Malware Analysis Report

2025-08-05 14:14

Sample ID 230816-l87h8aca2t
Target test.exe
SHA256 781ecb1f7366bf4ae82fc447898d1ec82f49a48787dff6b0bfb9a0f69e85c354
Tags
quasar office persistence phishing spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

781ecb1f7366bf4ae82fc447898d1ec82f49a48787dff6b0bfb9a0f69e85c354

Threat Level: Known bad

The file test.exe was found to be: Known bad.

Malicious Activity Summary

quasar office persistence phishing spyware stealer trojan

Detected phishing page

Suspicious use of NtCreateUserProcessOtherParentProcess

Quasar RAT

Quasar payload

Quasar family

Downloads MZ/PE file

Sets service image path in registry

Drops file in Drivers directory

Registers COM server for autorun

Executes dropped EXE

Reads user/profile data of web browsers

Loads dropped DLL

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

Modifies system certificate store

NTFS ADS

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-16 10:13

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-08-16 10:13

Reported

2023-08-16 10:18

Platform

win10v2004-20230703-de

Max time kernel

290s

Max time network

313s

Command Line

C:\Windows\Explorer.EXE

Signatures

Detected phishing page

phishing

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 3764 created 3268 N/A C:\Users\Admin\Downloads\MBSetup.exe C:\Windows\Explorer.EXE

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\DRIVERS\SET3C69.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET4062.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET3C69.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET5E3C.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET5E3C.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET60CE.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET60CE.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\SET493C.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET493C.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\SET4062.tmp C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMChameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-1.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-2.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-3.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-4.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-6.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-7.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-8.exe N/A
N/A N/A C:\Windows\system32\compattelrunner.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-10.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-11.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-12.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-13.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-14.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-15.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-16.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-17.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-18.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-19.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-20.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-21.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-22.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-23.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-24.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-25.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-26.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-27.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-28.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-29.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-30.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-31.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-32.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-33.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-34.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-35.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-36.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-37.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-38.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-39.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-40.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-41.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-42.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-43.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-44.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-45.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-46.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-47.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-48.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-49.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A

Reads user/profile data of web browsers

spyware stealer

Registers COM server for autorun

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LOCALSERVER32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Control.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\ApplicationWindow.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Popup.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\question.png C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_nl.qm C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\MenuBarStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\SliderStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\SwitchStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-21.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-37.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\plugins.qmltypes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\CheckIndicator.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\DelayButton.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-3.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Label.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\MenuBarItem.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\qtquickcontrols2plugin.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\icons.ttf C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\TableViewStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\CheckDelegate.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtWebEngineProcess.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-25.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\knob.png C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\TextFieldStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\plugins.qmltypes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\TextField.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmldir C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\TextSingleton.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\arrow-down.png C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-31.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-32.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-34.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbamelam.inf C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\ModalPopupBehavior.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Pane.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-19.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\3de760a7-3f8a-4710-87b2-c7f32d5c560a C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\check.png C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\ToolBar.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\ScrollBar.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\plugins.qmltypes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQml\qmlplugin.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\ComboBoxStyle.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\CheckIndicator.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\RangeSlider.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\ScrollBar.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\Dialog.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\ToolTip.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\ScrollView.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_pl.qm C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\AbstractCheckable.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\[email protected] C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\CheckBox.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\TextArea.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\Dial.qml C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\security\logs\scecomp.log C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\system32\WerFault.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\MY C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FEFED84-854E-4029-A986-1D7774D4CF7D}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3B42C782-9650-4EFF-9618-91118DF96061}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F418F2F6-5173-4E4F-80EF-AF21E516C461}\ = "ITelemetryControllerV10" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869} C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A993F934-6341-4D52-AB17-F93184A624E4}\TypeLib C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00}\ = "ISPControllerV2" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.CloudController.1\CLSID\ = "{BF474111-9116-45C6-AF53-209E64F1BB53}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FB37514-21FA-4B2C-94DA-1562126E9F5F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76AD4430-9C5C-4FC2-A15F-4E16ACD735AC}\TypeLib\Version = "1.0" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4EA13DC-F9D2-4DB9-A19F-2B462FFC81F3}\TypeLib\ = "{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1D8E799-D5A2-45B4-9524-067144A201E4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9185897A-76F4-4083-A02C-5FFC2A51F6D4}\ = "ICleanControllerV10" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E32ABD9A-1CBD-44A5-8A62-55D347D3C4F0}\TypeLib\Version = "1.0" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0F2D6C4F-0B95-4A53-BA9D-55526737DC34} C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55E4B8FB-921C-4751-8B2D-AE33BD7D0B74} C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5250E5C8-A09C-4F87-A0DA-A46A62A0EACF}\ProxyStubClsid32 C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2870643-0645-41F9-BCCB-F5969386162C}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{81541635-736E-4460-81AA-86118F313CD5}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DB82CDC6-F12A-4156-8DBF-EC7465B9C0B9} C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E41AC038-1688-417F-BE23-52D898B93903}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E90361FE-F6B5-43E8-99F7-1BD40500981F}\ProxyStubClsid32 C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A3E14F0-01F5-492E-AA97-3D880941D814}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.SPController.1\ = "SPController Class" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2058A31F-5F59-4452-9204-03F588252FFC}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{61964EBA-D9C0-4834-B01C-A6133F432BB1}\ = "IScanParametersV6" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4215DAB-7574-44DE-8BE9-78CC62597C95}\TypeLib\Version = "1.0" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController\ = "MBAMServiceController Class" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E0F1EE6-E7CA-4BEE-8C08-0959842DA615}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94E6A9DF-4AAB-48E7-8A94-65CA2481D1F6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B14402F-4F35-443E-A34E-0F511098C644}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55E4B8FB-921C-4751-8B2D-AE33BD7D0B74}\ = "_IMWACControllerEventsV6" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34544A67-823A-484D-8E18-371AFEAEC02E}\TypeLib C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00}\TypeLib\ = "{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\ProgID\ = "MB.TelemetryController.1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9442AA1-AEB8-4FB4-B998-BFBC37BA8A99}\TypeLib C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B42C782-9650-4EFF-9618-91118DF96061}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0F2D6C4F-0B95-4A53-BA9D-55526737DC34}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{09F245DA-55E7-451E-BDF3-4EE44637DFF1}\ProxyStubClsid32 C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}\1.0\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869}\TypeLib\Version = "1.0" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B5186B66-AE3D-4EC4-B9F5-67EC478625BE}\TypeLib\Version = "1.0" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C710FA9-862A-40CF-9F54-063EF8FC8438}\TypeLib C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD6673C7-8E52-46EE-80B8-58F3FB6AA036}\TypeLib\Version = "1.0" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3641B831-731C-4963-B50B-D84902285C26}\ = "ICleanControllerV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AFC6D7FD-62B9-4016-9674-53BAC603E9FC}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DFD7E94-47E6-483A-B4FD-DC586A52CE5D} C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5BA2811A-EE5B-44DF-81CD-C75BB11A82D4}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00}\TypeLib C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A993F934-6341-4D52-AB17-F93184A624E4}\ProxyStubClsid32 C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC97FF29-5CE2-4897-8175-94672057E02D}\TypeLib\Version = "1.0" C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EABA01A8-8468-430A-9D6E-4C9F1CE22C88}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A05281-DB9E-4E02-9680-E4D83CDAA6AB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 1900000001000000100000001453ecde791c95bb23a22893e83ab8cd0f0000000100000030000000d746a5bf1663a495fb88bbe77dbce6a325c994a696299331ef4c5afa26c00970bacdd3d3b49db055b6582b5d1a54b7af0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a140000000100000014000000b00cf04c30f405580248fd33e552af4b84e366522000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b05030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0f00000001000000200000006d29dbed0025d7540e14e4110aefa547c48fc75c85e2180b6038f18e126cb74f0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 140000000100000014000000b00cf04c30f405580248fd33e552af4b84e366520300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a0f0000000100000030000000d746a5bf1663a495fb88bbe77dbce6a325c994a696299331ef4c5afa26c00970bacdd3d3b49db055b6582b5d1a54b7af2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 190000000100000010000000f933477d7483263afe071268578f9e420f0000000100000030000000e0da58676e3a50de9d8cb3aa5ffeffdae691ba9705b3abe41a09270d63a3284f58247ce20d354b579eb548755912e833030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be140000000100000014000000d3ecc73a656ecce1da769a56fb9cf3866d57e5812000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0f00000001000000200000006fc4b8ac3d2b52c08baf56255e43d22c762962e4facab01ace16d48ec008be0a0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 19000000010000001000000094ba2a8e68434595d5aff46246c54c120f00000001000000200000006fc4b8ac3d2b52c08baf56255e43d22c762962e4facab01ace16d48ec008be0a0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede161400000001000000140000008418cc8534ecbc0c94942e08599cc7b2104e0a082000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 190000000100000010000000e9fe3f941400b279d238b701cb8c891e0f00000001000000200000006d29dbed0025d7540e14e4110aefa547c48fc75c85e2180b6038f18e126cb74f0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e140000000100000014000000abb6dbd7069e37ac3086079170c79cc419b178c02000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 140000000100000014000000d3ecc73a656ecce1da769a56fb9cf3866d57e581030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be0f0000000100000030000000e0da58676e3a50de9d8cb3aa5ffeffdae691ba9705b3abe41a09270d63a3284f58247ce20d354b579eb548755912e8332000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 1400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b27030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b052000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 1400000001000000140000008418cc8534ecbc0c94942e08599cc7b2104e0a080300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede160f00000001000000200000006fc4b8ac3d2b52c08baf56255e43d22c762962e4facab01ace16d48ec008be0a2000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 19000000010000001000000060e2dc65295f1062e558f3fef235ed3c0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b05030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e1400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b272000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 140000000100000014000000abb6dbd7069e37ac3086079170c79cc419b178c00300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e0f00000001000000200000006d29dbed0025d7540e14e4110aefa547c48fc75c85e2180b6038f18e126cb74f2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 0f0000000100000030000000e0da58676e3a50de9d8cb3aa5ffeffdae691ba9705b3abe41a09270d63a3284f58247ce20d354b579eb548755912e833030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0f0000000100000030000000d746a5bf1663a495fb88bbe77dbce6a325c994a696299331ef4c5afa26c00970bacdd3d3b49db055b6582b5d1a54b7af0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: 33 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeTcbPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1092 wrote to memory of 4720 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 1116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 1116 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 2384 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4720 wrote to memory of 1968 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\test.exe

"C:\Users\Admin\AppData\Local\Temp\test.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.0.2097140439\1245449122" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d955819-ebed-49dc-9d86-d481c05af8e7} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 1976 21c59bdd658 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.1.472542743\969268322" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 20896 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4cc899-ff1e-4ec3-b64b-285c3ee9ab79} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 2376 21c59afa258 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.2.781093411\396274647" -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 2964 -prefsLen 20999 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f53f4ae-c0f9-4fa4-bd40-3c28a486a196} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 3136 21c5ddc0f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.3.1471972689\1175192179" -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 3588 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59a11cfc-db56-4895-abb8-1f278dbe7ae1} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 3600 21c4d367558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.4.819258043\125952070" -childID 3 -isForBrowser -prefsHandle 3988 -prefMapHandle 3976 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37927d79-4cba-4f75-9638-6832c3bab97c} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 4004 21c5c3cfb58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.5.1196762492\1755549934" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5092 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3477ab-8b80-4a9e-95fe-4e3210fed6e0} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 4996 21c6018e858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.6.785849160\501747901" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b58c239-5d58-4c7e-affb-9c4a131b3514} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5220 21c6018e558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.7.1864393452\1397737199" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6636d982-7e9d-4ef1-894c-c5cce04882b1} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5408 21c6018ee58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.8.6054291\884988114" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 5744 -prefsLen 26656 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bca353d-cd58-41eb-b305-462c5d5791d2} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5772 21c5e82b558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.9.1433745680\2104853739" -childID 8 -isForBrowser -prefsHandle 5856 -prefMapHandle 2848 -prefsLen 26831 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f13c8752-caca-45b5-8914-214be10aa371} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5864 21c613eb058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.10.1489671707\1092353454" -parentBuildID 20221007134813 -prefsHandle 6632 -prefMapHandle 6636 -prefsLen 27096 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36e58a96-66a4-48e2-85d3-86d3459d3c24} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 6656 21c6148b658 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.11.1900729897\2016507144" -childID 9 -isForBrowser -prefsHandle 10012 -prefMapHandle 10004 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a15c93db-49f9-4587-bbaa-e6f297aa111c} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 10028 21c62c47158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.13.1600424536\1121145318" -childID 11 -isForBrowser -prefsHandle 6488 -prefMapHandle 6484 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d768a0f-28c0-47db-8825-3ce293233ed5} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 9736 21c630f1558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.12.1441030122\1933489611" -childID 10 -isForBrowser -prefsHandle 4864 -prefMapHandle 4860 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56d5e775-cd4f-44ff-8351-3c62a0bff7d3} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 4872 21c5fb58658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.14.1371595732\80476893" -childID 12 -isForBrowser -prefsHandle 6428 -prefMapHandle 9832 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bc49322-a931-4b53-a794-76082cebebff} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 9816 21c6383ae58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.15.1187987794\1123151461" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6172 -prefMapHandle 4000 -prefsLen 27096 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84724cca-7236-4c61-ad52-ab955645b10f} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 6192 21c60e38e58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.16.1680565873\1245457093" -childID 13 -isForBrowser -prefsHandle 6556 -prefMapHandle 6560 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ec5c61-afc6-43f5-9f42-1961ff3908d7} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 9616 21c638f8058 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-1.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-2.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-3.exe

ig.exe reseed

C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-4.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-6.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-7.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-8.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-9.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-10.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-11.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-12.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-13.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-14.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-15.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-16.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-17.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-18.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-19.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-20.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-21.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-22.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-23.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-24.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-25.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-26.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-27.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-28.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-29.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-30.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-31.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-32.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-33.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-34.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-35.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-36.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-37.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-38.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-39.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-40.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-41.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-42.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-43.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-44.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-45.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-46.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-47.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-48.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-49.exe

ig.exe reseed

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"

