184c59436fbea59eedf0f3

SHA1
ec2d03a1e096894926d689f32c73c162f76e725e

SHA256
f0f673ced5d0d1c04ea32c6308999b4206bc1cc01fd5c9d9a5033b4ac9b1b7e3

SHA512
f069939db8f24df24265f249ad03d47bab9909e286821122d6a51df872ed6420a15c89225a7a34c0678aab3fa2f5c3f45ff678a9928e0d7f2c28cfc957a3c1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
31cdc4566ea0fa930a3b71a871aff092

SHA1
cb7522729a944db3dc0315916cdfc82b0d5bfb16

SHA256
1865b0abbe024c4d9193a8ec0fd42e9155f308fc688f21a0d60ad4f907331571

SHA512
71fbcb0ec811e47fbc01d6d050fe0e5dad3c663fd41824fe4bfc69be1179173ac0557b5d43dd99021ac0ccee5a2033b56b2e49c064402fff9b76af23d5ee1a6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cba3446c24964559f08d096b6bb77416

SHA1
a1604ee565501f0516b87f76a2e0ec6e42106a52

SHA256
b700c6a7ad6009bae3095b3dd27e23b62f999adf200e5a29a10457f820d4f677

SHA512
de03bba0e093dc35feec8ce79f3b85c402e81a32c10bf90fabdb9b9d19789ff349d4fc5d0bf520bb3c27bafb8bc368ab3b5327872cd9610c7bafd2b94a608a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cdf6ebccf83ffe04a704a580bc737472

SHA1
7a2ff1ef317ef175b44b6080fb17780b8623b9c3

SHA256
29a95113c9df56c33dc377290569ae2de6f1726e251d7a11d01d686ba75be429

SHA512
0c5f802f6a4c614fb4e9bd61534d2f593978fe78c7de76f5c0229f87d54c2b85732f33e9ab29f2927b64acfaed9da6837dfae7705f6a5f93ecdc73c4fd0c067e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
587d7cda88fe39cdc90563a6b174ab4e

SHA1
413b5326ebdece6d6cc800bc62bd3a77df514b4c

SHA256
09f93bd3263700fd356eff61bedc1b7b86140be6b435bcff0b82fbd3f7068790

SHA512
2771a6510a005950fe76c4f489c43ff0a184712839a19c5324db70c3d1a3996556f9584f0ca4ccc6047f1b355518e7d7e0edda80dfa03eed7c41e75efac4cb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
63e8eb47e91424433b9772c952e69820

SHA1
14584fbaa7734e2adc0b006a49904e86d0de5f2f

SHA256
4815abb1189f2ff6be2062954e8dc7e111b0d886f5fa85219735c1dfaf8e6f2c

SHA512
af96105a4389bd75556da817de2b9426afeae6224f3947ffb7a399e265d513046c51fc7408b1be59ac7bc38723cd43a231fd70ce0b85724cb29a27e4d6eac47b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
84c04304bf193928e43c183f92b948a7

SHA1
abe8b43576e3472a527a815128a1e9ff5b82e310

SHA256
e43b26e02bc3a2fb5665628e981c7eab694c8d4105a3c49ed99ba9f8c081c4a5

SHA512
63ea1cd1d50fe12c842da7bae601bc4ec241c7beed0392c1394704f828578a489484fd04981482fb559843fb2c42e5502e8561983af049c88280120a8ab3f1cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
edd050db457cc2a87972c4a12a2d5f28

SHA1
462ec23183fc6fa215976cf42fb31b1f99315a87

SHA256
60d0b4947a68678d7aa1c4a0b1e25814afb4e5e18f6d2a9f48bd0b9c890476c6

SHA512
59fd71f08a8fa6456ced1ff942b4c005c04dee50b9c4234cb4ed6b544c5383bef5338fa37c23753cc200cdeb8b8ceb415b4a344ef55bac0b210442e20c0d4ed6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da62681d86f1db545b0f3db8b0132de8

SHA1
83fad219a5115e5aa1851015b77538b1d7834f0a

SHA256
dc3224db31b1e75d81030219019357ddc12842be7e5ea3af8b83563a5eb394f4

SHA512
eea98e13b938e00cc17f452208e4bdfd3097da8b6e04bc1db3c2271addb86988e23123fb14f65f6aed61d3ddeb7749e07fccbe668f5bd4b0639bf189311867a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
c985e0947a6aad247c1f5fdf1ea17c85

SHA1
84c19d48e7c1091e9dd473d37eb76437a6fd7fed

SHA256
0c3717a4937c25e39586530f45b400d7f1947c11b1ca6d600cf20a7ccb38b63e

SHA512
1fc836cf0ddfa2e4431a4e07d7e6e89712c11ba80311d60536672b4954c0dedf26f40f821d69c52ca401e39a7ab8d54a8a3cf6aeb1fd28e7ada05c3ed6d86fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a06fd8adaefcd52dbd891a9ac987debe

SHA1
f13bf614ef42a55212b78084822feb9a07222a05

SHA256
38e506c9642ce96ce4dc667cd4fffc91c5967c6bfa657f5ec4b2ae3d2d6ae225

SHA512
294327551fa6e2258d1dc3c4a014feb3fd7484130653200bf153f67e886bf0bc05037ea0c61e0e7cd811eb02bdaf55bc8755cce96a46805d70ca5defe700d65e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1a9d7e2a96b57c4d2c593e46f3cc83f0

SHA1
c572282520d98efbb41720f4f97206d16e69fb3e

SHA256
3294459058c2be1367b27c8451cbb54f197992ba0a5cff899aac8bf26b27ebeb

SHA512
be4a1bac2387e88c1b99fdadfa9f51de593c3be196e0bdf5a1b66b1e24c067e4bb59e5fdf50f68315e556bd5837de47f409d480c103836194057b776be6f0420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
6ca117f44c7ecabc5de9920b6524b199

SHA1
62171485088150b1e4c10e65100138e9264a2577

SHA256
7c22572a2e2883c9331c2d8e6e6c0e6243952bc41b30f41ef92ab4ace7a8e12c

SHA512
73dd8ef6649f9a702253f1b4ac4f75d97876be31ba9cc70b1a10918e6fb52ce85ef7b794c875c355f4ae8fcd37cc1550fcb4682e46d2904c4a45bae946103c31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
58c18fd47bd3c48878545baea8464e35

SHA1
caf25b09bed2465c82f8b60b7888d6129f3c899e

SHA256
9262566cb350d723e2051b8e6968fb6c9ac263303b915fda314fd2dd62c31137

SHA512
3243dcbbffb38954295a213502ad4cdd79fc9ab0ee1a6102ecd49d25b98c840892c12301056a4030119c21705f5d69f123bbc5520eebf5ed5b8273715af0b75f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
ea93c280192c3e76ec323acd53832dd6

SHA1
3e7df1e2c981db3b5c50a76c8f7c2a2a1a2ec2d4

SHA256
5154533892d633963d976886be92b3be1d6bdb9e77a952c9c15787e2c17a8e44

SHA512
1c83a1efd8cda9d4eef678255a7afa396ef5e012beee43f63e059b7fad4ac46d0c016b7de1d27d54251a2c2fe57c08cca9ee2a95ca5098070bb0abe105b43b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6a7b814bd8227795f067f475080a83af

SHA1
99e115a45d0832a4fb6e0596ab220074f9ace290

SHA256
166344c49deea1c840e694e988670893b5b359e3d189686c691ba854faccb526

SHA512
50591d400b4bccf04744be7ad4d61d2f248893027c094cc322c79c8adb2c9e06cd09e313bb0d9aad7c2cd3f944d277815b75d955855952d1a4b55b0899a8e8fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6cf3acd05bf8b2b457db18d476c41189

SHA1
ef6451edc34b6d5e7b391ff598bad5f51acfb7d6

SHA256
21beae26fdf7baaa775f592c51ef8bda28f8bf8ffa533770f5ed4b99c91cc19a

SHA512
932dffd4943798c58c03581c02d8177eed1fa019c5a46da510fed9915951ace5daff1ab31f70a52b9903e9a77cbc3da1f6372d52bdc26b911f5b2a230f6fc1de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1c94f87696a1f2b2738e5d180c42a832