C:\Windows\system32\compattelrunner.exe

C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x504 0x458

C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe

"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe" -trialEndedFreeBenefits

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 408 -p 1160 -ip 1160

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 1160 -s 2452

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3967055 /state1:0x41c64e6d

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status off true /updatesubstatus none /scansubstatus recommended /settingssubstatus none

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 126.130.241.8.in-addr.arpa udp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 169.15.67.3.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 ipwho.is udp
CA 108.181.98.179:443 ipwho.is tcp
US 8.8.8.8:53 179.98.181.108.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
N/A 127.0.0.1:60412 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:60420 tcp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 44.240.235.3:443 shavar.services.mozilla.com tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 3.235.240.44.in-addr.arpa udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 37.158.120.34.in-addr.arpa udp
US 8.8.8.8:53 eset.com udp
SK 91.228.166.47:80 eset.com tcp
SK 91.228.166.47:80 eset.com tcp
US 8.8.8.8:53 eset.com udp
US 8.8.8.8:53 eset.com udp
US 8.8.8.8:53 www.eset.com udp
NL 23.72.252.144:443 www.eset.com tcp
US 8.8.8.8:53 a1281.dscr.akamai.net udp
US 8.8.8.8:53 a1281.dscr.akamai.net udp
US 8.8.8.8:53 144.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 47.166.228.91.in-addr.arpa udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 api.eset.com udp
US 8.8.8.8:53 api.gtm.eset.com udp
US 52.4.210.140:443 api.gtm.eset.com tcp
US 52.4.210.140:443 api.gtm.eset.com tcp
US 8.8.8.8:53 api.gtm.eset.com udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 140.210.4.52.in-addr.arpa udp
US 8.8.8.8:53 sgtm.eset.com udp
US 8.8.8.8:53 sgtm.gtm.eset.com udp
US 8.8.8.8:53 cdn.esetstatic.com udp
US 8.8.8.8:53 sgtm.gtm.eset.com udp
US 13.107.246.67:443 cdn.esetstatic.com tcp
US 13.107.246.67:443 cdn.esetstatic.com tcp
US 13.107.246.67:443 cdn.esetstatic.com tcp
US 8.8.8.8:53 part-0039.t-0009.t-msedge.net udp
US 13.107.246.67:443 part-0039.t-0009.t-msedge.net tcp
US 8.8.8.8:53 part-0039.t-0009.t-msedge.net udp
US 8.8.8.8:53 widget.trustpilot.com udp
NL 108.156.60.21:443 widget.trustpilot.com tcp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
US 8.8.8.8:53 dpm.demdex.net udp
IE 34.254.142.64:443 dpm.demdex.net tcp
US 8.8.8.8:53 dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com udp
US 52.4.210.140:443 api.gtm.eset.com tcp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 21.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 64.142.254.34.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 tags.w55c.net udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 embed.tawk.to udp
US 172.67.38.66:443 embed.tawk.to tcp
US 8.8.8.8:53 embed.tawk.to udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 embed.tawk.to udp
US 8.8.8.8:53 dxedge-prod-lb-946522505.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 static-cdn.hotjar.com udp
US 8.8.8.8:53 invitejs.trustpilot.com udp
US 8.8.8.8:53 dxedge-prod-lb-946522505.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 front.optimonk.com udp
US 8.8.8.8:53 refer.eset.com udp
US 8.8.8.8:53 front.optimonk.com udp
US 8.8.8.8:53 front.optimonk.com udp
US 8.8.8.8:53 invitejs.trustpilot.com udp
US 8.8.8.8:53 eset.extole.io udp
US 8.8.8.8:53 invitejs.trustpilot.com udp
NL 108.156.60.77:443 invitejs.trustpilot.com tcp
DE 157.245.25.14:443 front.optimonk.com tcp
US 54.163.62.180:443 eset.extole.io tcp
US 8.8.8.8:53 eset.extole.io udp
US 172.67.38.66:443 embed.tawk.to udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 154.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 66.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 77.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 14.25.245.157.in-addr.arpa udp
US 8.8.8.8:53 180.62.163.54.in-addr.arpa udp
GB 157.240.240.1:443 scontent.xx.fbcdn.net tcp
US 52.23.88.72:443 dxedge-prod-lb-946522505.us-east-1.elb.amazonaws.com tcp
NL 52.222.139.110:443 static-cdn.hotjar.com tcp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
GB 157.240.240.1:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 110.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.240.240.157.in-addr.arpa udp
US 8.8.8.8:53 72.88.23.52.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
NL 13.227.219.28:443 script.hotjar.com tcp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 gs-cdn.optimonk.com udp
IN 103.180.115.9:443 gs-cdn.optimonk.com tcp
US 8.8.8.8:53 om-cdn-jfsdk.b-cdn.net udp
US 8.8.8.8:53 om-cdn-jfsdk.b-cdn.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 buy.eset.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 13.107.246.67:443 buy.eset.com tcp
US 8.8.8.8:53 acsbapp.com udp
IN 103.180.115.9:443 om-cdn-jfsdk.b-cdn.net udp
US 172.67.11.155:443 acsbapp.com tcp
US 8.8.8.8:53 acsbapp.com udp
US 8.8.8.8:53 www.mczbf.com udp
US 8.8.8.8:53 acsbapp.com udp
US 8.8.8.8:53 28.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 9.115.180.103.in-addr.arpa udp
US 8.8.8.8:53 dcjdc5qmbbux7.cloudfront.net udp
US 8.8.8.8:53 bd89567e8d1d4727932403fd80578a58.js.ubembed.com udp
US 8.8.8.8:53 wc.js.ubembed.com.cdn.cloudflare.net udp
US 8.8.8.8:53 dcjdc5qmbbux7.cloudfront.net udp
US 8.8.8.8:53 wc.js.ubembed.com.cdn.cloudflare.net udp
NL 108.156.60.38:443 dcjdc5qmbbux7.cloudfront.net tcp
US 104.18.10.150:443 wc.js.ubembed.com.cdn.cloudflare.net tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com udp
US 8.8.8.8:53 cdn.acsbapp.com udp
NL 108.156.60.38:443 dcjdc5qmbbux7.cloudfront.net tcp
US 172.67.11.155:443 cdn.acsbapp.com tcp
US 8.8.8.8:53 cdn.acsbapp.com udp
US 8.8.8.8:53 cdn.acsbapp.com udp
US 8.8.8.8:53 assets.ubembed.com udp
US 18.65.39.4:443 assets.ubembed.com tcp
US 8.8.8.8:53 assets.ubembed.com udp
US 8.8.8.8:53 assets.ubembed.com udp
US 8.8.8.8:53 155.11.67.172.in-addr.arpa udp
US 8.8.8.8:53 38.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 150.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 4.39.65.18.in-addr.arpa udp
US 172.67.38.66:443 embed.tawk.to udp
US 8.8.8.8:53 ssitecat.eset.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.155:443 stats.g.doubleclick.net udp
US 63.140.62.164:443 ssitecat.eset.com tcp
US 8.8.8.8:53 eset.com.ssl.sc.omtrdc.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 eset.com.ssl.sc.omtrdc.net udp
US 8.8.8.8:53 155.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 164.62.140.63.in-addr.arpa udp
US 8.8.8.8:53 va.tawk.to udp
US 104.22.25.131:443 va.tawk.to tcp
US 8.8.8.8:53 va.tawk.to udp
US 104.22.25.131:443 va.tawk.to udp
US 8.8.8.8:53 va.tawk.to udp
US 8.8.8.8:53 eset.demdex.net udp
US 8.8.8.8:53 cm.everesttech.net udp
IE 52.18.94.124:443 eset.demdex.net tcp
US 8.8.8.8:53 eset.tt.omtrdc.net udp
US 8.8.8.8:53 dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 cm.everesttech.net.akadns.net udp
US 66.235.152.126:443 eset.tt.omtrdc.net tcp
US 8.8.8.8:53 adobetarget.data.adobedc.net udp
US 104.22.25.131:443 va.tawk.to udp
US 8.8.8.8:53 cm.everesttech.net.akadns.net udp
US 8.8.8.8:53 adobetarget.data.adobedc.net udp
IE 52.49.221.144:443 cm.everesttech.net.akadns.net tcp
US 8.8.8.8:53 131.25.22.104.in-addr.arpa udp
US 8.8.8.8:53 124.94.18.52.in-addr.arpa udp
US 8.8.8.8:53 126.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 144.221.49.52.in-addr.arpa udp
NL 20.31.122.183:443 sgtm.gtm.eset.com tcp
US 8.8.8.8:53 sgtm.gtm.eset.com udp
US 8.8.8.8:53 front.optimonk.com udp
US 8.8.8.8:53 analytics.google.com udp
NL 216.58.214.14:443 analytics.google.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 jfapiprod.optimonk.com udp
US 8.8.8.8:53 jfapiprod.optimonk.com udp
US 8.8.8.8:53 jfapiprod.optimonk.com udp
US 34.117.177.207:443 jfapiprod.optimonk.com tcp
NL 216.58.214.14:443 analytics.google.com udp
US 8.8.8.8:53 vsb77.tawk.to udp
US 34.117.177.207:443 jfapiprod.optimonk.com udp
US 8.8.8.8:53 vsb77.tawk.to udp
US 8.8.8.8:53 vsb77.tawk.to udp
US 172.67.38.66:443 vsb77.tawk.to tcp
US 8.8.8.8:53 www.redditstatic.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 a1916.dscg2.akamai.net udp
US 8.8.8.8:53 8117415.fls.doubleclick.net udp
US 8.8.8.8:53 bat.bing.com udp
NL 142.250.179.134:443 8117415.fls.doubleclick.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 204.79.197.200:443 bat.bing.com tcp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 8.8.8.8:53 img.en25.com udp
DE 184.24.21.236:443 img.en25.com tcp
US 8.8.8.8:53 e5763.x.akamaiedge.net udp
US 8.8.8.8:53 183.122.31.20.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 207.177.117.34.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 e5763.x.akamaiedge.net udp
US 8.8.8.8:53 scout-cdn.salesloft.com udp
US 104.17.1.41:443 scout-cdn.salesloft.com tcp
US 8.8.8.8:53 scout-cdn.salesloft.com.cdn.cloudflare.net udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 8.8.8.8:53 scout-cdn.salesloft.com.cdn.cloudflare.net udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 8.8.8.8:53 ws.zoominfo.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 104.17.1.41:443 scout-cdn.salesloft.com.cdn.cloudflare.net udp
US 8.8.8.8:53 reddit.map.fastly.net udp
NL 88.221.25.184:443 a1916.dscg2.akamai.net tcp
US 13.107.246.67:443 www.clarity.ms tcp
US 104.16.168.82:443 ws.zoominfo.com tcp
US 151.101.1.140:443 reddit.map.fastly.net tcp
US 104.16.168.82:443 ws.zoominfo.com udp
US 8.8.8.8:53 s786665.t.eloqua.com udp
US 8.8.8.8:53 p06a.t.eloqua.com udp
US 8.8.8.8:53 p06a.t.eloqua.com udp
US 8.8.8.8:53 scout.salesloft.com udp
US 54.146.165.204:443 scout.salesloft.com tcp
US 8.8.8.8:53 scout.us1.salesloft.com udp
US 8.8.8.8:53 236.21.24.184.in-addr.arpa udp
US 8.8.8.8:53 41.1.17.104.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 184.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 82.168.16.104.in-addr.arpa udp
US 8.8.8.8:53 scout.us1.salesloft.com udp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 8.8.8.8:53 cdn-asset.optimonk.com udp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
IN 103.180.115.9:443 cdn-asset.optimonk.com tcp
US 34.117.177.207:443 jfapiprod.optimonk.com udp
US 8.8.8.8:53 cdn-renderer.optimonk.com udp
US 8.8.8.8:53 om-cdn-assets.b-cdn.net udp
US 8.8.8.8:53 om-cdn-assets.b-cdn.net udp
IN 103.180.115.10:443 cdn-renderer.optimonk.com tcp
US 8.8.8.8:53 om-cdn-renderer.b-cdn.net udp
US 8.8.8.8:53 om-cdn-renderer.b-cdn.net udp
US 8.8.8.8:53 cdn.linkedin.oribi.io udp
NL 52.222.139.92:443 cdn.linkedin.oribi.io tcp
US 8.8.8.8:53 d1ni990a184w7d.cloudfront.net udp
US 8.8.8.8:53 d1ni990a184w7d.cloudfront.net udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 l-0005.l-msedge.net udp
US 151.101.1.229:443 jsdelivr.map.fastly.net udp
NL 192.29.202.14:443 p06a.t.eloqua.com tcp
IE 68.219.88.97:443 c-msn-com-nsatc.trafficmanager.net tcp
US 13.107.42.14:443 l-0005.l-msedge.net tcp
US 8.8.8.8:53 204.165.146.54.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 14.202.29.192.in-addr.arpa udp
US 8.8.8.8:53 10.115.180.103.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 92.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 eset.extole.io udp
US 8.8.8.8:53 w.clarity.ms udp
US 8.8.8.8:53 clarity-ingest-eus-e-sc.eastus.cloudapp.azure.com udp
US 23.96.124.156:443 clarity-ingest-eus-e-sc.eastus.cloudapp.azure.com tcp
US 8.8.8.8:53 clarity-ingest-eus-e-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 origin.xtlo.net udp
US 8.8.8.8:53 origin.xtlo.net udp
US 204.79.197.200:443 dual-a-0001.a-msedge.net tcp
US 18.239.94.55:443 origin.xtlo.net tcp
US 8.8.8.8:53 malwarebytes.com udp
US 8.8.8.8:53 156.124.96.23.in-addr.arpa udp
US 8.8.8.8:53 origin.xtlo.net udp
NL 52.222.139.104:80 malwarebytes.com tcp
US 8.8.8.8:53 malwarebytes.com udp
US 8.8.8.8:53 malwarebytes.com udp
NL 52.222.139.104:443 malwarebytes.com tcp
US 8.8.8.8:53 clarity-ingest-eus-e-sc.eastus.cloudapp.azure.com udp
US 8.8.8.8:53 www.malwarebytes.com udp
NL 65.9.86.124:443 www.malwarebytes.com tcp
US 8.8.8.8:53 d3qkzafivw36ke.cloudfront.net udp
US 8.8.8.8:53 d3qkzafivw36ke.cloudfront.net udp
US 8.8.8.8:53 55.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 104.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 124.86.9.65.in-addr.arpa udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 3.229.81.37:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 api.demandbase.com udp
US 8.8.8.8:53 api.demandbase.com udp
NL 65.9.86.6:443 api.demandbase.com tcp
US 8.8.8.8:53 api.demandbase.com udp
US 8.8.8.8:53 plausible.io udp
IN 103.180.115.10:443 plausible.io tcp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 37.81.229.3.in-addr.arpa udp
US 8.8.8.8:53 6.86.9.65.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
IN 103.180.115.10:443 plausible.io tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.169.114:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.169.114:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.28.38:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 114.169.18.104.in-addr.arpa udp
GB 157.240.240.1:443 scontent.xx.fbcdn.net tcp
GB 157.240.240.1:443 scontent.xx.fbcdn.net udp
US 204.79.197.200:443 dual-a-0001.a-msedge.net tcp
US 8.8.8.8:53 www.upsellit.com udp
US 34.117.39.58:443 www.upsellit.com tcp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 www.upsellit.com udp
US 8.8.8.8:53 scripts.demandbase.com udp
US 8.8.8.8:53 static.ads-twitter.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
US 8.8.8.8:53 e10776.b.akamaiedge.net udp
US 8.8.8.8:53 cdn.bizible.com udp
US 8.8.8.8:53 www.upsellit.com udp
US 8.8.8.8:53 platform.twitter.map.fastly.net udp
US 8.8.8.8:53 e10776.b.akamaiedge.net udp
US 8.8.8.8:53 scripts.demandbase.com udp
US 8.8.8.8:53 unpkg.com udp
US 8.8.8.8:53 fp2c5c.wac.kappacdn.net udp
US 104.16.126.175:443 unpkg.com tcp
US 152.199.2.76:443 fp2c5c.wac.kappacdn.net tcp
US 8.8.8.8:53 scripts.demandbase.com udp
US 8.8.8.8:53 unpkg.com udp
US 34.117.39.58:443 www.upsellit.com udp
US 8.8.8.8:53 fp2c5c.wac.kappacdn.net udp
US 8.8.8.8:53 38.28.18.104.in-addr.arpa udp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 58.39.117.34.in-addr.arpa udp
US 8.8.8.8:53 175.126.16.104.in-addr.arpa udp
US 8.8.8.8:53 76.2.199.152.in-addr.arpa udp
NL 88.221.25.184:443 a1916.dscg2.akamai.net tcp
JP 23.207.102.218:443 e10776.b.akamaiedge.net tcp
NL 65.9.86.98:443 scripts.demandbase.com tcp
NL 199.232.148.157:443 platform.twitter.map.fastly.net tcp
US 8.8.8.8:53 cdn.bizibly.com udp
US 152.199.2.76:443 cdn.bizibly.com tcp
NL 216.58.214.14:443 analytics.google.com tcp
NL 216.58.214.14:443 analytics.google.com udp
NL 52.222.139.92:443 d1ni990a184w7d.cloudfront.net tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 98.86.9.65.in-addr.arpa udp
US 8.8.8.8:53 218.102.207.23.in-addr.arpa udp
US 8.8.8.8:53 157.148.232.199.in-addr.arpa udp
US 104.244.42.5:443 t.co tcp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 t.co udp
US 8.8.8.8:53 analytics.twitter.com udp
US 8.8.8.8:53 s.company-target.com udp
US 8.8.8.8:53 s.twitter.com udp
US 8.8.8.8:53 s.dsp-prod.demandbase.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 34.96.71.22:443 s.dsp-prod.demandbase.com tcp
US 8.8.8.8:53 s.twitter.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 s.dsp-prod.demandbase.com udp
US 8.8.8.8:53 www.facebook.com udp
US 34.96.71.22:443 s.dsp-prod.demandbase.com udp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
NL 142.250.102.155:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 805-usg-300.mktoresp.com udp
US 192.28.144.124:443 805-usg-300.mktoresp.com tcp
US 8.8.8.8:53 805-usg-300.mktoresp.com udp
US 8.8.8.8:53 805-usg-300.mktoresp.com udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 partners.tremorhub.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 api.company-target.com udp
NL 213.19.162.90:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 fr-xn.lb.indexww.com udp
CA 185.80.39.216:443 fr-xn.lb.indexww.com tcp
US 8.8.8.8:53 pixel.rubiconproject.net.akadns.net udp
US 8.8.8.8:53 partners-alb-1113315349.us-east-1.elb.amazonaws.com udp
US 54.145.94.184:443 partners.tremorhub.com tcp
NL 13.227.219.83:443 api.company-target.com tcp
US 8.8.8.8:53 fr-xn.lb.indexww.com udp
US 8.8.8.8:53 api.company-target.com udp
US 8.8.8.8:53 partners-alb-1113315349.us-east-1.elb.amazonaws.com udp
US 13.107.42.14:443 l-0005.l-msedge.net tcp
US 104.244.42.3:443 s.twitter.com tcp
US 35.190.60.146:443 id.rlcdn.com tcp
GB 157.240.240.35:443 www.facebook.com tcp
GB 157.240.240.35:443 www.facebook.com tcp
GB 157.240.240.35:443 www.facebook.com tcp
US 8.8.8.8:53 api.company-target.com udp
GB 157.240.240.35:443 www.facebook.com udp
US 35.190.60.146:443 id.rlcdn.com udp
US 8.8.8.8:53 tag-logger.demandbase.com udp
US 8.8.8.8:53 5.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 124.144.28.192.in-addr.arpa udp
US 8.8.8.8:53 216.39.80.185.in-addr.arpa udp
US 8.8.8.8:53 83.219.227.13.in-addr.arpa udp
NL 52.222.139.114:443 tag-logger.demandbase.com tcp
US 8.8.8.8:53 tag-logger.demandbase.com udp
US 8.8.8.8:53 tag-logger.demandbase.com udp
US 8.8.8.8:53 segments.company-target.com udp
NL 65.9.86.64:443 segments.company-target.com tcp
US 8.8.8.8:53 segments.company-target.com udp
US 8.8.8.8:53 segments.company-target.com udp
US 8.8.8.8:53 184.94.145.54.in-addr.arpa udp
US 8.8.8.8:53 146.60.190.35.in-addr.arpa udp
US 8.8.8.8:53 114.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 64.86.9.65.in-addr.arpa udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.28.38:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 plausible.io udp
US 151.101.1.140:443 reddit.map.fastly.net tcp
US 8.8.8.8:53 dualstack.reddit.map.fastly.net udp
US 8.8.8.8:53 www.estore.malwarebytes.com udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 8.8.8.8:53 reddit.map.fastly.net udp
US 151.101.1.140:443 reddit.map.fastly.net tcp
US 151.101.1.140:443 reddit.map.fastly.net tcp
US 8.8.8.8:53 126.132.241.8.in-addr.arpa udp
US 8.8.8.8:53 dual-a-0001.a-msedge.net udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 52.40.177.161:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 161.177.40.52.in-addr.arpa udp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 34.225.178.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.16:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 206.178.225.34.in-addr.arpa udp
US 34.225.178.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.16:443 cdn.mwbsys.com tcp
US 34.225.178.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.37:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 37.139.222.52.in-addr.arpa udp
US 34.225.178.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.63:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 63.139.222.52.in-addr.arpa udp
US 34.225.178.206:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
NL 52.222.139.14:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 14.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 iris.mwbsys.com udp
US 3.208.14.168:443 iris.mwbsys.com tcp
US 8.8.8.8:53 168.14.208.3.in-addr.arpa udp
US 8.8.8.8:53 keystone.mwbsys.com udp
US 35.168.109.214:443 keystone.mwbsys.com tcp
US 35.168.109.214:443 keystone.mwbsys.com tcp
US 8.8.8.8:53 214.109.168.35.in-addr.arpa udp
US 35.168.109.214:443 keystone.mwbsys.com tcp
US 104.18.14.101:80 crl.comodoca.com tcp
US 8.8.8.8:53 101.14.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.85.1.163:80 www.microsoft.com tcp
US 8.8.8.8:53 101.15.18.104.in-addr.arpa udp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 35.81.188.127:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 127.188.81.35.in-addr.arpa udp
US 8.8.8.8:53 versionhistory.googleapis.com udp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
US 8.8.8.8:53 138.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 links.malwarebytes.com udp
NL 52.222.139.26:443 links.malwarebytes.com tcp
US 52.200.141.15:443 iris.mwbsys.com tcp
US 8.8.8.8:53 26.139.222.52.in-addr.arpa udp
US 8.8.8.8:53 prod-www.malwarebytes.com udp
US 18.239.94.15:443 prod-www.malwarebytes.com tcp
US 8.8.8.8:53 15.141.200.52.in-addr.arpa udp
US 8.8.8.8:53 15.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 35.81.188.127:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 lic-iris-content-prod.mwbsys.com udp
US 18.65.39.7:443 lic-iris-content-prod.mwbsys.com tcp
US 8.8.8.8:53 7.39.65.18.in-addr.arpa udp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
US 35.81.188.127:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 keystone.mwbsys.com udp
US 35.168.109.214:443 keystone.mwbsys.com tcp
US 35.81.188.127:443 telemetry.malwarebytes.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp
NL 142.250.179.138:443 versionhistory.googleapis.com tcp

Files

memory/232-133-0x0000000000640000-0x0000000000964000-memory.dmp

memory/232-134-0x00007FFF47540000-0x00007FFF48001000-memory.dmp

memory/232-135-0x0000000002A80000-0x0000000002A90000-memory.dmp

memory/232-136-0x000000001B5E0000-0x000000001B630000-memory.dmp

memory/232-137-0x000000001D690000-0x000000001D742000-memory.dmp

memory/232-140-0x000000001D5D0000-0x000000001D5E2000-memory.dmp

memory/232-141-0x000000001D630000-0x000000001D66C000-memory.dmp

memory/232-142-0x000000001E210000-0x000000001E25A000-memory.dmp

memory/232-143-0x00007FFF47540000-0x00007FFF48001000-memory.dmp

memory/232-144-0x0000000002A80000-0x0000000002A90000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\activity-stream.discovery_stream.json.tmp

MD5 7db36eda175a2a144fa6bef35768ae08
SHA1 e16750bd9164e7dfd7b726f919966a17610357eb
SHA256 6059a6574ac48d6e0deee653427cfb86a65c09a3b371a335c73b1570b6321fe2
SHA512 ba8ee3514fae3ea12ac293cc33e6019ec43cff9e1879f010a6e2865ae6c4f357611b1733d03ee3f15677f9d1f677878d0e3c1907cb109cbee693c894bc0d5518

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js

MD5 8e287a9209e81df5cd9d5cc5ab54aa25
SHA1 652b79f12be5d4559599deee014627709e2dea81
SHA256 bb32c46ed07efd8a7a5ee1649e85a4eaec8120bf48a4bc5d5cb6214978148dd9
SHA512 8f8eb81e8db2eda18f9c006c276313a70ff7d6de19a1ed6d4785a851f145f38d6170ca31bf8e16bd1d69ba6755e507d2b4aa7f7a4d973053e30a0ad0ca2fa5e7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

MD5 8bbfc80b9e80a1c9f23dcea48db3b6d2
SHA1 61b5c893f6f3c8c93b0231c8f8b7d93b36a06ebe
SHA256 2281683f9f9bf1314d2af2745a97202ee50478719ff0c320a6e2214f33802807
SHA512 5afbfbe3a088a72534088565c253392d6d418f6676aa59973ac4a498746ee279b225d78da2840265d0b42021b706e6b22fd9447399a697c7bacbb00198f8557c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

MD5 11a33ae3935eac324e1d93d7a31b3812
SHA1 6ce56599cf12ea1d1cc609878a758977bd4fe168
SHA256 4a99a254a053876dd5cf2d4ac187ffbb5abc6ffca780d0d1581a9aca57677cc2
SHA512 675efa488b805cce362d162f37136a83abe3934088511b40d85c3c7ea3bbb47b4b6f7c8d5229dbce4c2768cea15622937e8d05536385c581018f6a470ddcc427