SHA1
9add43c76807d2f98d466921625ee9dc795c2d4a

SHA256
4ba4465bd3b2713061d6109494e2bc195c5b803532726d5d1818ba1df9a904d4

SHA512
498637e100c8f203b80fdf07f32d56d8aa57a30f6491786e2ab6f09fdb253bf34806c4365bf5acfc51b8701f8adda3093d2611cd065e2a4a76b48add477530a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b2ca6cf97f59841eb777e5c0ef51bc1b

SHA1
23a614e59ec8b42e0dfca05945efb18eb40cd341

SHA256
84793b603b748472a3efc174d1837cd1c379e86f80e0315f60d7edc02ff6d8ef

SHA512
e1665a855bf3b85211ff007fc32860f5f7707eb6bbb7b39c03e16a41c1b58775ba40b22ce3d2519509b174b26bba1bf94fb78c65911877b00cc89ace1e8d1e17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
99320ca542a0c8c26bd545207020105d

SHA1
536ae63dbd26a0116b697d1ff3e434f821fdd9b9

SHA256
d088238920129e6d6ebf2d008e78e16b51518bffc3e50277b023d0637627618b

SHA512
0430f3eafc84763ad6c7742a2840a224fa79b1f95c525abfa1de30ef6f75e721c95445749142285bb62bb0ab03fe5f79ebaad6acf8397e9df39ac33b20e03975

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
fed94718cdfa2e55636f386152192ffb

SHA1
51a7c46aa205067dda09c2d87d22e239f1074518

SHA256
c71b6d4496dd90fada7ecaa279d2c950c9e77d8c1689ab11858a79768ac5a5b5

SHA512
2782b3355511e9cc82749e9d7557c11f5356ebbdc8dffdbc0e092a0f7ddf7d37b4d26bf9cfde977f96b2870e17d0df12928367282efed8d365207b0139a10eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b746383998f9be74e7a98c0ad8fea65d

SHA1
34eb9c9af377432ab7c0f9bfbe9fb07e6aea6f13

SHA256
952b84f847a750241d90c1862f0ecb3646d9db2ecf82ed8a32a3468bf9126794

SHA512
0a582705143ed0536ed70248be7d6baccd1fa6563b0a5d2fcacea95ed7c858657fe09fae814bceebc2cc46dcb5392e42c8be4aa8b538688f5f7d773812f93981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d8733ebb3cf217811087f08a6ecc99e9

SHA1
c11d98121793b0a853abbe1cb426f28f69c82030

SHA256
5ad0763f922b8c6aae63406d213ec11312afe9275baa203d17f7c7a31c7e35f5

SHA512
303d344fb3dc963305af38039b63a54dbe9a062f84903ece60776284a837efad73336b28dec44d161177479aa12cdc66f5c61fa82f5adc491a163ba040dbb7c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c55a2ba5165167f7a9f356ba16eb8f44

SHA1
f5deb33a448f751dcb2149069988cddad97c8386

SHA256
fae5448568c85e309d0bc3e793cd8580a76a4b73c7347618dfcb085159ee756b

SHA512
6feb5ff7a2466e198ebe60e92d6962386d13e7a5afdbbb4f3916a94259550011d1a600534d64e4b6364b698872f88298ebe37753732efba475011054b26f396c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4bf638c2c8e33f161f9ff59a81efca8d

SHA1
9855928c117f573a11d2f918ad6f9dcb3d89cb7a

SHA256
8b4e2991f99b9eefc4b2f221a31b25876586cd06aec22840468b895a50ca7440

SHA512
297fae770299899d5d5db48a0a2710ff4432ee53b26b45327d13fb6e87b75e93f524950c076c997bb90b04922cde4cc86a6f4639fdd958674b31b5691bcd0f72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e7b21cbee376e3a307cec7c5f1acfdd4

SHA1
24a746c2344ec092f4029497bf119592a9da67ac

SHA256
5908fd646a818fa3a680e00c05ab83febbf3d4670f07bc56a94b22de1ff5071a

SHA512
b97d1155453ec0dbf74d1bc4de45229e637c44e08ea1b5529057b77a13b4f15d8eda122e2a0ba1e95deb0aa05bc6a1eccc2e537f8fa316298ace2541d9b88065

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4703301a187416d8bd2c412b374321e6

SHA1
e2c7c07132484f6f2f9e0a45ec96ecfb0d07e160

SHA256
43cff65176d1b32dd9e52d11511cfd950fb10b863b7777aa3295f07ae309ce65

SHA512
9bf42947f0206104806987a6fcf584c7d22908b094481e9b376817b10ed9b3a34999074a932cfedb371e894c2e118f8116dcd2aa63c9c05ead36173ea9354407

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f61e2103b23efa5bcc5e1462e7712a3b

SHA1
2f42c481dd4ebe6d8885daabf8000abb0fdd1f58

SHA256
4504becf89a4753e8436df8a15e20f4d883b3eeee4dace4b9ae275d33e692f56

SHA512
63d8c5c0b981daad6e5f8f73dc117cfbc5b9c04543aa971306225c6f14dd745b0615ee6a027afe03d6189e1570273e9c8a4c0382a4d6a0d3987dab0cf8bb8467

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
bb1a1113a4e394425c37a4747e9b3b86

SHA1
8bd9eb01075ea7fcbd7a83ab7f68076d9f59a2a5

SHA256
0e769834c63497a248a25b99f64ccb844689d2fde03ffe2ab3190aa08ba93b99

SHA512
17bfe33a0635fd31693296db3d1d63283ef058efea580a18c20b81d2288184ceeaf224a7b8133879a179f991968783fa7cf27d121b0c186f3203638bfdbcaec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
836a78c1b26c707347bf60327819c6df

SHA1
7edd674b41b2439f76b6a34fc624b9639a0bee3e

SHA256
aad48f402bc5985340da86b0d1275bdc2de1f4c19b25fd70a09d8427624c2dc0

SHA512
2410ff5a2b38de8b98bd6e5fa57c8b95871e8ae7c3b1fe8e1f52cbd2964d17f17f03ba45a6d9de60d0d1f0192b5fc95d85ce55ae3998c3b219c25e30e25670b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
94eda9985631ca9bbfe5fb26490bef69

SHA1
92a5b07dc9d1ab9e674b58a037675f6f02c15cfd

SHA256
74151e12fe8a81784e718bbf53f4f9ce5180a2b627b1564571e583973e45d9f8

SHA512
0a0ee21d8375013329688d895e360dfb58233037847311c53a9ce4f5c1be5de42f615d5cdd788a6358a2b96bdb89080e40ec1bd2677d7103f12f9c9e82f9df9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a625044d694b772b9e8bbfb3b4f63553

SHA1
ebbe61a7e776b5f5187db12bbbde8bdf891c2d57

SHA256
29f6421d0e7366821d10cd1a23e02c249241678b54aadb45d9f6cf4407ac3d8d

SHA512
47234b2aba7475adee3a62ecf7081b1217fd75cb3e201276ebc8ade4a99b11e8217aa41e99b99951372bc03057989b0172208c17e924dd86aed1a92f3e60ad3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c710f4f00466b391d4d318c703df962c

SHA1
539ce368dc3b2885862a7df736961092d310383c

SHA256
a18bd2ff9f15e7de331162428c9a099d8045cadcb3e0746f396e86c23bcfc93b

SHA512
3e39570433af1ecc6987c4a9b51e8e5a44d47c619d549cee7163cbffd0f38e7a0552a7462ce28ce25741acd5487b38f461007fbe2a5167bc2386cfb675361184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
68e08da8df3a9c4d30345a96533b1cdb

SHA1
23e2ba3a9abf1232d9805a6f1c41e715cbe4534b

SHA256
d548f3e371ce634335a242904200766b6f62b249c8057130a7433d90db35c6ae

SHA512
1c68c80a0034db59b59203d6568635d78d96fa161c5e0e406e6fd20bf6082f9dd037b15c771f4029265336bb6d9d3ba4d9db4133a5f0936e8b2a9c853c39fa7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7fe2a31b9f2841125c1a03f2ba2057e2

SHA1
00d725865b35911f1af686c3a172ec2dc3dffd9f

SHA256
c9dee88b3ec100a68f9dd5cb0cc913ef5d9519aa1e3bc4b74b92b5771473b3e6

SHA512
87f4a6e8391b57a8d32a22cbfa31b9da703301807f8596efb28ab7cad1fe9f7ad5d363d45e51091aa5d8e33be6af99dda07a0adf06b8cfbd35aa85fcdbe5b7e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4a7725241134cd9c89f17b4921adc06b