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

MD5 d0bb5dee31ca0a2e5754c249b204e005
SHA1 06ba0110438131b1b7fe9a8f28db4e997b5b1b3f
SHA256 c12edcad492bcfc3c9428816a01bfa7858c44cc21aa2e6665a2b5f865c12ceb4
SHA512 3730f64ab2c658b677e825bd2102ae0a7190a0eb4b496bc1803064abf0e1b9c6a3b6239df4d876bc671341dbbcf23c0312443fc74e462b496c9394d65296fb6a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c35394f15361134447c7f37069c2baae
SHA1 42b44c80315fcf7ed050334973ea28693e5d42f8
SHA256 0067ad48444e3f2a317db010e7a919f1432dbda7447713f84ffd29f943de746f
SHA512 b19446de6dda7effb75f68ac8684e56bf761f850a6db930a1a91366084930d15aca3d60317c6056162a626d4e1bcf3f6719d21b62aba310677e1d85d5bc57e49

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\16925

MD5 0a7be00d11af7eafb7d65c71b24485d5
SHA1 fc047dbc253466f0aefdfb79267ba08c8d59a60f
SHA256 dc65915fc481973d8d3769c7ec21901107ca71c2feda6fca50b208944200752d
SHA512 f8af27b2d49f82cea5ba6d14b14a6af677f10f89855eac36fdaf4d1655f5dcea947ceb81bcc5842859127121dca9166711588de4fc7428778129ef368ac05ac3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\655

MD5 8e25280268734a7d0e778de340c56851
SHA1 1069376dd533edfe1d2804229e02ee12bd010af2
SHA256 456ebdf4dc706b0fe058e2828e7abe1df13f1f49754a40958863141430c26d01
SHA512 995caa1daf6b8b4eaac8484041ce81c69349b3ce5716e050c8ebd297d16cc6f7c5a9c1cc32010602c2c67009774a1fd9bc83b82e8195a63c08ef719e6eedcd0d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4

MD5 046f3ab5972042295ece470518245175
SHA1 521d2113fb9a12242bf10123d381275840dd35a6
SHA256 2cc81743d7af46b940414d9b13b6ddaabd28181a6d50820c4c616d6620af3f5f
SHA512 b6aa6f2a5feb915327a76a3e1a6e65ffe401ab7ad2958e8bcc710c90c47055ab99a5389c116363c7446ed7b64fd81e65bb4a43ecce1ef5b170878a4cc19b9853

C:\Users\Admin\Downloads\MBSetup.ozw-8ZLE.exe.part

MD5 1e885823577394ea61ea89438ffe2954
SHA1 e53e96f7374790bdad8a614949b398b055c3a27b
SHA256 7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c
SHA512 73f600833dad0047b6444110d722dc95237b38bb486abc7fc8e4f59b69e2154c885fb46d65f488d5139a0b6e76ebde33ea72711c7f58436650ef992fb8995627

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore.jsonlz4

MD5 67b5cc981fad5e766141ce67d99145aa
SHA1 5789e6575f62569184f9e86c15179313a26107c7
SHA256 49ae6fbe90763c4d3c468bca5397a7307e1f6f61e5b04e3092de9ed3574a5b24
SHA512 234a8435adb1778f3e6f194d14e30f8bdd25ad1eb52c048d5a7212221f3cdb6e208816c3ecec3140ae722c2efbba4e40eb73afed4abd7abc6e2088143b576f6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js

MD5 dc7cd6e6697527818a3fed12a4b6f1a7
SHA1 c1d032e24c89dc0a7adf04b4bff86b9185646095
SHA256 042142a9a3c9a2d4c965a1a3f3b7c91c10def76a2d5b5666ea514155ea9c0c5f
SHA512 374596d0550464c38c8fc5db1e9168f9cb6c9515586dc9fdc98c79b89f072415322b76000ffaeee57c4337b1ba205ba77a3f58ef99708cb5876e66652641d15b

C:\Users\Admin\Downloads\MBSetup.exe

MD5 1e885823577394ea61ea89438ffe2954
SHA1 e53e96f7374790bdad8a614949b398b055c3a27b
SHA256 7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c
SHA512 73f600833dad0047b6444110d722dc95237b38bb486abc7fc8e4f59b69e2154c885fb46d65f488d5139a0b6e76ebde33ea72711c7f58436650ef992fb8995627

C:\Users\Admin\Downloads\MBSetup.exe

MD5 1e885823577394ea61ea89438ffe2954
SHA1 e53e96f7374790bdad8a614949b398b055c3a27b
SHA256 7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c
SHA512 73f600833dad0047b6444110d722dc95237b38bb486abc7fc8e4f59b69e2154c885fb46d65f488d5139a0b6e76ebde33ea72711c7f58436650ef992fb8995627

memory/232-915-0x000000001EB10000-0x000000001EC14000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

MD5 7b63a1e09ec588a4b3f0c234e8a2e878
SHA1 bc30968eca0a1d0bbd91af5093df772fd100c7b6
SHA256 e9390428bbf48825304080a593c66d78ff63cefe049469f82aa7fbd008f57d56
SHA512 331294bf7342443fa795fcf6c3e6e66335b3fd997a0ac51b6dcae4c011dcd84446691174ff90eabb65599a405a05d2cc08c7ef6c6f5042e6c8a0b30b60a86a31

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\7z.dll

MD5 ab8f0c1a37c0df5c8924aab509db42c9
SHA1 53dba959124e6d740829bda2360e851bcb85cce8
SHA256 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5
SHA512 ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\7z.dll

MD5 ab8f0c1a37c0df5c8924aab509db42c9
SHA1 53dba959124e6d740829bda2360e851bcb85cce8
SHA256 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5
SHA512 ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\MBAMService.exe

MD5 e7d1bfbee9a8fca1d3df7dfc6fa1d629
SHA1 17decad12027a58e7408cbc994394c705f909630
SHA256 75f5d1db040c215957c848981101f1194e6502cb064c599f59a8202b137121ba
SHA512 ce83d2f259e99b133ee3577363e9cad5a22e2e81107dd822a1ea8a44d8935e52f3737aaf1d1bcba5335dd120aff8fbf7fb3387c7811ba7198d806665813cab60

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 d37afb15fedf2a6b5a79facfc6338da8
SHA1 f627e9a634c983a9c3eaadd5ea3ba605394d71b6
SHA256 bf6e11d2961738509407f1213a43990803aa6337bfb67cc353c3812a3c7f2b89
SHA512 293ca9d8ee175052a75c94699a2027eed153fdba49640089fd74b6c9f6b2c8dffd00d3f9567a352bdac1c38f0343122b95c536fce04d05aed6420f34e25799b5

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qml

MD5 d8c9674c0e9bddbd8aa59a9d343cf462
SHA1 490aa022ac31ddce86d5b62f913b23fbb0de27c2
SHA256 1ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7
SHA512 0b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml

MD5 829769b2741d92df3c5d837eee64f297
SHA1 f61c91436ca3420c4e9b94833839fd9c14024b69
SHA256 489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0
SHA512 4061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 4c36f0ee008ed9f02f20c940a30ddd0c
SHA1 2b3ca5c4dec9a12e58e15fb4a4c80f54bf6de22e
SHA256 e0cf5c24aeae65dfeb91485d55ac5e04ef7379e1e0805bd799ae1c248c226186
SHA512 7c27e43139c02a067015f7d23cba113dcf7e3f2203e21c8036cad229f3d9694bd59a3a5032151ad0a2a7ab33431aee7880b676c672541defa568f22715ac9729

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 7113ebca1bd77c38757d0475439c937f
SHA1 c6eb88111e69d13a3f5789dd5304b88f61190997
SHA256 8059699fc5567a9fe5a0b857095cb5fe2c8b24eb5990f3821998ee3c06129805
SHA512 0e1d5d03561f042aaf9db134f9bc4e5688061760e3770085c2faf0e90919b3f9d0ade7d55ef0785935c115c2c117ce880025d7837aca44e5e561882328be5c1e

C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.dat

MD5 74c6677020fc6b6c867aab117078bf5f
SHA1 8c46db37dc0b39eb963d4144539c8b591e122400
SHA256 cdbb9bc874d71e154c71b68b1fe959913d286036dac11e226e5620c919ba9708
SHA512 3f9db8d9bb25322f8d8e750750bf92dbe6ac63d686eced65cddfcd61178cf0e947118a491058414d4d2cbb4892e39815565669aee0dfdda23aece72d278292d0

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 9b187892016909b91fdf819888e4309d
SHA1 80a85b19dfd4c1bfe9093eddaef92f3e46b48223
SHA256 2b617693e1ceb443160beb85094eab7938a2a920ed3ad313f3e10fa29bc7ae5f
SHA512 e107f0e22af501679346235546f4d2be77841ab6489be8cfd16b5f9ba7a53016310a4511f65b3e2966ff43e8bdfe7dff25441fa4ff74590e3e5c29f478954494

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

MD5 e7d1bfbee9a8fca1d3df7dfc6fa1d629
SHA1 17decad12027a58e7408cbc994394c705f909630
SHA256 75f5d1db040c215957c848981101f1194e6502cb064c599f59a8202b137121ba
SHA512 ce83d2f259e99b133ee3577363e9cad5a22e2e81107dd822a1ea8a44d8935e52f3737aaf1d1bcba5335dd120aff8fbf7fb3387c7811ba7198d806665813cab60

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

MD5 e7d1bfbee9a8fca1d3df7dfc6fa1d629
SHA1 17decad12027a58e7408cbc994394c705f909630
SHA256 75f5d1db040c215957c848981101f1194e6502cb064c599f59a8202b137121ba
SHA512 ce83d2f259e99b133ee3577363e9cad5a22e2e81107dd822a1ea8a44d8935e52f3737aaf1d1bcba5335dd120aff8fbf7fb3387c7811ba7198d806665813cab60

C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\mbshlext.dll

MD5 b7e5071b317550d93258f7e1e13e7b6f
SHA1 2d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA512 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

MD5 e7d1bfbee9a8fca1d3df7dfc6fa1d629
SHA1 17decad12027a58e7408cbc994394c705f909630
SHA256 75f5d1db040c215957c848981101f1194e6502cb064c599f59a8202b137121ba
SHA512 ce83d2f259e99b133ee3577363e9cad5a22e2e81107dd822a1ea8a44d8935e52f3737aaf1d1bcba5335dd120aff8fbf7fb3387c7811ba7198d806665813cab60

C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

MD5 16663d125398773a90d0a53333b7cf5e
SHA1 f92928ae3c9292588547ceaca1cb1d372bfd7936
SHA256 38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc
SHA512 091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 9b187892016909b91fdf819888e4309d
SHA1 80a85b19dfd4c1bfe9093eddaef92f3e46b48223
SHA256 2b617693e1ceb443160beb85094eab7938a2a920ed3ad313f3e10fa29bc7ae5f
SHA512 e107f0e22af501679346235546f4d2be77841ab6489be8cfd16b5f9ba7a53016310a4511f65b3e2966ff43e8bdfe7dff25441fa4ff74590e3e5c29f478954494

C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

MD5 16663d125398773a90d0a53333b7cf5e
SHA1 f92928ae3c9292588547ceaca1cb1d372bfd7936
SHA256 38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc
SHA512 091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

MD5 5471d57066b9c30fd2ded9353ef0cf85
SHA1 21d231c088ac7e983f0d620c3f172fa0fa373e3b
SHA256 1454ea0493b479bff5c3e27a7600d24f61d107451c05902cc6dff4abf86533f0
SHA512 1409a79e6b35253f3276425de518eb760623065c2c6290fffba3fa9b75675b7456b7cd535c54b7a4b9ca3cc5f5df9231727d2d531e9e824e7192c4e03ce23b83

C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll

MD5 5471d57066b9c30fd2ded9353ef0cf85
SHA1 21d231c088ac7e983f0d620c3f172fa0fa373e3b
SHA256 1454ea0493b479bff5c3e27a7600d24f61d107451c05902cc6dff4abf86533f0
SHA512 1409a79e6b35253f3276425de518eb760623065c2c6290fffba3fa9b75675b7456b7cd535c54b7a4b9ca3cc5f5df9231727d2d531e9e824e7192c4e03ce23b83

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 0aadb1b6b0fcff6dc7b4a946abf181f1
SHA1 0191472c05c786e0c51f290900e009f2787ad80b
SHA256 026be320cbb83c79639b46bbda967dd2c4d95082a932ea91ee850f68fa77a116
SHA512 97d1a2eee8092068fa459ffd3483771d97520f564dd840dc4f36fed9ce4b9151f642eb341ccfe5f0932806f2f65a1ed7134bd8032ae0fded9ad1df3a0bf4b5b6

C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

MD5 b7e5071b317550d93258f7e1e13e7b6f
SHA1 2d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA512 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

MD5 b7e5071b317550d93258f7e1e13e7b6f
SHA1 2d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA512 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll

MD5 1e102c36c622f1a221f9c7af8a96a6c2
SHA1 0e350dfa57a7c2c8d4daddc77d4b9da539a917c9
SHA256 0be22af897b18d15f739363d32ffdcd5f4cdf1e0973dd1dffb949ac3b64e2dca
SHA512 4c3262d53c9e9508dcaf70bf58c5c9a2b501274fabec186533e21ae6e988d0f54518672b60909901de79c5ade2f6b1d8d7bdc0b29b9150c94e7a28a3e85ef818