SHA1
22d9e7b53d807ba7d4788891b98c632d201a24cb

SHA256
250a404bad9b1dad8b4d70efac8649c630c93f8009d0da073b911d5307bda6f9

SHA512
36c8db9e48724bb578b27f5b6d7e9e22c6c920122e3ddf3a1922216f01842715edc32f9fd0733e02e0b3f065f98d8884e3b000f94e89d647588c49c83c856f8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
84e6628080de205f3398bf83a1f06d03

SHA1
0e73c301c26c6a47d63e67d1b3f1ec8d80598832

SHA256
b508b448cfb481e04c6be8206f2a97421a96fd36e03e1dc640e0c7e5b423977c

SHA512
ae703bb86b2c8729f9974ad48a6208330cf8829d9127e05b2741b16c9fcda972857f03d55cb8bc0de563a46bbaff30ecc59b31832015c212ede1de95bb3e6401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c63bd1b7634d74d5d5caaa5209d679ca

SHA1
30d572d70e8fd31070508e41f7659a8a5e50e0d3

SHA256
2e897d1d09ebb27dd8c2aa6d900fa79b5e33fe59ae4fe9f226c65910809b29b5

SHA512
c1a32207060092390bf3dc25ded62877abc1f25214bd2b02e45261cecbd0fb704a88a6e7e0ca9075fed28640682fa91502a29ff9ba63ca5971915a0d571a964a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
fcfabef6d1e7f149207914846513566f

SHA1
556e8d37029c56de6d7b40fe7e6df78e432dc151

SHA256
965ceae6c7791c742a8ec943ef3efa413264736c4c8b613a21e991480b1b44c1

SHA512
4eec9ef5f994e3242d18ff4be050c2dc889f5ad3a86b5264d14e3286a25693e95d79cd45a7b0c44a8515816b13da2a55bb9b7bebc4bda5152ea11b7c2f4f0b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b2c10997c27e5863430c74d8120d5373

SHA1
ffa67770717ee02bacbe4bd7485268cd0f37544b

SHA256
8cd8256966fe4c1b560583ebd4c45819401b5d763154984fb609d98cb507921d

SHA512
c3f3dca3f9231e9c2a4e24cde5b242117b8321c578215bb913016d1f62abaaf4da1e093bcb3e495375d225d539c68b0d78c656b1b17dbfeb4c4ddf0a6ba42457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c138250bed3a7cf7546af2d6b25dbe99

SHA1
2180facba731dff7d4edb8b9554b0730044642f9

SHA256
c01f18b7395dd99ffd3bb91c7769d17ac4243a0a8e3f6a2b53e96264996c9bc2

SHA512
9f288cc8ce5f2eedec6b14c71da5eb4ce721daffd6284e3d7fa78ea2dce7db550228c9de0eecf1eaf8aee2e33dd644f8217c552dc2a919a95568794c6ba80f9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d504a7267a4e5a6f57766327c55752c6

SHA1
d0aa48777ad4c407062945dd196d5a0c637a4e59

SHA256
2436522a8b301335b5d5196de70782da0c08aecd3ef0d5ee97ef3386e3acedf3

SHA512
3275daaa3128c5c6aceedc5643b4eac0c85a79ce828edc6906b27d46581bcf52d5ee8527e4ef678c4749e5f5816382502e1e2690ab8e58bf42b3ac996353ffca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
59682a0e0af5840c92756e8a493ffdc9

SHA1
271da95c678f695a7249513045b86b94ab7e92d8

SHA256
d781a4d37e31dc6a93f705428e135e98c83784633312bda30e8c4d9569c33d36

SHA512
04b380d8a4491ff2f197bf3b8ebe880321eab66ce8eba2d881e3164dfa95db1760d3cd9661996fed47828c169ac39bb0f2b7d5264a34b7edf9ec7562341db821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
62454f7b45ec231f236dcc618f9c2ede

SHA1
3d98f4672a6f2647d6baaaf818b2c71cc6ad3d60

SHA256
6ca30148287a768378f11e4fe422a26af3477b6f632739f1ac3b20300a243756

SHA512
8258583754b62a92fb0ba7a3da68b60bd786960b24d454050b246c05c2fbafe97bf9f528e3cd71457fb64e30031a4285940ad8053096dede5c1ba8bc477a4b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
76249a90a798b6de23912750a3c9240b

SHA1
c479ec0e11878073e5b1ff112fc97c1f52654258

SHA256
a5dc8fed7b5cc5a9e46db5531135c94949546e1527580e27278d9873ce84e987

SHA512
1ed5aefa3b40fdb31ca0a2d409f0a38cb2e25d7e44458395f7443c6a8a715394504112ccbf9b00038d73188ba55d97c058cfdcbd506cc455ade13c52270317b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6b36f294364a864e3130b65ded2b7078

SHA1
545091be3d5a09daa8d70e63d253f2b00624997c

SHA256
5e4ea9dd2a79543a24e536eeb1d461503c430113094dc5c8ca50c9deb21d33f4

SHA512
5b725b305c6372038bea0feacc2f8fcf43198b8a6a713d25c5f8b564a81196d4ea0703b8201815f2a4478d6b0e21acfd65cb9b7fb63e2076e3d8106375a88abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8196af7a9e1957d76b5443e282ffdd33

SHA1
04b333c8cca64c2d6fd444412b75899da54b4bdb

SHA256
e9429ad8ca4f087093b7d62fe7effa246e3228b366c30ecdc347eca88947aeb3

SHA512
b960fa508edfcce49b57b20aa57cb8fc55b851759f40513cccedabbe3fa3254de4988f5c22d0744e7f2d5be7ee99ab880436441766c860677987f250dc0624a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4e6ab0390a6a9df32e8d703eb049cbde

SHA1
4e057165a37d875beee5b1297144f80dfff17731

SHA256
af852f73f8a68e8a626427e1da4f68587859256cd31bb7a77aee1e2621391a23

SHA512
c2349e1f52a6d250e540e59fc0538ea16f09dfa2024e218ef351c573e8257fb78b5fa897effc498e4175d2f261282a51b29c7fe944bcf74c44fb7a3ed249faa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
360cb7ac445d13da57bb9f56457fa785

SHA1
c60ecdda6b699ed343214f3e2283c95106c4187c

SHA256
864bf7b35b7c16109074ba3aeadca9a48fde8faade9c3b56b21a6b567d134c85

SHA512
cfb68a2ed0e1fadd30e3b07865b2ce1e5d883f2dd0c2448a7097bfe5ae5bc30834ff0f7797e62957aae999f6bdecee69bb8eff5256bbdb3bd6eaeb44bc85f9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d821d6f3223bcf796ce09101c52d1903

SHA1
76df384f40fa5573287ca3ccce6305da52403e2e

SHA256
143c6c9a1035333e4177568bb9b80d01a2725f74fba97c908e3db9c5c1dd04c0

SHA512
9fbc954a33fd8067cf87615937cf289bfee9dcefa5552776f71bd9feec2cae401728527d0314b5c6c0d56e0bc11a24a1a856783895602d6ad27de24b43c00eff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f911ab40b862a90b3feb926e7157b039

SHA1
1484e9f94148d5c47fcb0eaf99249ed070a8a192

SHA256
f4d5818001ae53f4a1b09c863fbaf710387fb9e733f747562c0ab3f8749b1b46

SHA512
6bfb26b237be2f440d428c4a123bd73af1b9ab2624a654f660d5d788d2ad1f4392d47f0984cc30518bce79697cae948d5fcdf6b10f3d2543f8e6b6d707aa2ae0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
590aaa9817fbf426a3944e61377f6ab5

SHA1
ac01c8a5423813d7104a1aa38f409c728cdc4219

SHA256
9cbc85c5a790967dd7ce58db09f52a416d1c58653b80267e93afab4ba07fbbee

SHA512
b4fbe13583c053f7a3ad775eea20f2daa297b254f7dfc58d1da120a344babebacfbf11a78864a755de6fcef6724db6a130fdaa2b198973ea7fb57befdb2c04b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c255a27c7f005f9d2310bda80e8ab1dc

SHA1
ce27121f63cc86dde0b4b0663ea75ed8dc277152

SHA256
508dcc66f11ee865ce17648b3f959847eebf70565299b185a6cd9e77ee47a26d

SHA512
ab16ecbc949f116d09a1ed9c8e5c3eb7f2a0be4f401e85e7bcb700eeed8e5e469adf8f74ec250fe1d39a9f9291304c39fb1cff559138b7e6da84af35488489ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
b660527d713123ba6d65a3860a6cf6db

SHA1
4cbc953c399813b9b85c2493fd21426af109fb8c

SHA256
9c1790606f270f07e366da20e3b7b402a9d342c9c2cefca3e383cb68b529a877

SHA512
e08938ada2b9214f579bd898bffc54049cd5bb376366a214adbabfb3bb59647a58c0a671f473d72f3508313279a64e020e337a15141bc8c8c91ddffdefcee8ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
8fbbe3bfa6ef363815149f1e9d5cbbdb

SHA1
789cd22bd9314588cb5f2b05366d906572a9bf30

SHA256
ce44733b1da2dff4f2e35c0944f3f48fbc160749e03acc0c6bf1c0fecb93bb94

SHA512
bf63fbec18b601ddfed5e08b3414f8fc2db5d4052b671fbf8db42ad5f3b21f536566bf17f6ecd463d2e282ccf6c4514bba3139a2e9a0e803a998c02c061ec759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ddd3ca389231d9da17dceca899732cb9

SHA1
40d6cf0bf47704ccd0fd906adce78b5d9f068313

SHA256
e6d1adbab3fb60aa10a74b35b9ed69dcecc1301ea934968ba1c4a318ec657ef2

SHA512
5ca38b57abe46dbe856cb964270c2c8e722e3be0f9e91950180ba6a435dfed267e1f0953d56feefbf5595a237e63ca8b4eda5069e172f3925fa391ebccd86779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bf8d6703c16364e23baa2460f44ea3e4

SHA1
fe415744d1af49d425f5f971c02929c00cc28b1d

SHA256
e14d653e9de5e25b3effe5ab61f09d30eb776bc4edeb632b87fe723cc7b59484

SHA512
cccaa3206fc68d58eada72ba5b3a526e22c2a736e28973c66a03ab56307d5e695d0d2c048bc9a833ac1515f680100be2da4f6cd5f510a85af61e60cb0c3ac699

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
d9437eb16bd8f341d4234e9c029f468e

SHA1
0bfd0dc75bef427a1666ebcadd5b79d0b5584e32

SHA256
9846a119a3249ce0ba80c5d222e19acfb00a8293f61631d839dd1e8d1ee9b497

SHA512
ae6cb6d2f720ec1cf0a3352356a2486900d759cbeea61947858c32cd098fe705e6aff10cb55ebdb14261d994f2ba36a11c365309a439218f76773d79f9de9dfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\da530456-775f-46dd-b53f-8d1ab7f37d22.tmp

Filesize
12KB

MD5
5b090a7ceb2bd68c60eec45fba5cbede

SHA1
2a528a81953d09b21cc0989fec9671300c859a3c

SHA256
dee8d24841d7c011187a78a2c1367c1b8d317b8f2448bcaed21bf20ef9a8ada8

SHA512
17aaff872d97fa5bde8caea6ef043efcd4e91f69ccb74ed9e67d95a38f68f746fcc595a8ebc90f0421e43048db369dd151630e6298b1c305a3277b030ae836a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
a5ada2b89d1e6a2e4b426512bb383abc

SHA1
3b3c6671601ffebf60b2d3dabc1ffcec50e34c2f

SHA256
6ecd60a36f4212ec417f241768e832a3bb09772ac86a8316715130fc405addbf

SHA512
509d7ca90ed46e7858ae536fe5fb92282cba8a02afa9d5b4aad0555c34e693c6ae483d8df71a95c30b943107360735d10efd8c67bf3b8fe89a473fde4e2f01f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
3035194554840c865e79d77b096ea166

SHA1
92b9067519726957c37b6ec0ad9619be5b091265

SHA256
82a63f84cafd258bd2fcabf42a4956c5bd938c3eceb06aaad5cafbc0452ac5fc

SHA512
3c6add0bba435349da56d1937d66222e98befd51f3944c7404802471e76c88cf563edc16fa93ef5ff7a0f56ea0a6d6c83cef697061aae310ca1188992914a7f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
a62c1b3778d6229c46fd4957bd580351

SHA1
b6fb3d761a8ba0e724e857bb8e8948bed64d8918

SHA256
da75238c72283feac59628e058cbb63fc6f8cd75dd7feb2dd1556d045dcf85ec

SHA512
a8d4338b6354b729c05c33b1dc4cb766b8fd45c3426f66a68680c1cc34526c92910732296a22f79b4ebd981514411db541c396b2717191e1e6e11c44aea1d415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
fcbecdaeb423c6bced45036da476b678

SHA1
d2171e82013c2b8436b02f8785974c8fe01c08a5

SHA256
a68364ab4d6f798c1f7fea9d445afb2ca4a5dd7c73ea239e515e30e89151e523

SHA512
53091878f7513ca44e0ccc4b64172434e9441c55ebb7cc6768ba76ca4f1de6b88008d281353141d6fca9675b328b45572741e1aefeb05e4108d360809cd53fe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
4a042455f9d8d324cc8bd2a7d2cdb7f2

SHA1
332b7f4c87cc25862a4822f6f6efa27015d04512

SHA256
382dcdb393733da8e9dc24ebbce026fa14408b2152d3cd0359677788e8e821d7

SHA512
fd9d35cc77da2c83dba844c0339c562a2d3e1c8ef0d6a3ae3bcc62bb34dca3339b34c784c34bffb484c069a478cff2e91f477af89af191a52dd944c5dfd2ae77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
845225d5d94888083656c263eca6596e

SHA1
b3a73a2b361f549dfc7278acf021988ae2f5d85a

SHA256
424be3dbb34c92f87b91093c9dc21ce670d65fdb30ac228017f805e47c61761c

SHA512
a819b4f4af5c697a1097d21e19ff5cf518eeb6ada21f789c4a73e708c91097dbe207b8dcac487082f61f1fcf8549764dfc4e222810c82e9940f978f988fc1bac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
afb41bcfb28d2f05feae536639668f11

SHA1
aef985fa1c3628bc5ea443111bbadfbed03a9dcf

SHA256
4de1e166fe047b4572868c46cae51d1635dc7f5c45829d76e1836a1a19994360

SHA512
a1da97f33a68fae35cbd01f9b1c833373e2c2420f4a2b263f32019d74a051cc67845d92e6e30d8e7d87c9b44e05a0c4c18dd9cb041358daecf1d9f5e9b5f6d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
b7a0fd15240428cc29bd3550692407db

SHA1
2bb9ae3e97823ff6cbefdc1bfa77d2afe1aa77a7

SHA256
296a8092a8a9b07e0d20dfadaf83d4f69582e4341ed4585f4068309c0c1552e9

SHA512
d331d0c80df31e8c0a9d2627cf4a75e1753f147ac6a8d758c0a4af28f3f6b905e0f49f43c564b09040c28f458870a6ec6e12fe9722e597abbd0a89840bfb00e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
d4a36cfaebce7c7f66f4da2eef63f3a9

SHA1
d0411b7a3bedcb636ba915d5937b6b899aee9589

SHA256
1d28363b24832eef2048906b53bb5758c3ff59814cf0db201b72dd5b999607d5

SHA512
a0855f13491cd6d68557e73cbc2b0ab921eec67a34344fe1e47f3eb0ece06d4aeb55734fda24de266a6ca412384b410ba59bc42c2b9d4d9e143913d9d9cab350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
44b554ac4643dce054279070c971f162

SHA1
b4eb74d4302537ed5059be77985b403eac77893e

SHA256
05326f6827078965aea1c61ad3b6ec3ee88d26d0222cd68aa5ca0208b21d763f

SHA512
79fb2bbfe8ba8e10f388d42ae51b21890ae97254ed3ee8b10e34474f0f15834a78034ae92d2e42692c96b7a5c87ad67d84fa4175986da393e0b186016d894c08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
8544597e91d188797af7ba4f657eafb2

SHA1
4173adaf1bd0caeb9a2001906080bd6b0dd1d823

SHA256
2977f52adcbdbec1f6c3e5b2f073b8bdd450cd5e3c92e57d43c67ab15df99449

SHA512
5d311a071522970d3efa67b440d39c24c42579e827617b6ca95b892cf44ce540b23869f5183d0e53e37276411f93fb5487fb5983b943b5c664623338a66fd275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1347cf452d3e99dba33b56ef8c3731ba