C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll

MD5 1e102c36c622f1a221f9c7af8a96a6c2
SHA1 0e350dfa57a7c2c8d4daddc77d4b9da539a917c9
SHA256 0be22af897b18d15f739363d32ffdcd5f4cdf1e0973dd1dffb949ac3b64e2dca
SHA512 4c3262d53c9e9508dcaf70bf58c5c9a2b501274fabec186533e21ae6e988d0f54518672b60909901de79c5ade2f6b1d8d7bdc0b29b9150c94e7a28a3e85ef818

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 f782ef057fc2e4a54c9f424413f277ae
SHA1 2a23622ec49268500afe42d9174ac86844f7298b
SHA256 d620750c3fcc3f858e391996d1c37c1e7066c8133f0f16750db95d4a761ad6c1
SHA512 bb2dc0e456fe4d4820fbb8ba07b0935325b325a1ff4093e5a686088c2d44ae746b6c7c6a3ddceaacbd2cfa4cdd41341c2c70218e2eb67cceacd6cb395c43ca1a

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll

MD5 900c4c891467f8561e45d802b5de80c9
SHA1 d648fb40dabd2f349b90f5850ed37f0bd445ce17
SHA256 632ee57df24f41fd26d0a54d8049a3b259c10dc932353c37d0e252aa495f1482
SHA512 c6421008402c9da4b20fb61e3c6ff8bdc9bba85c8ca6dd75ce8ff38f2003cf2814fbed475a8fd555e6ee7e3afbd1e4d394b76f1e4d4ba032be0ec09ad33589b3

C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll

MD5 900c4c891467f8561e45d802b5de80c9
SHA1 d648fb40dabd2f349b90f5850ed37f0bd445ce17
SHA256 632ee57df24f41fd26d0a54d8049a3b259c10dc932353c37d0e252aa495f1482
SHA512 c6421008402c9da4b20fb61e3c6ff8bdc9bba85c8ca6dd75ce8ff38f2003cf2814fbed475a8fd555e6ee7e3afbd1e4d394b76f1e4d4ba032be0ec09ad33589b3

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 560bb35aa14891dce8612000767ff76e
SHA1 f6110d8e21d3e11eb1fae5339627a0dc836133d5
SHA256 5485329acb9cb31294057e5790eb0a312761e21ad4682cab9f0e866508eaeddb
SHA512 519402a89996f11c225f2a5cbd90ec9337f43bc3643d73a054ddcf7702a237bbf96e8fe0602e145d30941ef99f4a5231f67360cc8485dce2c8e1cf41b8a0fa88

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat

MD5 a743d971af1154e28229e810c933d2f9
SHA1 a370169afcd9c216a81674a808d47583312e0345
SHA256 4effc6f504bfae784a33616e8337962f49ba2c2e34e23aa08bc991d6dc4e28dc
SHA512 43427859b2672e88c1771481145f729ef4e8b7d3dfcba9e5195100a890a3d9a52b1b0d6a1d7d390faa06dbc25d4f713495e82156df972de428adeb0dc826ad66

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\version.dat

MD5 7113ebca1bd77c38757d0475439c937f
SHA1 c6eb88111e69d13a3f5789dd5304b88f61190997
SHA256 8059699fc5567a9fe5a0b857095cb5fe2c8b24eb5990f3821998ee3c06129805
SHA512 0e1d5d03561f042aaf9db134f9bc4e5688061760e3770085c2faf0e90919b3f9d0ade7d55ef0785935c115c2c117ce880025d7837aca44e5e561882328be5c1e

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 307c74fa2b524c37c9dfa1417334e5a5
SHA1 e9ab3def1f56147d2e8db14fb486fae31ef815b9
SHA256 4dedcfb5600e585946c62bd082b2489b0d48353a1e1a5e4583eb9d1afd8e672f
SHA512 1ed96abbacebba06c2cb6636f4f98f37d14189b44b3bbef362bfd051a8bb009aa2fd756ed284d666465c07aee8d92b4762a2cb15d63d9f77e033da05805267f4

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 314e0f9ce244c7b56723f4b43cd3e99d
SHA1 23de5486f84f35d77b05e0d746507a702db49c89
SHA256 0bb273d0841828a2ec2cddbd0a21743fac229a79e3bda1f5bd40cce6b918b3c0
SHA512 5f5cb9f8b257049ae783ffbe5e1bcfa15df80746f2a4afdd904419e288736105485abd9545b63d9b4718280902cd11941a1d75ee085073612a48219052d1824d

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 dc09f1254e56dec774db342fbec3bb4c
SHA1 e292cf9b6321b10c44d6458f69fda97163604961
SHA256 cb420e61a50309c695261e3a941a88591b47b1b7004445758d84cdaf66b8a251
SHA512 81531123a70f7975e824704263db1edad8e00b4162aa9944f156122a4f10a1e8dc3f0b2b7aeebae55700bf363f8466deb7dc9ab9d09587f63bc65b04749211e4

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 a743d971af1154e28229e810c933d2f9
SHA1 a370169afcd9c216a81674a808d47583312e0345
SHA256 4effc6f504bfae784a33616e8337962f49ba2c2e34e23aa08bc991d6dc4e28dc
SHA512 43427859b2672e88c1771481145f729ef4e8b7d3dfcba9e5195100a890a3d9a52b1b0d6a1d7d390faa06dbc25d4f713495e82156df972de428adeb0dc826ad66

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb

MD5 7be32de455a071f60a4e7a88a0727108
SHA1 790b63e246aad713a976c4093e6fa3fcd65af7ca
SHA256 aac1e00d672f36d9cf49ae90a427f15d60a6a475c5421dbc758b972fc1fd9898
SHA512 9c260a9a6e18b26a5a0976f32dcd7ec3456412419739f6314e723a058a3fa7c781f393547c3b94cbf8ae042fb583e91f1c3b01f1873817e2e9b3cfa01f1c5222

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb

MD5 dd77c16c7d4affdfdf63bd121135856b
SHA1 3f1cbfa96fe50e2331867ca3b9d2f2044bb125e4
SHA256 0f25e0d43988fadbed5977ae6266ce5c96b440857b94cb24c160006e548a6ec7
SHA512 82b4b9a69ac69ba85aa1edd85966b773d19a0a27e3389b38ef98eb98fe9179d16f5a93a433ff465e71d6f089d6c37b31867a0ce1acb9df571a0f4891a03ca240

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat

MD5 09a176c75b2751aeca9a07b87e6515af
SHA1 dd8cea2515fb3e600a9328836b7a020e6aa47881
SHA256 9f64c6e9d4e783b2d675a7f16e50c8aa7c5fccb2e15327ad833a97ac412f3d18
SHA512 36240c333bc2c1782d3631226e935b281515c2dfe4204d21f7a1484a4e4528f4239e9f39e1512b19a9986b4eedbc47d30ec973624bfa2ad5cceca12645a2f184

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat

MD5 bd4b80350c5d6cdc08a7cba1168b6400
SHA1 6dd387816d1b998468bf44a736e8f218081d633b
SHA256 6c768fe0183f36f50aaccc1661ba8e4bbb68cac0a23e447cee17c7c7dc3a35a2
SHA512 37819ac7aa8439a20bbae0ddd3b2e8e2ff42c6a286993effe76dcb72b7923d77937d4fe3b3493846ad9654d13b9a0abfb28649c208b2d05921a5f54179b829ae

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 5e5272cfda4a728ce2db55e92638a05e
SHA1 18597556649416815ae422c6252b27c7d497b89d
SHA256 2f70362b69ec445516c39e525d939844614a858eb0f2796e44285361949f1671
SHA512 9357a12329d4635b26d0c190a2774f769e796989a0a86651f79a19944457c3d3ebbe996642d77df852224a529329aead072cca0fea1a6d37efe57f4ed0f86d7e

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb

MD5 1113a9bff6389f47a020fca74dd03c59
SHA1 ecf5c9c3b209d94d053b919ee7a737cfb25a88f8
SHA256 47422f50e07dd29fdd9290bec8ddc08e6a411665b2c7ee0d3f157b454f6fdefe
SHA512 0911d2f269be06cfaa46a1b3af88225a7b43f72e01d3c156b9f2f5ea83e624ef58c7a60b46242ecba9ff15be36cef3d6ba0027a55afc1e2ee05bbfc1386019d5

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb

MD5 e0d88a95bf85ea2c9f01d481c03dda53
SHA1 3b911e380a1129e95582dab6956d264d14a899dd
SHA256 0acce254ae62bc041ece730e7b14e901ce190a9f5936002b2744d68b46080c30
SHA512 e802ae1f9552ed6e41eab78b2ff9ab93ef12d1fb38a52faad8172923857b638fac15f2fc594c2cf77573b5b364ece7a6da3d4c28b0aacd1295a0e6add30bd01a

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb

MD5 aa375408cc73107df5f7f47a693a5717
SHA1 9cfec1291dcbe306f2fed5e83c6c6d5d4abf4a9d
SHA256 dcce80053dd72a8ad7a19d1bbf784f0b795c1e9389204003d221a13b37355909
SHA512 65430d24e6ea0914dd4e32c09114a2924b1223bbe215ad940a8b4c1507a92a07fd5d7f769a1de6cce8b9303e931c2d78f7a0e48bdf8fdaaa3f5baf94f8592eda

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr

MD5 e59b9d344dc47e24bbd046e9ddfcecf3
SHA1 15837e283a6a779af5a967ae7233fbef5de9b1ed
SHA256 c8e27509ae33d681409e7a710cacc8f6d23b8687aac6a17281f4832f295359a8
SHA512 ebea63038b7ab7675be161cf44a8f00a18984ffbfe33317b9ff29ee0793db31ece1cc8810dc8f3bd1ee2a1f701833e95cfd1e67bee4b7925958cdff32c27501b

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 1113a9bff6389f47a020fca74dd03c59
SHA1 ecf5c9c3b209d94d053b919ee7a737cfb25a88f8
SHA256 47422f50e07dd29fdd9290bec8ddc08e6a411665b2c7ee0d3f157b454f6fdefe
SHA512 0911d2f269be06cfaa46a1b3af88225a7b43f72e01d3c156b9f2f5ea83e624ef58c7a60b46242ecba9ff15be36cef3d6ba0027a55afc1e2ee05bbfc1386019d5

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 e0d88a95bf85ea2c9f01d481c03dda53
SHA1 3b911e380a1129e95582dab6956d264d14a899dd
SHA256 0acce254ae62bc041ece730e7b14e901ce190a9f5936002b2744d68b46080c30
SHA512 e802ae1f9552ed6e41eab78b2ff9ab93ef12d1fb38a52faad8172923857b638fac15f2fc594c2cf77573b5b364ece7a6da3d4c28b0aacd1295a0e6add30bd01a

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 aa375408cc73107df5f7f47a693a5717
SHA1 9cfec1291dcbe306f2fed5e83c6c6d5d4abf4a9d
SHA256 dcce80053dd72a8ad7a19d1bbf784f0b795c1e9389204003d221a13b37355909
SHA512 65430d24e6ea0914dd4e32c09114a2924b1223bbe215ad940a8b4c1507a92a07fd5d7f769a1de6cce8b9303e931c2d78f7a0e48bdf8fdaaa3f5baf94f8592eda

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 dd77c16c7d4affdfdf63bd121135856b
SHA1 3f1cbfa96fe50e2331867ca3b9d2f2044bb125e4
SHA256 0f25e0d43988fadbed5977ae6266ce5c96b440857b94cb24c160006e548a6ec7
SHA512 82b4b9a69ac69ba85aa1edd85966b773d19a0a27e3389b38ef98eb98fe9179d16f5a93a433ff465e71d6f089d6c37b31867a0ce1acb9df571a0f4891a03ca240

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 7be32de455a071f60a4e7a88a0727108
SHA1 790b63e246aad713a976c4093e6fa3fcd65af7ca
SHA256 aac1e00d672f36d9cf49ae90a427f15d60a6a475c5421dbc758b972fc1fd9898
SHA512 9c260a9a6e18b26a5a0976f32dcd7ec3456412419739f6314e723a058a3fa7c781f393547c3b94cbf8ae042fb583e91f1c3b01f1873817e2e9b3cfa01f1c5222

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.bin

MD5 8fd13803b1e5f14b4d241facc601a170
SHA1 7321eec794bc766d84d75bd0370a9f2e4d7abdf6
SHA256 925d771b2643715b62ef720801dfa96047fff1ee70eabb244bed802234673717
SHA512 f5b3514258487f8576fe32a795eefcffef049c7d002a6abdca17383bba838c7a218be23ec6803dcefed615f40afc2ba4b15bf65c9a74c4f6bb891d15d02bfc22

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nm

MD5 401d5cb944173cb2c45fb247d17a4ba8
SHA1 ab2a5a056fda44492326588194b2a792adfbda15
SHA256 46dc97567c66bd2621307fdeedeaeb04735670314b87b7101d494fd932d54047
SHA512 bb3156318fcbdb50bb4bcedb934a0d2afcbcc0a3277bcd0369951bf67a8ffdaaed5b28634292f85929817f1e928cdbee4801141926c5888831ac65e54def2485

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 8fd13803b1e5f14b4d241facc601a170
SHA1 7321eec794bc766d84d75bd0370a9f2e4d7abdf6
SHA256 925d771b2643715b62ef720801dfa96047fff1ee70eabb244bed802234673717
SHA512 f5b3514258487f8576fe32a795eefcffef049c7d002a6abdca17383bba838c7a218be23ec6803dcefed615f40afc2ba4b15bf65c9a74c4f6bb891d15d02bfc22