SHA1
4a715b27ba30c964cf01485548bd89f7527356be

SHA256
bd9d1b631173d0224a4525af41280a3c3a5ff4788a86aeecfcc014e93e8c4265

SHA512
8ed36fe368146b406d3d0e232d440a7bd1c4414bef57ad44188e3433f9b600301be089d7718b57e633c86d74b409a320d046976b6a72a152b6dbc196c5bb7219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a28bb0d36049e72d00393056dce10a26

SHA1
c753387b64cc15c0efc80084da393acdb4fc01d0

SHA256
684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

SHA512
20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
554d6d27186fa7d6762d95dde7a17584

SHA1
93ea7b20b8fae384cf0be0d65e4295097112fdca

SHA256
2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

SHA512
57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
680d2694eefe28cc28e61ecb5482fbd0

SHA1
1a7e0aa51240639684f985c3dae1b5573dce2865

SHA256
523032ee11e018e29c309cb55303a0a5795621a1ddbc595a21ec8a8b82fb36cf

SHA512
496869b18ed080c5610bd58e76811c6a0013813bf75de2b155ef525a4f1b2f1e910c26b120f00c8f83169b138e269446bb4e036ef155f870ba552bc9d54cf3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1022994fa9862425e6048c6f2476cc9a

SHA1
0964aa8698c215a3fb82a50379dd42cb2f4011e1

SHA256
7a0b8739e559b96e93fbf9eb0e8842b59492dc747e1a69165bf034d89c7ca639

SHA512
9cab83c1b80aaacec9f068872c58b293651f787c1679495d85a5c5fd81859827cdffb4d4bceac35abc0cebac7b4666254aaab87cfa31882c06c355b08e7f3657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c51b7dd66edf57dd7a6f37c4f820295

SHA1
4a550c53758ded18c1e1504fc09ee1e824a3b858

SHA256
b0cb549b760bb3fd310841a7687d64c202bd2b6b32c268d4e7ed1b7dbe6b8794

SHA512
c63535c94a324abd44534b8289878ed4c500b46692d260a35942e64bb72059f69b63b520e8f5324cd348c2635bf09895e6f980b8c9fd5c5200b4716b4f754f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
41KB

MD5
7978a9e6312aeef2fb75a5184b971312

SHA1
312d46ef07ed60cb3c48cd586a5189d4a7cb030d

SHA256
bbb5da7e7ba55a3059a77cdbad6147129d94d7ad45fd15f10ebea2bc4537f649

SHA512
e738bbf00a4218607c1d13aa06792bb3245fa7999a844cfdb251caeefe0c2df0be42b9bc2aa8497927161fcee6593d9e9f9d69cd02ca9b213350223c78ae5e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
214KB

MD5
ba958dfa97ba4abe328dce19c50cd19c

SHA1
122405a9536dd824adcc446c3f0f3a971c94f1b1

SHA256
3124365e9e20791892ee21f47763d3df116763da0270796ca42fd63ecc23c607

SHA512
aad22e93babe3255a7e78d9a9e24c1cda167d449e5383bb740125445e7c7ddd8df53a0e53705f4262a49a307dc54ceb40c66bab61bec206fbe59918110af70bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
27KB

MD5
6b5c5bc3ac6e12eaa80c654e675f72df

SHA1
9e7124ce24650bc44dc734b5dc4356a245763845

SHA256
d1d3f1ebec67cc7dc38ae8a3d46a48f76f39755bf7d78eb1d5f20e0608c40b81

SHA512
66bd618ca40261040b17d36e6ad6611d8180984fd7120ccda0dfe26d18b786dbf018a93576ebafe00d3ce86d1476589c7af314d1d608b843e502cb481a561348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cff32834ab7cb12ffabe698de344daa8

SHA1
00aaa0d1b992988c80e828a1846173f613852376

SHA256
9bfdfda51dbc5a5fbf4a0a95f700e063cc841bb94fd30e0bed0d3e69e8cdd047

SHA512
7c18f8d8107dbf097cf8139e2284696535a3038709707844bf6b94eac255c833ee1a66183e5c3717f95072aa0c2e2590595d9099203e8e9c74d7d54cab7ae257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0396f08610458742c364b1cbd36b512e

SHA1
5097aa059dc0155ec169c8ddf89457b5feb0a974

SHA256
0675bc1f18c21aec798af1746e9b3a3ff7de2b94cc99720433d011d57b1668bb

SHA512
8e1bc9228a94073193d949338a7af16f3738da6b53b1765f29473f0bc89344f457c0de07e0e84999ebd22143751290dd5938ef88c5f1559b9be45770ced493af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
17f5ddfa2d824cc2b0f385c097f60343

SHA1
62b2341f22ba83750dfcd45926c001a645179edf

SHA256
212923f69792c303e5be8a2fb87c0d5204f9480a5f59239ba4a7e657aae304c1

SHA512
daded149f181a5064a5ff3031f2aa2260c3f9930b8e8e8045f757706885e3f37c4d2190fe5a376dcddfe0aaed89be3d587606d593cc58fa82f95813802a39f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
63f3dab7476633ac76005408dedae91f

SHA1
6f710fe4ce9e4285fdc4ca425898ee3129755452

SHA256
2aeef9ed5fb42e56cde1b0f1afba495038ff229db6c3c75452fd151ab3b0d314

SHA512
f2b839a7963589301d7e674c07409089078154048fcb33028e73ebbf3a1193982a8ee4d6fab38b602ac6699d9ea8e5fbe36070ceb5f883e83134b5c7ede00b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0fb1a7440d0ebadcfdd40ca4bcffd58d

SHA1
4a50778ff6c381538a5f34936be8530b3a36653c

SHA256
6653751032c3754ea41b5f7ddf283a71812bda241cbe0221e7f851fb4aa66607

SHA512
760d3f991f6a3c827a320117eba21ea501abf20c6e8e696174ed5e1878d1ad95e721c523f93bc672ad939f6164e6da1f4a59c5377d211af7f2e41f0714f08f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9746d6be940883fcd2e34917711ba35f

SHA1
30710f703f45ea064fd471a169e29bccc938e35c

SHA256
d38c9f6647f9842a30baeca7803b94ebaca3cd5e3d9f62f06a922f8fa68e8df7

SHA512
3ec1afde50aa0ae844d7ff4bae5ba0d0bd98163ecedf26482633933960f90cefc511f064b0e379282bc17518aff21cd3311cdbb55ca76182f82fc1caad3dbdc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6854da5c1abe35d83a384e7dbfbf2f88

SHA1
395650eb30ba2a02bfaab1c774b192bae8e998e4

SHA256
5eba943493e4ebee1c16631f118cb0efe34b6f888dfd9f000bb2bcf9117b4cdc

SHA512
88c520a3ae2ced03983bd422d03d2c36b5a20c5fc305d6239c60adfc183ae52b28acd05d1f5113df034b94d47e027e83d81adcea9ca3b8479ddb1e24927a252a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9530e49c9b9014ab9b5290c16e001b56

SHA1
d9a1ad66c4bfd27a74707a9e18981f381fc3f5fe

SHA256
b445a0107f73fbaa8772fabec36ac3c3bf82e46bca0a40dd3d0c00455f89c516

SHA512
005f12f61480a0b737ab0016d87eae44025a3196afc9cd84d7b0f8af47b525f79d0f8171a4b279a720aedb79c76bf25badf6fe0f662ccada0e377a6d981fd898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ac7ee44a2ff8e3b3f03cba0df6a21732

SHA1
73c85193d1961ea681234f5869179f297b63e7af

SHA256
329d32f258f512ffd23795408f4bf5915400b48c8c7b3f1089944918c40abf94

SHA512
87f3d5c8a6f5d417f79ccc54c21bdb27aca8834a913f54df2c0b55e33c6b8227af8723b50d4d86c9d971acacf440598250063946ad8ef30c9322054bfb540c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65704405083dae5e3013ed98f4280749

SHA1
529af7b984fb37052a722b094ab1091cb6e92267

SHA256
ea52c71bf9c409373a961bdec4cb8734bbde1a7a58fcaeb39ab957a68dc095f9

SHA512
57873fb83628edfd2dd2a94c13ac46526b67ede23f26dab8c1fa6001509f0c75b4a90c1590e81d0cc385f6728c8a2528b2db04b8fa243a89c60216d11f00245d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
08193cbcd6e9bec527aa5dab1f01beb8

SHA1
f4460ddcf09d1ed4994adfbbb0aac76a2c0a04f4

SHA256
3a16a2498aef37ecb13341c169ddce92fcdd9986a95545b06ad20cb9004ffd01

SHA512
3cd0642f417b5529ec48bec272902f05f92fa9ba9e55380190d113a0f471087d82f9b59065de67dbeafd97944bf58e3b7ee6f1ed3e2d2e1c0defd1e2dcff8b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a82e5eec28050b33e94d210c76681a9d

SHA1
0c00a90925cdbb74ed1657e325a9a8c52b1f42d8

SHA256
fe5b8c34210d6e41b3dd0209dc19e652d0b7ed632604044202bc928bc54c9d7f

SHA512
f8f4eea2010bc4405179a5df8496c8bd8fdea1e1f6dd2c6dec14ee52b9dc1f059d29b4197aa280d9e95c4bf8e7c84e8bd27b2e4ac117016781e309177d0e89af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0fb17c55e88e974f628a56d96ae551a9

SHA1
8a9c33b6ce48b2a98885f60ce7dd8de048b9ffca

SHA256
b563ba4d8b80422c25aae5480deaad4372c735fe614afde85d8522716f05d3a0

SHA512
0b5e05970d706fb17e2903ac79419dc4af948023cfdb4d1e1ec9bdff5a721d5813297f4572d5d2d40db584b340c4ceee54ae95d82e6319dec51e457341261690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2be8924ff34c858209fad66f89377387

SHA1
c0393db2c54a0aff538083c48954081c799b7b9c

SHA256
dca6aa3f89decce8d3404939ca9062d77f4713d6da3caba8e60936133575b4c4

SHA512
09dbe5b7ec2737208c5e074b0ad08307e554dd74c571b6c2fa1cff7f01a9f00b1bda265d91fe4a7bd94d9174f299ab6acf38cc84758f1bc93543fc74f3f3cd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3280a9dd7247e22737c1575fe65d406c

SHA1
01610be3ef16158ae38ec6d6d6149de1c9bef2bf

SHA256
896216425b99ea8b345520fe0e5654cdcf89f0ac3422693243c6b0eb4d0f577e

SHA512
0ab924ad716e22acee1cace9bc3849163eccb8040399d320ae8cbcf7c67bd3d261eddd6411e7886360ae519e4c524705279dfad9f54948bcb3ed1c0675ec8cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe703abd.TMP

Filesize
48B

MD5
1270c62d1501e6d9e9af1db6da91e74f

SHA1
669b3bf1ad70565b8818fde4a64da706e8cb3c13

SHA256
2a548257968995d82f8a89ab667bc2f83a4698fece3f139ac31cd4546043f5b2

SHA512
23400717fc8cf4b523effd0955be33740bdcf6cb98394150e16168de16dc1c95d411d5cd2996910b0409206829c4036dfa6a118a594cafb0becc3e2db65dfcad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c21ab278fc2b54fa80957db5045b6cc8

SHA1
6955452568759c68fd1d09b2af092402e83f965e

SHA256
4e7487c4c495bd8807d815b256557c4d4e63cabe18fcd5c562ff385d870f0f8d

SHA512
10f1cd633d0a5b34fa85227244d08ff1dd7a823bcbcf2c8e5500826e7de3488fff08f5a8161e67aa795c3f76b2a8bb29963ea195022e847c46455e062fcd9df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b18feec5974ae5749044eb620ba5b1cf

SHA1
59cbef872ea40550439230ac6650573c2dff5077

SHA256
452804986c901609d2578e861a14d7d90abae3e6d865aecb7842a9cf114de0ea

SHA512
f0fe6b9ff5ad148a94ef3d95b0b8120c4d558d7389bea8fdcd518a49d73b6494f817f45b257ded373f13fdb0a06578b2665caaf436b058fb943012d2f2c20e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
46236e0a69ee1c01d379af4e09baa5aa

SHA1
4a58abe4c91cb7bd9105124749349483faad0911

SHA256
0f2b590c7cd9b87644aff2e8c13620c0e33ef230a2efb81d2c21a114c36f19ac

SHA512
c9ee2b79026eaace0f22aba0f5465fed68fdc0fe50c01c0e0ce9de87b452d8d81af2673718d7f1237542ff0f0f0443084c72c16bde9f4b08152e91cddc0cd504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e5f0b59f1f7ccbdf388b0f9dd908e28

SHA1
64ce9d9c1bf81012f32bb6a2f094caf843db6417

SHA256
6f247e283c91fed71f0e4d4aac21450154ffc80a8b8ce6b8f7b78679892a7186

SHA512
5dfd64f2f41e469f45046f2dc8a481729433cd44cdd441c6549a93744dca56525da9f597b6c7c1eaf9ab2c89f47cf04296332d1379ecc757142e5bbf0c0ff97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6d88c06754501935fbdb024471ca168b

SHA1
b9a5fb86c2fa0e9c99b3c1491bbcec6c965f42a9

SHA256
ab8d3e246a252a7cbb51e39fde50d5c370f3db6633396a42fc189b89900caef7

SHA512
22758d905b8e0daa0e44d95f139e3d07f63b0026a5d59e1175eee1c10e9d108fe99df276f5e67a338d8876ba89299e30883d2e448620131b4a792cc8dd401eed

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\W78K9TNJ\www.bing[1].xml

Filesize
326B

MD5
cdd2bdc4ba3db9834bde82ba75d6008f

SHA1
fd9dcb7c19cdceae16d603e21f702eafdddcf66c

SHA256
ff8f2a0fdf39a8d3990e483b0d6e50dad806eb0bafe31e3d5cc7eed091bdcc4a

SHA512
1d288e773c655804cb93ef76744bf4b72c2bdcb91603ffbedab9bae34976eaad5210c954baba5d5f29f8201389aedc22409c4680b7f29ea08b9e95bac19b9fdf

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\W78K9TNJ\www.bing[1].xml

Filesize
17KB

MD5
daf8afbc3d257766b0923e2f17cf5efa

SHA1
7253e598fe993da88e829abb9af004292e84c543

SHA256
a99edbb03f67abf88b8b3a6d2c2e6e7f88d5fb1675d438fc06f2a77b386032fe

SHA512
daae0139a34b33815c595512bdb28dbb0ff0d4389ade14c42f3629f7adf02a614d658df2f0f2839fd0ba3e978bae4cc09fc6208e96895d4f2414df829433a627

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\W78K9TNJ\www.bing[1].xml

Filesize
15KB

MD5
687ceea9ba7d81fa1a64d822b76a9394

SHA1
73a622af3c07006d07b1c3265eca718f7a9424ff

SHA256
e8cab842b3e79403507158753493a68e89553914971427abad36da7eba93c64c

SHA512
a6734846aa5e0bfd37253c6112138b4bb1997ab626248c8ed5f022abda6820fb62891cff12201548b51c774647c611089aef6736b4c090a6db36e7398d70dcd4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133832420755320202.txt

Filesize
69KB

MD5
b40e5d960db6eb577313b4675ebde9ca

SHA1
76dd7e3b68b975486c155690a73c4dce997daaf9

SHA256
8f213c67899c7ea906e61b9af3040758f8ca9d03673761834592102005dd6ede

SHA512
3664f1c2f14f27fbdebffab5e8b0f60ec58b71bc38fcf7027bcb21150775e12bab9e5de0783df44afc080aca8b7e2d55d7d44604b52341462604d63bc9385e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1772_345069905\0fa893d5-b8bf-49c4-9b05-7ad542a52d53.tmp

Filesize
150KB

MD5
240cd355e89ec1f3566bb2ef1f361dad

SHA1
2ade60eb20f0fb16657a4fb024d207a931dc927f

SHA256
1f0388d23a4d8492e2f9839392b22a6957deae8750b60ff860ee939811594295

SHA512
961fe2017949d185761d8491ab4f7f2ec3b0562cfb6fef202c34d685a87f2ea032f53d653e4c1d492dff1fb43d738e7727985738c1a956a1a18aae77a3d7f3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1772_345069905\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\wnIpiO72dIOc.exe

Filesize
3.2MB

MD5
7faa5ffa86c7629b995db9db9de5840e

SHA1
a5b83fe6745288cb6fa18450b3f9ad918fe90970

SHA256
ddda6f7397e8ebe11981b6ba137af2d99a72fe3ac1b14afee00737eca6738ed3

SHA512
7aa8e32117951be916c8f829f1f7ebae999292edf45abd4dc8ffab5a21a87ffdc956246b1c2aa62ece63fc39ef9eb7ee0d51fc1a797d0f5051ce0b9216e2633c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
11KB