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 09a176c75b2751aeca9a07b87e6515af
SHA1 dd8cea2515fb3e600a9328836b7a020e6aa47881
SHA256 9f64c6e9d4e783b2d675a7f16e50c8aa7c5fccb2e15327ad833a97ac412f3d18
SHA512 36240c333bc2c1782d3631226e935b281515c2dfe4204d21f7a1484a4e4528f4239e9f39e1512b19a9986b4eedbc47d30ec973624bfa2ad5cceca12645a2f184

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll

MD5 1eff53d95ecaf6bbfffe80d866d8e1dd
SHA1 d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f
SHA256 6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac
SHA512 c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 bd4b80350c5d6cdc08a7cba1168b6400
SHA1 6dd387816d1b998468bf44a736e8f218081d633b
SHA256 6c768fe0183f36f50aaccc1661ba8e4bbb68cac0a23e447cee17c7c7dc3a35a2
SHA512 37819ac7aa8439a20bbae0ddd3b2e8e2ff42c6a286993effe76dcb72b7923d77937d4fe3b3493846ad9654d13b9a0abfb28649c208b2d05921a5f54179b829ae

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll

MD5 b2216df400c3ef59f9406831ba7956b5
SHA1 1e26588190fc8a608e773239d498ceb79a92fca3
SHA256 1e429ee1da8a0fe6569673b7052c5f49c193aaa8f3152451f645539a431b792d
SHA512 3aa3c9ed3bcaa0f2b7c4de36f7a83e35e8abf63c972c8e5377915bed41a803ae516cf8ef14e9c455043dd1ae46e4aec1820fa3572e65d0c87a99eac1d43d1f40

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 1eff53d95ecaf6bbfffe80d866d8e1dd
SHA1 d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f
SHA256 6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac
SHA512 c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sample.dll

MD5 936021397e23fc913c55992ce9468913
SHA1 d65af889a379f2982b1ebf29d83d2783b9aa0ded
SHA256 ce7bdd309701942d97bd8cd3c2455a8d37d93b4d9ce4c14986703daf46fab7fb
SHA512 4fb968bee32b5f2b5a5d1629ec2855dc0150ec6b753e83a457ec704350b1f219b5e1349a75ec41f94757d1ef2de9a020933f8e42566bf6123543b7709ecc3d74

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 14cd82fe89752e3723a9b42aaa68763a
SHA1 ea407d8d7064581406eb1b14e0f01cee61afb252
SHA256 60e6029bdf3a2d88772bd4ec3aea6b688505e7dfcb76ce371d6942e9de95ce04
SHA512 16114ff38a2e2cc59a9bbf420304fda8e558022f385748a5f48c02f037cbe815221a1cb4f0ac1deeb408ebf66ee3e25c059b157c7cc5cb169dbac75a73694fdc

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 936021397e23fc913c55992ce9468913
SHA1 d65af889a379f2982b1ebf29d83d2783b9aa0ded
SHA256 ce7bdd309701942d97bd8cd3c2455a8d37d93b4d9ce4c14986703daf46fab7fb
SHA512 4fb968bee32b5f2b5a5d1629ec2855dc0150ec6b753e83a457ec704350b1f219b5e1349a75ec41f94757d1ef2de9a020933f8e42566bf6123543b7709ecc3d74

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

MD5 14cd82fe89752e3723a9b42aaa68763a
SHA1 ea407d8d7064581406eb1b14e0f01cee61afb252
SHA256 60e6029bdf3a2d88772bd4ec3aea6b688505e7dfcb76ce371d6942e9de95ce04
SHA512 16114ff38a2e2cc59a9bbf420304fda8e558022f385748a5f48c02f037cbe815221a1cb4f0ac1deeb408ebf66ee3e25c059b157c7cc5cb169dbac75a73694fdc

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 1ed53171d00f440f29a12f9beb84dac4
SHA1 4d9a1e3579b0999f1ab2fa818b588411e9ee920c
SHA256 e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e
SHA512 17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll

MD5 1ed53171d00f440f29a12f9beb84dac4
SHA1 4d9a1e3579b0999f1ab2fa818b588411e9ee920c
SHA256 e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e
SHA512 17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll

MD5 b2216df400c3ef59f9406831ba7956b5
SHA1 1e26588190fc8a608e773239d498ceb79a92fca3
SHA256 1e429ee1da8a0fe6569673b7052c5f49c193aaa8f3152451f645539a431b792d
SHA512 3aa3c9ed3bcaa0f2b7c4de36f7a83e35e8abf63c972c8e5377915bed41a803ae516cf8ef14e9c455043dd1ae46e4aec1820fa3572e65d0c87a99eac1d43d1f40

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 401d5cb944173cb2c45fb247d17a4ba8
SHA1 ab2a5a056fda44492326588194b2a792adfbda15
SHA256 46dc97567c66bd2621307fdeedeaeb04735670314b87b7101d494fd932d54047
SHA512 bb3156318fcbdb50bb4bcedb934a0d2afcbcc0a3277bcd0369951bf67a8ffdaaed5b28634292f85929817f1e928cdbee4801141926c5888831ac65e54def2485

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 e59b9d344dc47e24bbd046e9ddfcecf3
SHA1 15837e283a6a779af5a967ae7233fbef5de9b1ed
SHA256 c8e27509ae33d681409e7a710cacc8f6d23b8687aac6a17281f4832f295359a8
SHA512 ebea63038b7ab7675be161cf44a8f00a18984ffbfe33317b9ff29ee0793db31ece1cc8810dc8f3bd1ee2a1f701833e95cfd1e67bee4b7925958cdff32c27501b

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll

MD5 a22f4dd3f75413faba618de10315540d
SHA1 450a9abff68ffb922abaa0ba193ea4ffc983e92b
SHA256 31d628b6c6c58d76dbd8071e155c9bfef575444d3ce7fa83c2a0c3a16e67e7ea
SHA512 b34bec558e556dc8602717fc8b2601f18d02217551bcb1b3d7df7f9574f7ddf46a29dcfe043119f353e1e258fdc1e9a6db6d38ce8e5f3eda9fdb92216a31ccd6

C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll

MD5 a22f4dd3f75413faba618de10315540d
SHA1 450a9abff68ffb922abaa0ba193ea4ffc983e92b
SHA256 31d628b6c6c58d76dbd8071e155c9bfef575444d3ce7fa83c2a0c3a16e67e7ea
SHA512 b34bec558e556dc8602717fc8b2601f18d02217551bcb1b3d7df7f9574f7ddf46a29dcfe043119f353e1e258fdc1e9a6db6d38ce8e5f3eda9fdb92216a31ccd6

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll

MD5 461faf68ccc02b0223fd273b630f21fe
SHA1 363b8beaa74f0f454c2d544ace9e71a84bc2b4cf
SHA256 cb07f3f461e9c267831b1ab93af6dfda1bb51d72e42d73d00d26594f09326be1
SHA512 4b671f48e45fdedf50c7f7bb6c8d82a3b98f7502006eb002aaf8ff31f25f9ff1257c7bcc12caf622e43d4ec665b19d978ae3e3762f76def0bc71485ebdb8426f

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 236da06c4a81e4134f6239c5441a8bd8
SHA1 9f4f1f515cdf8f84196b7e230879cf3d9edc56c8
SHA256 a4a53cd357e1a2ac8c2df731dfc3365762f1296b629c647cae23ebc3291e0102
SHA512 89847e2379190f5b80d7aa748503b9946e185d0e559125202a95bb922faec96f4f53d577d6a2ebd62fc16545eab46492136c5ceecc0cf6cdbf6d1c7925b1d4ce

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

MD5 7b63a1e09ec588a4b3f0c234e8a2e878
SHA1 bc30968eca0a1d0bbd91af5093df772fd100c7b6
SHA256 e9390428bbf48825304080a593c66d78ff63cefe049469f82aa7fbd008f57d56
SHA512 331294bf7342443fa795fcf6c3e6e66335b3fd997a0ac51b6dcae4c011dcd84446691174ff90eabb65599a405a05d2cc08c7ef6c6f5042e6c8a0b30b60a86a31

C:\Program Files\Malwarebytes\Anti-Malware\7z.dll

MD5 461faf68ccc02b0223fd273b630f21fe
SHA1 363b8beaa74f0f454c2d544ace9e71a84bc2b4cf
SHA256 cb07f3f461e9c267831b1ab93af6dfda1bb51d72e42d73d00d26594f09326be1
SHA512 4b671f48e45fdedf50c7f7bb6c8d82a3b98f7502006eb002aaf8ff31f25f9ff1257c7bcc12caf622e43d4ec665b19d978ae3e3762f76def0bc71485ebdb8426f

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll

MD5 1383a56bdf56a56f40e26ab9c77a9ebd
SHA1 72d7d2f3bb95ca4ad6a0857d67b3fa438ade4753
SHA256 134319520445785ea9e369b713406075520e8ee15944aa2590e4de9f13b9988c
SHA512 1cc682a68914b4897f63f4bb7076e28db61b8d8e7edb3ed77905caa8f233c9e8faa870f8067be77af62c1c02be807989ec3a98cd212c92bc1fb35391657ad975

C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll

MD5 1383a56bdf56a56f40e26ab9c77a9ebd
SHA1 72d7d2f3bb95ca4ad6a0857d67b3fa438ade4753
SHA256 134319520445785ea9e369b713406075520e8ee15944aa2590e4de9f13b9988c
SHA512 1cc682a68914b4897f63f4bb7076e28db61b8d8e7edb3ed77905caa8f233c9e8faa870f8067be77af62c1c02be807989ec3a98cd212c92bc1fb35391657ad975

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 8395bdcf8d9eeb9cfd730618d0d22e03
SHA1 145e6e051209232bbd8fa380de87745bc37a64a9
SHA256 ea6439cb85d3a993b0e11b093428131b39832577f912cfc7c7f319862850d0b0
SHA512 4c450df8617bafdc7d925b5ab2be5fed17cbdb3c35f27da9528826b4744c1f41b7288ea6ed2b1a768401d03c549271a4f2e6a8e6ecf23d69d41d2cf789e35805

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 8395bdcf8d9eeb9cfd730618d0d22e03
SHA1 145e6e051209232bbd8fa380de87745bc37a64a9
SHA256 ea6439cb85d3a993b0e11b093428131b39832577f912cfc7c7f319862850d0b0
SHA512 4c450df8617bafdc7d925b5ab2be5fed17cbdb3c35f27da9528826b4744c1f41b7288ea6ed2b1a768401d03c549271a4f2e6a8e6ecf23d69d41d2cf789e35805

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll

MD5 7c0aa9006fbef5bbf87bcaa1d33c0a66
SHA1 5a55f2ae74324d57a047654b7a5456966c6c2b12
SHA256 6cd39828a887302bba0a7231570c150df793dbaa2a0d349dc95102070559790c
SHA512 f72c5c84569684ef1faec9e63c3a22a2d126033c5b819f80d0ee72a15b0e4367d36488a91d85e581b5292961821b1d0a51038e8255f7402cb9cfc47979a8e071

C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll

MD5 7c0aa9006fbef5bbf87bcaa1d33c0a66
SHA1 5a55f2ae74324d57a047654b7a5456966c6c2b12
SHA256 6cd39828a887302bba0a7231570c150df793dbaa2a0d349dc95102070559790c
SHA512 f72c5c84569684ef1faec9e63c3a22a2d126033c5b819f80d0ee72a15b0e4367d36488a91d85e581b5292961821b1d0a51038e8255f7402cb9cfc47979a8e071

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 c39d5283ffc593d0552d254da37d322a
SHA1 d942d1253a45a52180c1ff814d16ebf8284a03dc
SHA256 d4830de819010073e86e06e17224daf90239481a522bc94ece999063c84a9312
SHA512 80cdc4050cd5b266620fda5d20cfec06a3bf954445a98f514ee6567801af33e6a2878f1fb6d79076f3ad8368ab3ca7bad421a5592dfdeef8f97c03aac62e67bc

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ActionsShim.dll

MD5 58149edf4990067b4c1ffe1c32a51a01
SHA1 80c0c8b8def45420159659d2eaad181eb0b05c40
SHA256 67af73f9b49ce113d02d7f2824e45d48044273772c94e6e8c300cf86bf83cb55
SHA512 fe69f4eccaa35b132b7dfc77fae50733398cfa5ab7377f502a50e1bb83be6b81fad26a0a24f6dfbc99dca6e118784f3452edc4a30c11ac161fc0db62b039cb4e

C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll

MD5 58149edf4990067b4c1ffe1c32a51a01
SHA1 80c0c8b8def45420159659d2eaad181eb0b05c40
SHA256 67af73f9b49ce113d02d7f2824e45d48044273772c94e6e8c300cf86bf83cb55
SHA512 fe69f4eccaa35b132b7dfc77fae50733398cfa5ab7377f502a50e1bb83be6b81fad26a0a24f6dfbc99dca6e118784f3452edc4a30c11ac161fc0db62b039cb4e

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll

MD5 1ff50d44fcb92f99dd7af478171e8b18
SHA1 a4d3b41df2173d8363ef99d2cea92cff8ff60338
SHA256 118841f1c274e8dfd94fc6a31f4f2c10df38a71d0fa96c1f3f6453339e20bf02
SHA512 f7df13e47f88cf77797a153cab5aea17d03bd9a9aebd2fa64d49175d3fc820604ba7ce9d43081624dd660fca5bf42eda2ff1309c018bc4ff7e4fd982e14650b1

C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll

MD5 1eff53d95ecaf6bbfffe80d866d8e1dd
SHA1 d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f
SHA256 6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac
SHA512 c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll

MD5 1ff50d44fcb92f99dd7af478171e8b18
SHA1 a4d3b41df2173d8363ef99d2cea92cff8ff60338
SHA256 118841f1c274e8dfd94fc6a31f4f2c10df38a71d0fa96c1f3f6453339e20bf02
SHA512 f7df13e47f88cf77797a153cab5aea17d03bd9a9aebd2fa64d49175d3fc820604ba7ce9d43081624dd660fca5bf42eda2ff1309c018bc4ff7e4fd982e14650b1

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMShim.dll

MD5 f44b6c80c46c4cf3071b5f5b916e1271
SHA1 839f2238ecbbfa80ebf9c1f77eafc78204b58761
SHA256 732523df43358729d5e85cceb557d69016dcdd3e2238d903c33c5327c3131fae
SHA512 99be164ae96bc4f93dc896d5df445ad1c2f023f10605a8c9857d7ebedfc5b070f50cd33b401d61003e601a06b8446e6c0b5dbddda4927a2e1352407d3b266942

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SwissarmyShim.dll

MD5 89a38afcfa758e3298609c6c51929593
SHA1 2df1ee30adc92bd995526e41fd9c823354de30b4
SHA256 4795576483af0c136a71dcee87a0ffb54f0869cae6395ac2ff8312bf555e7161
SHA512 cceaed0b9a7517aebd739a377c7bd8987b9ac357be2bf987dbae31d59f2121c5bb9a9bfa2c70a9a54ad65546ef23903176dd6328d93408cb5c991257d59e2717

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 1b2940d2befbe9f8b0c05d64b4def876
SHA1 b7df4744ba3a5add9d620b0d3bcad28a13331b97
SHA256 d52bc7de7bcf881bdd8c2453db9a8973481029e5929f8260469b3a6fe95da2d0
SHA512 73746b62a098b099e85d9bf8606ec0a983d1544e3d99d983231bea7c854792646379e162fbc34d9fd3f38f7a57a601e51ee682269902ccb6d9d2f6660fe60b5e

C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll

MD5 89a38afcfa758e3298609c6c51929593
SHA1 2df1ee30adc92bd995526e41fd9c823354de30b4
SHA256 4795576483af0c136a71dcee87a0ffb54f0869cae6395ac2ff8312bf555e7161
SHA512 cceaed0b9a7517aebd739a377c7bd8987b9ac357be2bf987dbae31d59f2121c5bb9a9bfa2c70a9a54ad65546ef23903176dd6328d93408cb5c991257d59e2717

C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll

MD5 f44b6c80c46c4cf3071b5f5b916e1271
SHA1 839f2238ecbbfa80ebf9c1f77eafc78204b58761
SHA256 732523df43358729d5e85cceb557d69016dcdd3e2238d903c33c5327c3131fae
SHA512 99be164ae96bc4f93dc896d5df445ad1c2f023f10605a8c9857d7ebedfc5b070f50cd33b401d61003e601a06b8446e6c0b5dbddda4927a2e1352407d3b266942

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Swissarmy.dll

MD5 3486801ce1e8ffc1bbc6d4f097b0f369
SHA1 08f2a85cd07cf1c0d6f27f0d5e7179c2a5cb8600
SHA256 26720d0b669898089a4ab5a6c53203918ec399d227331273ba11169bbe273678
SHA512 81974a79bf4e4086549874ef778e7716713a0107ccce212e9564f3355a26670943845aaba744691d2b68224e06e2f9d9a263e29f4ca7e46e1bfdb507a24656d5

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 a9981394563c7f0a0362b5d796aa248a
SHA1 e96a8fe737e1f40d43e619a3b2b0f3f2ff1d27c7
SHA256 a9b7fc50dee2f1742d14e13902f27d7544c24b2a3bd65cd4280608059d247109
SHA512 a72b95cabe68760770cc5a6cad3f7cbd80c35fa7a2bd0e4a9c21b29c5218cb0a278c9014a446b41d9094beeaabf849a98a5e78b477d714ca8f3bef1bd06247d4

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

MD5 1dc6d344ee9b6b024ba23278891db9a5
SHA1 519b792d11daa2bf9d127f69cdd603a236576e04
SHA256 823e1c7321e177b006c1f3fd1ec8b99607a12d2c3c321f3a6cbbcf7030b6c240
SHA512 fb96c4ede03c3aa729d2ea5a72c5f14029f6d69a79b6e0d5449e371bf3acdbbd1cb2079e8bbac3a3140a257c71018bc7a2a31a45ad5c8b65382e67cc3431ab6a

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 320e83d51efd46f1a10ccca242fd0f22
SHA1 013f9eb83bc9a4a93e639748543f380132a31eee
SHA256 b6765ed8cd9f4d55a004fee33feaf6b57822b9cf75a5422862280dbc14830bd6
SHA512 3339de36c18c912e7854cd779ac7bbf1101b9b122b88fffac8193e6fd5d903daf0bf1223d5bdeeeb74acd58dcc11829d564110241bc044f7dc2f63af75710159

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 5055f502a60af9ecee5756ff30da5bba
SHA1 e3352f379870eebd2d9153fb64bf53c61020b1f5
SHA256 bd237ef5765ee12c5f3cd0cadadfcecb329ff30a67a24713a3d880c093c73c15
SHA512 10a4d51a55c794b8be26f8aac0f1f9c303518f69d55d424009fc3dc891ff2318297d6dc31456aee723712df6eb293caf454b213c3d1d197b6e74be82a55c7264

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf

MD5 0ff3f3ba83e1dc78aa42e205e1a01867
SHA1 0a557f31af77bfccccd9530227d593efb4809fd2
SHA256 9c5dad17bd0878115a88a4c94405fbd9048294462eea474f265ddddedc90771e
SHA512 80543530d28722b926d3aeda4a0c61fc5bea1812e38a3a1b7b84a5a1803c078bc54c32eff23b96766fd5e27301818f105d86235cdddbaa0dc51ac347ed3d7dfd

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat

MD5 83c630f8c1f291b522f2b83fdd2acdc4
SHA1 a56949b27a80a6a205c0aa7945fcb879feadeb2d
SHA256 6dabd76a6688902db5bd63342c1a88dfbd8fee71855ce556b5d26df7420fb20d
SHA512 be56c4da3889f8600f2f7f73fc6ea6a3277195b8ddf626699c4eaeae9f399bbe6d86ce0d9b6fbb5963ac4bdac3acef8e7427f027d9c87aec5750527842d59e3e

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 18ccdf811e90441e187d057ef5313873
SHA1 29dd7fb0d81689059d07ead1951ebe3aaa40f4ef
SHA256 cc70ce96d68485ced4f48623a8996d5e45c8c1330253a0c4c60c063f2d960afd
SHA512 3502b654248ff0bd1f537c6ab36d55d740b205e0bb336492cc4d1a627377de42645114de845400caa9da3be32f2df6b064808fe0c7f12fdb6f14381b5044eeaf

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 6a21162e1c8a9f65787b14bc439eb077
SHA1 1bf68b253edd6cae098144e24e09b4e22178784f
SHA256 8b7990e1c676f53918e41f6b18b20179d77e598352d9243b05e2ea22b2d9e4fe
SHA512 a0dafe66479b9e68ebf04a7e2fa7c7cc352fb075356b7eccebee7af527393711e3cb36c7ff6466a5e28b17d1d003c1c49ef176b448f5de36a7c8177c9c8808c4

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 63e8e4f9f72d1601a2b5702cf6ec04ac
SHA1 c270395147b18023b5e418a835d703bfff43b131
SHA256 dd8595507332ac281bdd2fb559599d47ecabbf38098eeca98b37a3e998e15c16
SHA512 ba53297e972ac2dc01b6d3adcc7b2e882e96e15b0142976b1933c4981358f092665483c7d5b58c20df64fb1fe56263d1aec229a10d3d47f52b8872a138a549f6

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

MD5 836a168103264e523e341727dfdecc7c
SHA1 cf47074d664dada502086edd3bce2309902e2493
SHA256 ce346ac3bc7137727fce50bd116a347f8cb5a3e38adb9045e03e6e2bca8196d0
SHA512 b42d4d7a30e0a7ff1c51c21d5bfc5eeafbdb26ef64692e3dceceb324350f4972d566af96f36ebdadf7142b3cf590689bb50f4345ddba598eb49a66b03108dce5

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 836a168103264e523e341727dfdecc7c
SHA1 cf47074d664dada502086edd3bce2309902e2493
SHA256 ce346ac3bc7137727fce50bd116a347f8cb5a3e38adb9045e03e6e2bca8196d0
SHA512 b42d4d7a30e0a7ff1c51c21d5bfc5eeafbdb26ef64692e3dceceb324350f4972d566af96f36ebdadf7142b3cf590689bb50f4345ddba598eb49a66b03108dce5

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 e535602b1aff56bc0ab82d58b58026c1
SHA1 787bfaa8dd28e6c4f9234c79da80124609c8bd17
SHA256 0eaa8c6cb2b727118de146eb5a013d5ffd4611b239eae6bf581c5acc4d05da25
SHA512 2d36db916d86e74912841447f9c041ada10b0dbdacb4b40b92e9679b6e138c9dadafa13f038b4dec34099dcd648dfaccc8dd7729dd54f95e0cd7a1924e3fa9f6

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 0976e212875889b29b6f5867b7f7df5a
SHA1 a106c54cd9929cf3f61c3087be9ae5db85fd067c
SHA256 33b7289f30d4c187c406f51e4a43276296f0c1feb4f1b443ab9e8e68599c78ca
SHA512 a277b8832bfde93afac735c5ddbf6b33dcd7e5d356bb90fd90b5f01ab2f31e4ecfd5ed36e37576e45c041a187a153fc6f0436e59160e4a76f2b92838939f946e

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 e5bb98e4d7adf79cf7355aeb4a12d3c4
SHA1 c2996909b98b95863d54c6a2f7843e5c05015596
SHA256 1f2ec66c3947802dd97abead84d71bacebf84e4a2e871852cf5291958d45a189
SHA512 f65ec684a21481c66f4571fec4f5cd17fb629fbc4b5fda88bfe00ada30573f3c74313311f5e8a164709824b8033a60fa2ae0f1643d0ee3ba8ae4fd558709aa7f

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 63975f978d2f6b39d0f8e36e861f3241
SHA1 c7cce6e80025f1a1ab2659aa74472f796e3e557f
SHA256 8f3bf391545fcca8e5bd6784a599a4633b50addf7dec1d688e85d0d335202ec2
SHA512 6f3ab350ba9b31c5d99bec646b81af726fdae60f862356b5fca4799e71bd5e74686af87070b71ab0b5293c98c1d058df0cf568475a3925e296a295b46b401c06

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 6a1abb71b5aa5c9e2300a1e91a38b6a7
SHA1 5875a0b9cfb82315cfc8ce04ae27379f60cf4c06
SHA256 2938b7456360480a7889e0474191348d595b17fe8a3c267d8cc39568ca959ece
SHA512 dcb8b65aebbefef5dab25cba67cf69783d2f0d0f9bf963c7d42dbef7231a671b9d628d4e728d3f272b41035885f3ab8d8d093d08db6715f02883b79e838b1895

C:\Windows\System32\catroot2\dberr.txt

MD5 af74a6f9f38b30154c86796b8f144537
SHA1 c9f67d1cb7f8d1e5be48cd9e009a2fff30ded3e9
SHA256 afb7284db691fd7c4cf5a13facc8d79df9017db6a712b76edb682b7117f8c200
SHA512 4494001fe4a9337627e0bee585d94a8d5ffcad4eae50ddb29ee7333ddeefd7bd61cec478cca449f39d304f30d7c3ada7bea259d38de8dfc8bb938d3fb5774925

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 cb279a58c9a7c7770401b01f3921e4c6
SHA1 9a2498bb25b2211623d052815efedf0b10cf6bb0
SHA256 d833f5ec3cf974a69e9c09ab421a8162cd7413c8d4c7c92082e163c3fc9eb037
SHA512 0022aa7a0fc4482f45b841c99ef23528c674cf4b7ca37a649f46dff4f0ecc876915d476990ec76eccf2f7009e2a7e0b80deedd2c72f4b53b070cf7633eabc399

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 2b57c69a6a7db0c41ab192d1109fe90b
SHA1 a4c8096a51e55ad92fcbdc6e217b4eaa3e2a1259
SHA256 f29863b2e2d7e42e200ae4b011893fef7ecfd89160856e11a2009c15b71fe521
SHA512 0b7bf65014cec2015a54f6c4278d161b39a1acd994dfdb3a2b135001024123cec768c8b36c2484be6c266b999d998ac189cb400ea7b010ebfea63b71c1463bce

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 20e3b4003f192e9d7cc508981624c06b
SHA1 a3e6d95914a219045ce38209badbca879f6ed875
SHA256 5525e481fbf3b4ecfc1fdb918ec9129bc43f2dc2c2ff1ec8048d16a75a576c5e
SHA512 e4e3c629ff3ed2381eb9d453972ae9c2bc1a88e47c0a7e7f80097924ee09233d5774e9cdfb234adcc351c36dc167f279344b4b902b70edd1bf9594b57874a16e

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 12f4a2d55aee1ab31f5ed968ffa20d23
SHA1 3153fdb725d94b6c27e37e7a27af827de5d33c1c
SHA256 e88991d4a8e32c653be625ef8a98aea1f8f4a0a6638f34b56f408458c67d477d
SHA512 e4681a4f475ebfe6ac8301bfa7280d558a93add3ec89cbbde46c22e38a09fdce55d9c526321bcbd8792ff6eadcb46a7ebe3c96199e1db77a4d2d13d7402ce046

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.sys

MD5 2152a9aba3407e2cfcaa84e4c20423a2
SHA1 825e79fe98922ac978aee92e243aec0ab44ddd91
SHA256 a7d456c7679717500c4a8968a9ea205107dd6e72c81ba1435777af2bd3bd95d3
SHA512 32c1d5f1ba553848213353a2f39b9971c7ac6818390b1a00d6b23335be8f542665d4ed60202e7ca04a1976141881515833665782cdfa8f69fcb3ef0abfd4f37a

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 3757b24cb01227ceb0a7bc717a74dadf
SHA1 f256cc8f111c2f2f993db41f427686bc1b1a52e4
SHA256 e5ebd2146d55eb87bb905b329abec0243c8c6c48bc5858fe4527795a1e77790c
SHA512 04009aaea4197a00b25eaadc0dced5d7ab2f3a926836a0248657e27de54fc28fcc09cba0ac43f919331dddb577a263a6aa289473d400982cd522847a05cd9c9c

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 efa203f1cef26b534c784dbda97305d1
SHA1 819ca8d4bcd45dd027c4c756d30f5514fb33e225
SHA256 157f846083eaa200bdd466d488008bc25c616b1fa4b0f707a68d0cb23fb4df65
SHA512 2cc3099798044329f9bcb7a4f6c3493c68d7b3a3672bbb80c19d77b47e50fd5118616a54d0740fc209c341a664499a8312649f5974fb9b1d4e5226a775f4e56b

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 21d8b7f30280d07b3dc24f6192b089f4
SHA1 90f03c80e7fa89f3053f29e82d17fad8253f10cc
SHA256 dc05a71bfd8b22a7dde12c403c10f9bf6fe67a7fa2b59c31d67f8cc4f2ad1bc3
SHA512 040c73ccbfde00c1773576256bc236f9ec5f9caadba49714edf7defd170790351011e3430ff74273c5b9cf8f037493db8b4e1ca8f3e8339ef81454b96235dab8

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 ad4fd78e6b141dfbef3cf718ec0ef32f
SHA1 ca28227d30b4bf79f848d72c0f1b537cd697fa32
SHA256 543314717e6acb53484e456d61fc94955612142d5e7ae72d649c2a15b05af25a
SHA512 53011a6cd45abeda76b4c2507c5b65f05e32bd375ea7995ac4f4910f475b0ef1b06de2d8203cc08f7a535e0325cbb312c7896da5a13ef3fdd5b6792365b8a155

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 b7c13db5945afc2bec27a0f16954c792
SHA1 b60b3d02ef14df03c1149779aa6f328c64c9e570
SHA256 f0b7f4a7d4d6a798d3044e379c62550cdbb90b3098af8f3cb01ff97bb2c6d910
SHA512 a658a86d062a985bda46f78c952e79e04aa374b502f406feb2176d4e6128f093328caa2fc7dd65b4265ee1e7919a65ac251ce3120d5dc86ee46ca2f4495eff4b

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 e8d843d2eb592ce08c71d1bb3b26c38b
SHA1 9df3e3ab696b8da678e168857c3d8fbe7f3e6280
SHA256 55f3cc817d01c1b655ef3ebb879b72f8db98c622c9653ed0a7d2bf13c206c2b7
SHA512 6114fd91da8717831f1bcc15405fa42ed4c60d96194b6ff1f81257c108c10cf4690b2510da799d24447bb37bd2650c7506ecd7f017fd31cffe433b5756d8f155

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 f2f84edbc53b6dacc346d386a2d7f4b1
SHA1 930794f8ee12dec57a5be6dacb926da4cb0627ce
SHA256 f625135d484e94c8ba8b9ebd66bed5d86f8802ddee9f95180bd5ac468cc8a350
SHA512 4b4d11b33a584f9c6c6540667210552904c04c69736281d803c26bcde7e685895b8e4a7e036148fb8b87d17f1cef3ad2d7aef1bee99a4f1d0713c51c98dd7c02

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 308d2122e5fedf8bf8f0c719fab4a100
SHA1 d6b8af7902e599e0c858f0a5e14fc9723abdabfa
SHA256 e90501f46962346a09cefb6d6ebcbd4b24269939aa56aa41af41e767419388e4
SHA512 f87fb8935e1b08e66b5032bee78cfd9fb862781a9fffae853c3211ff5bd52d7e85a766046b90cc926baa54af2200179fe058eaa6c7d01780205cbc529ab8d987

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

MD5 6c83cd1c84db1cc5943b81388e0d13d5
SHA1 732ff7eccf8c0caade8f5c79d09dd90bc0d79f2a
SHA256 78ec20d744f04a06113e14cc43c67270710e5f60852b495cb27c301508aadaac
SHA512 0ede8d3d039e3cfa0e982923630652c60d6920bfa5888d4b25a6d2dc29031368c9e9d1a18211fe76173eea2e69633d42a5896d2646894679e4621c20ca7aff6a

C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe

MD5 e8dd943b67fb14caf3f09d6762e25660
SHA1 0414f4cc1157559479b5f2c1d6f452eab14ca2c1
SHA256 683946520fefe89c98edf1fe3b8adf17ae48d0ba0a76782bec8537a6c9c6361e
SHA512 4fd53b35901612fe80d4ca223c99027bded437cd700a90f367234d21fe15690e6626c30525ed9beefb412729f9d8334d72e0a1625ab74596d463a19ca47c8645

memory/2544-5202-0x00007FFF35100000-0x00007FFF3566B000-memory.dmp

memory/2544-5201-0x00007FFF35670000-0x00007FFF35A8E000-memory.dmp

memory/2544-5205-0x000001EC8D110000-0x000001EC8D120000-memory.dmp

memory/2544-5209-0x000001EC8F6C0000-0x000001EC8FB00000-memory.dmp

memory/2544-5212-0x000001EC8EFD0000-0x000001EC8F1D0000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 9914e5ec0250831ab8e5321f5691c5e8
SHA1 cb8984a332c0344050021902b9ae2a7f1c1f0dac
SHA256 18e3fe60025aa35501ddf9cac0a58f452c3cadf422c7f35a7a41dcba6bc80064
SHA512 fef40485da584dea738abd8e7ee355e7e6c6ae5cdde325da6e83dc332953ec2e042c965cbdd666a7faf19e751a8f17639bc986424183ee97785131bf2508a576

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 b16676a4ddb43aa0368d450af0b53da6
SHA1 434dae4d7aac721034c9a169faed3615ced9cd9b
SHA256 c8a9b6c9351c59b802ed570700ba048f0d21f05e814b90662c6d25bc589d35b6
SHA512 641f533db7d3245cf21da79609db544da1cf0fa7db915d1a182ace7895253eeb5a153aaeba0d571e79f83d2f03f66c706fd4e33928175187b8b362c67cf2d370

memory/1160-5385-0x00007FFF35100000-0x00007FFF3566B000-memory.dmp

memory/1160-5386-0x00007FFF35670000-0x00007FFF35A8E000-memory.dmp

memory/1160-5384-0x00007FF76E530000-0x00007FF76FC25000-memory.dmp

memory/1160-5390-0x0000026D41660000-0x0000026D41670000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 a6f9c972c35865bc59d6432a6c6dc12c
SHA1 ee1065b816a96d9d3747e93a502ef972438f9688
SHA256 c1063de65c20583ec451c9487b18787ddef565c9938dfda20a565456301481c6
SHA512 d7f722fbbc45bb755cfe242782e53bfec461e587fabd38366b31e86d1eb1b25b0d8fad5a080204c9a312b9343d39b524a656e76fd35e284704680ca0099272c6

memory/2544-5495-0x000001EC8F300000-0x000001EC8F301000-memory.dmp

memory/2544-5497-0x000001EC8F300000-0x000001EC8F301000-memory.dmp

memory/2544-5493-0x000001EC8F300000-0x000001EC8F301000-memory.dmp

memory/2544-5501-0x000001EC8F310000-0x000001EC8F311000-memory.dmp

memory/2544-5511-0x000001EC8F310000-0x000001EC8F311000-memory.dmp

memory/2544-5510-0x000001EC8F310000-0x000001EC8F311000-memory.dmp

memory/2544-5512-0x000001EC8F310000-0x000001EC8F311000-memory.dmp

memory/2544-5513-0x000001EC8F310000-0x000001EC8F311000-memory.dmp

memory/2544-5515-0x000001EC8F310000-0x000001EC8F311000-memory.dmp

memory/2544-5518-0x000001EC8F320000-0x000001EC8F322000-memory.dmp

memory/2544-5516-0x000001EC8F310000-0x000001EC8F311000-memory.dmp

memory/2544-5519-0x000001EC8F320000-0x000001EC8F322000-memory.dmp

memory/2544-5521-0x000001EC8F330000-0x000001EC8F332000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 4b5ccc8adbe22f4874ef5dc8a2990c9a
SHA1 65b66d21dc4a66e6f456ed954cd417c0371b3cef
SHA256 bf2daa839f3a13944d0d9c61f4abc1f791fc2a2113e9631a1bc40a7af12dbab4
SHA512 55b8b6c5e0c6848cd0ccc9078ef7ac039c1fcf8b253bbfdb3363d913c3970070f3a6544a2eb7566e1146f44d2bf13cda5b0cca06cf4e49dcf561259bf16f66f6

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 5583f7de927ed12c464976bbac078f47
SHA1 b528a5eab94131c41fc7c4993a03937f99700364
SHA256 ee44acda609976ac592937f15fa9afea2f89ca00ce8838866ff140fb33039f3d
SHA512 9a474ed1ea9478b5cd6a66c680cf708f6b3430091db79974cba36ed4254ef603ee8043438e4345f428376f3dd5729ea87b2aa0127344e027c03229dd340ae89e

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 720bf1a2a636462bacb7840d585e2f63
SHA1 05a73197a7004a1dd2ac70018fc93232dc65a16d
SHA256 9cf6d7033f79e7ec8ef1a1d0fa1bf3cc226836fea6d58ba0e98cbb41ed878955
SHA512 f9fbebfd1abbac8c2521cfa28ff01a5ec104c5372726569a3c5bd8d7575893ffa75906753bd9d1063ec25c35311e01e1c6183610396e9509e2d395a4a44dbdc0

memory/3920-5591-0x00007FFF35100000-0x00007FFF3566B000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 d2ca2905c56fad1a8a3c4cedb710b226
SHA1 f604b83c84aa9e1439031f5a545a88be9ece3141
SHA256 88d65f2b71c2feb3837fee3974db0b3d5ab34825f3b96827f99f84de2a1df5cb
SHA512 2a172272f9ed0bc60965ff83e44a265257200d28a995a5fe0a8860bfce73fece2587d3a6216af16433443d0c0baad138f97ab56f0a5f5ba5fc3a234223754899

memory/3920-5613-0x0000027B20510000-0x0000027B20520000-memory.dmp

memory/1160-5624-0x0000026D41660000-0x0000026D41670000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 2bef118eea38fc1a60b47f90b2aa4999
SHA1 a1af184ddb5ae2c3efea575828e62de68bbaaa16
SHA256 326bb0ce49744315a0a197ee2be8ef3d7889c2a0183137012f9c9dc16170cc95
SHA512 8197ddc70a805c9722220efe92ae026f67ac95cfc824d66d76d7afbcedc322a69ee7a8104cc0652a7f09e6cb32f926757b74c60e9ecbe98aa6e978eb7b2f1547

memory/556-5636-0x00007FFF35670000-0x00007FFF35A8E000-memory.dmp

memory/556-5637-0x00007FFF35100000-0x00007FFF3566B000-memory.dmp

memory/556-5635-0x00007FF76E530000-0x00007FF76FC25000-memory.dmp

memory/556-5638-0x00007FFF35670000-0x00007FFF35A8E000-memory.dmp

memory/556-5639-0x00007FF76E530000-0x00007FF76FC25000-memory.dmp

memory/556-5640-0x0000016C93340000-0x0000016C93350000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-ms

MD5 9b688c1cd42bfaf0c472f7b1cd53a412
SHA1 3818b3e561770e75699e06d02a9da7bca3694049
SHA256 09dba785e6a37e2269b87e99906b61a8dedee6802329a41e617cdb3092b4a196
SHA512 8a8ce72e436b83fef5d4312d964486f3f2d9b309c590e4a708fc3d3c204731b1db01d40f990553292c74e50a96c87c3f19fdafcc444eb9e89ca2acc555ccdda7

C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

MD5 0ef56392005686d99189e388badb94a4
SHA1 2c66a2136b517758f61b79144fc1fd55eef29f55
SHA256 39e8c9b41dc29bac6221566e33900e8ab7f04f1547c9a1a69b7550cef924c408
SHA512 816a8313141ea9a54cc24936472bbbdf28a21d3724f9c4c406623f0e38949ad2ea552e2b5f27dafdfef1c348443b73e7b82d6fa396f38c337475771e4a351db4

memory/556-5730-0x0000016C93340000-0x0000016C93350000-memory.dmp

memory/232-5857-0x00007FFF47540000-0x00007FFF48001000-memory.dmp

memory/556-6117-0x0000016C93340000-0x0000016C93350000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-16 10:13

Reported

2023-08-16 10:24

Platform

win10-20230703-de

Max time kernel

647s

Max time network

656s

Command Line

"C:\Users\Admin\AppData\Local\Temp\test.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Users\Admin\AppData\Local\Temp\test.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Users\Admin\