MD5
7ce7a63024ada713f9f1ab1e6bb8def9

SHA1
b97deb8b3a15ba52505338f16d185b254c7daf02

SHA256
705738615cb12029551ffc8b4fcccb17111cdd027269f6a26089bcf6396d26f7

SHA512
54800f368ebd4181da15827f432465175bbafc2ed9db5d69e5d18182a5b45c5e20ecf237fb1637a31265a5ed6f6146947f7745d4b49391a04f364143b8ea159b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
13KB

MD5
6b9f683b4bff9ac8950e7ac204f980e0

SHA1
66ef0217e1db78d36a594c5a0951e10be481421b

SHA256
e503a055c6f9986c841232719c572bbdfddd7db1753686722ae996a05c890d18

SHA512
827e8f1a675f673492b60f56e29db875d19dc39ad82546423408a6a7a802a42f5276c28d2d2ff5def5a39699f1af10088441a7fb5abb73fd17dd93362fac0fe5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
15KB

MD5
8b912c8b1c1de3e83cd0434069cd1c9e

SHA1
dae2b0b0200929ee9f4043e12ff1d55e7e1c5762

SHA256
3c9045e1b023738eab3f0c08657d1558b52043909b64f1495895e14836c63bc9

SHA512
fe0afb120edbb64f79703e9f26b7115d4737b1b9ccc63434769e6ac449f21cdf7b650524c86b1185cc5eec85bc49cfdb0b50038c46a470ed67a8481cd43bdc32

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\client.bin

Filesize
3.1MB

MD5
f4d16cfe4cad388255e43f258329f805

SHA1
fe7cc6c9eb76b5ad97867b46d053fae601fd4a2d

SHA256
8fb6ae3496d4ac025eab443d3e322b0faa3461d25b54093c9205d35746e3250e

SHA512
867045eac0f7765e6bea51e62bc4ed68b1e81ce6c2843d2e08714eb391a8ac94c2571c09828286252248400ea5c12bffa50a25c8ec5ad9e6d0bb836320ec188f

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\quasar.p12

Filesize
4KB

MD5
2f0c8fc26e9e29198eeb505535e0442e

SHA1
8679049bb52fdecbbf82161a4015771745b309e5

SHA256
90cb00b56f0e8ace5e6d3771a124e198dd130ae42c30e31d08a1a07231362a0f

SHA512
9834fe447c92605836a6d174023f20b21b79e9755b2c46cfeba40e932359c801f30046ecf081794d94e60e173b8a2cd757fffa910243fa7d3c2a7989eb82c0f7

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

Filesize
372B

MD5
81d0d47d4aaee99e4e4eee625c7057bb

SHA1
073c15cec2fefb3003c9d17af7730e018bdfe6ef

SHA256
d913a4ba1154153fe45f5251112a206d70ebcda47152c80c14548e4a634b1f25

SHA512
d686edf8256bf57f5b252d6766fc23f6fdbe80eb46cececf0ff9d666e3ff08d5a1a399bfafdec1f1a5366102ef8181c510162683bf48a0a366cff73ee2b8691a

Download Submit
C:\Users\Admin\Desktop\Quasar v1.4.1\settings.xml

Filesize
422B

MD5
8048dbaeb07d00fb464c6593722ada14

SHA1
273d8e33a0e0972c466a9836da28a0a30625a59e

SHA256
1c5e1e02f152d9cbe4fc4d159c969358f83693e984f4922c9ef2b65ec79cf7a3

SHA512
0222ad6372baba1360e0dcb04af3c526d13c3ba6151b5bb776c7724672f0168761ce949145b33d575055d11ae8301642314cf828a0b55fbe85a5a8185475d2b5

Download Submit
C:\Users\Admin\Downloads\Quasar-master.zip.crdownload

Filesize
1.4MB

MD5
10e9e98b1e34511ed934908890a5a6e5

SHA1
0b82ffca06d2b9e4c20747eb14497b76bd5ea939

SHA256
4fd29e393c3b38ec8a90ff126bc692ead3a4b56e1269fc0d242a8cbbf25fa7fd

SHA512
70d4e11719eb39f949022f6740c8ef9862ac47769cec3f077856dc66179094b3d5d5922a471b2427251551f5e61cafe6c3548f3ebcff65765077c4c9b4147883

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 126718.crdownload

Filesize
2.4MB

MD5
9dc4f1f432d21a1b16b1ea956e976c49

SHA1
8dd8f2e19741ad3387110875969f89e8fdd7236c

SHA256
a69bc1b3ee708440bc5022a053b93f3622d22a677a472465d41b6240e5bccea3

SHA512
834808d6ef53dfd2f5c479abffb9fe3cdb6ec1bf8972bbd4bc855c6e097ba31955d6d9b38c71208d24b65ee1f73ce2a1a48246de3391c643d6987d9e75762b12

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 486151.crdownload

Filesize
2.7MB

MD5
cd4de7a9a97440100f4886c7b463a67d

SHA1
d624a57038639d6578871cee2ff2a383d7282486

SHA256
46ef8b210a36766f6c8847119088dce219baa7036699f687638a8fc77813f86a

SHA512
1bcff79a633a01c04f3af2f87e5895c4842de9c2952b8b04505cb23d40f142dc24c752834b122b886ae2eb8018f50818c273a9239b5e1ddeb4778d7e8f27e31d

Download Submit
C:\Windows\System32\DriverStore\Temp\{91125f9c-0bd6-8b43-8062-aacb2b636d41}\mbtun.cat

Filesize
10KB

MD5
8abff1fbf08d70c1681a9b20384dbbf9

SHA1
c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6

SHA256
9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658

SHA512
37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

Download Submit
C:\Windows\System32\DriverStore\Temp\{91125f9c-0bd6-8b43-8062-aacb2b636d41}\mbtun.sys

Filesize
107KB

MD5
83d4fba999eb8b34047c38fabef60243

SHA1
25731b57e9968282610f337bc6d769aa26af4938

SHA256
6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c

SHA512
47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
107KB

MD5
88ede923f0f5e03d6f3c28df13142540

SHA1
8c8122fd9fbdc3023124ba768f0db96f68d39ee8

SHA256
b43808fe1d8098a13dd7e6f611b3c7ac4ff1db238625ef9328f5499ac0863a80

SHA512
c63bcfca2aee1c1a8b12e565194cc3ba60ae2635f3f00742cf37def5846431b83764a8f83f1e244036ba484a2e3d6f20b8ec5dd9b109a6713fe56c7bab604025

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Windows\System32\drivers\MbamChameleon.sys

Filesize
226KB

MD5
0863c7e1aa4ae619862d21b9b10473ec

SHA1
efe9afac664bc0054f3d5440b34aae96b5e8fe31

SHA256
61fec3b75bb28bdbeb812f956efc634d200de86ef380d0492ca9f2e4a17222bf

SHA512
dd6bd35a30f6d71908ad882845b4dcd7fdeccfd53aa8e1a7dd1ad73a75ea08702c302b5012080fa4162ce898505d00a37187734504abe66ca20faa0e2e407e44

Download Submit
C:\Windows\System32\qq0pbq.exe

Filesize
7.2MB

MD5
f6d8913637f1d5d2dc846de70ce02dc5

SHA1
5fc9c6ab334db1f875fbc59a03f5506c478c6c3e

SHA256
4e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187

SHA512
21217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036

Download Submit
C:\Windows\SystemTemp\Tmp3771.tmp

Filesize
6KB

MD5
5971fb300f4516109687e84fca4a1fea

SHA1
f08bc88a29ff6d9ce6a2b6710af91110cb9501a9

SHA256
374b96a07bca2b45b39e892b3ca71d34586a2e86ee79e2aca302d797c260f852

SHA512
2be36e715413934801425af05118b8599d6d68c1a9b532208381a6570aa70f118d7dea5186b09fa6f4f49c9893c6c8326e2786f330df4c418ab52de06d3b86b2

Download Submit
C:\Windows\SystemTemp\Tmp39D3.tmp

Filesize
6KB

MD5
ea398e7de7b92f01cc2dc827ebf5f5a5

SHA1
34b2e707f19b72bbb0f2fd2a438724b28bb723e2

SHA256
838bac471c44667529f70ad9b1ffaa5820f684ac5a0cb76850e9634f48198d1f

SHA512
dfd8c1b3bc1d63b9d6ece2a8e32cb98150714a4d758ee7656123ddf31efb13931dcfcb8002a9f6c1e92b10b1aba8e7cc31414e6ea463e4da7baed412686fada7

Download Submit
C:\Windows\Temp\MBInstallTempabc0a5a3e3d211efb85a661b819d71ab\7z.dll

Filesize
1.6MB

MD5
3430e2544637cebf8ba1f509ed5a27b1

SHA1
7e5bd7af223436081601413fb501b8bd20b67a1e

SHA256
bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa

SHA512
91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

Download Submit
C:\Windows\Temp\MBInstallTempabc0a5a3e3d211efb85a661b819d71ab\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

Filesize
372B

MD5
d94cf983fba9ab1bb8a6cb3ad4a48f50

SHA1
04855d8b7a76b7ec74633043ef9986d4500ca63c

SHA256
1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

SHA512
09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

Download Submit
C:\Windows\Temp\MBInstallTempabc0a5a3e3d211efb85a661b819d71ab\ctlrpkg\mbae64.sys

Filesize
154KB

MD5
95515708f41a7e283d6725506f56f6f2

SHA1
9afc20a19db3d2a75b6915d8d9af602c5218735e

SHA256
321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

SHA512
d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

Download Submit
C:\Windows\Temp\MBInstallTempabc0a5a3e3d211efb85a661b819d71ab\dbclspkg\MBAMCoreV5.dll

Filesize
6.4MB

MD5
1cf882d4836df4238f2e35a23fb2899a

SHA1
f1fb485669de6f995195673866adf0da93fd7548

SHA256
6a3ccf58b14cd67e4a019f69a1a15e6e62774ec5e88b33fd902ad867419717b2

SHA512
f0994ac215046e12ae31dbc04fe433da97632e837431eb07bdde4fbb889a085b28247c3625e07b8dbf6ca79def5eb7b3ca9b2a214386d436fea2bfd9ad0bc756

Download Submit
C:\Windows\Temp\MBInstallTempabc0a5a3e3d211efb85a661b819d71ab\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.36\mscordaccore.dll

Filesize
1.3MB

MD5
3050af9152d6bb255c4b6753821bc32c

SHA1
7a20c030a6473422607661ffa996e34a245b3e2d

SHA256
97468531d7009e36c338b47fb19e0c6bf210f013610f413c852a4cc27e84b514

SHA512
ad07c4b0bb995e80a1718d74992afdeb6c2c4f217e72f361691e2d04dae9be9cd8e55b50fd7172d73755b02b6105c00a3b67534ba9469d92f9e0fbaab8e8f1a9

Download Submit
C:\Windows\Temp\MBInstallTempabc0a5a3e3d211efb85a661b819d71ab\servicepkg\MBAMService.exe

Filesize
9.0MB

MD5
a91250ee015e44503b78b787bd444558

SHA1
fe2257577e22f4a65115745a6624465258065e8e

SHA256
a43179b449c2bab069cfc055de0a3e9e5f3ba378fe4306c19f2b999325a2c7b2

SHA512
8e321a20d4bda5ad203e3880c0d4ec741b55ebb3c74250f365086dd338b61eafe79d746b53ac786fc2bb9defd21e36fddc1be50e11b89ae8b337568f2c939e36

Download Submit
C:\Windows\Temp\MBInstallTempabc0a5a3e3d211efb85a661b819d71ab\servicepkg\mbamelam.cat

Filesize
10KB

MD5
60608328775d6acf03eaab38407e5b7c

SHA1
9f63644893517286753f63ad6d01bc8bfacf79b1

SHA256
3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

SHA512
9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

Download Submit
C:\Windows\Temp\MBInstallTempabc0a5a3e3d211efb85a661b819d71ab\servicepkg\mbamelam.inf

Filesize
2KB

MD5
c481ad4dd1d91860335787aa61177932

SHA1
81633414c5bf5832a8584fb0740bc09596b9b66d

SHA256
793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

SHA512
d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

Download Submit
C:\Windows\Temp\MBInstallTempabc0a5a3e3d211efb85a661b819d71ab\servicepkg\mbamelam.sys

Filesize
20KB

MD5
9e77c51e14fa9a323ee1635dc74ecc07

SHA1
a78bde0bd73260ce7af9cdc441af9db54d1637c2

SHA256
b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

SHA512
a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

Download Submit
C:\Windows\Temp\tmp3048caaaaa

Filesize
114KB

MD5
5c7993a8e600de33cbf1403a8b425bef

SHA1
76f5d632b7972cdc87196345bdf44bee7781a4a5

SHA256
093f649f1a7758c37de6ed3792bfa26fbdd3fbbc5d366c188ca9043d9ddbf888

SHA512
a73c0d44b0dd343922a424dcbd49cf7a48e367b8c51c5c29df865e276ba0bdb06b667762ae9ad9e4af7b2cc98dbce6544ebf433cfe9159a1e34a8f5a40e19001

Download Submit
memory/2784-2186-0x000001FF5A290000-0x000001FF5A2DC000-memory.dmp

Filesize
304KB

Download
memory/2784-2287-0x000001FF5A300000-0x000001FF5A312000-memory.dmp

Filesize
72KB

Download
memory/2784-2184-0x000001FF5A240000-0x000001FF5A290000-memory.dmp

Filesize
320KB

Download
memory/2784-2185-0x000001FF5BB40000-0x000001FF5BBF2000-memory.dmp

Filesize
712KB

Download
memory/2784-2244-0x000001FF5DDF0000-0x000001FF5DE0A000-memory.dmp

Filesize
104KB

Download
memory/2784-2243-0x000001FF5FB60000-0x000001FF5FBBE000-memory.dmp

Filesize
376KB

Download
memory/2784-2152-0x000001FF3EEF0000-0x000001FF3F028000-memory.dmp

Filesize
1.2MB

Download
memory/2784-2153-0x000001FF3F470000-0x000001FF3F486000-memory.dmp

Filesize
88KB

Download
memory/2784-2163-0x000001FF5BF50000-0x000001FF5C27E000-memory.dmp

Filesize
3.2MB

Download
memory/2784-2183-0x000001FF5A1D0000-0x000001FF5A1E8000-memory.dmp

Filesize
96KB

Download
memory/2840-9055-0x000002255F0A0000-0x000002255F0C0000-memory.dmp

Filesize
128KB

Download
memory/2840-8938-0x000002252A240000-0x000002252A340000-memory.dmp

Filesize
1024KB

Download
memory/4980-2540-0x000000001DA70000-0x000000001DC23000-memory.dmp

Filesize
1.7MB

Download
memory/4980-2272-0x0000000000FA0000-0x00000000012C4000-memory.dmp

Filesize
3.1MB

Download
memory/4980-2322-0x000000001DA70000-0x000000001DC23000-memory.dmp

Filesize
1.7MB

Download
memory/4980-2274-0x000000001CDE0000-0x000000001CE1C000-memory.dmp

Filesize
240KB

Download
memory/4980-2298-0x000000001DA70000-0x000000001DC23000-memory.dmp

Filesize
1.7MB

Download
memory/4980-2273-0x000000001CD20000-0x000000001CD32000-memory.dmp

Filesize
72KB

Download
memory/4980-2300-0x000000001DA70000-0x000000001DC23000-memory.dmp

Filesize
1.7MB

Download
memory/4980-2311-0x000000001DA70000-0x000000001DC23000-memory.dmp

Filesize
1.7MB

Download
memory/4980-2321-0x000000001DA70000-0x000000001DC23000-memory.dmp

Filesize
1.7MB

Download
memory/4980-2541-0x000000001DA70000-0x000000001DC23000-memory.dmp

Filesize
1.7MB

Download
memory/4980-2288-0x000000001DA70000-0x000000001DC23000-memory.dmp

Filesize
1.7MB

Download
memory/6604-7502-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6604-7504-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6604-7503-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6604-7514-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6604-7513-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6604-7512-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6604-7511-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6604-7510-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6604-7509-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6604-7508-0x00000137FBDB0000-0x00000137FBDB1000-memory.dmp

Filesize
4KB

Download
memory/6656-8872-0x000000001D090000-0x000000001D243000-memory.dmp

Filesize
1.7MB

Download
memory/6656-8875-0x000000001D090000-0x000000001D243000-memory.dmp

Filesize
1.7MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads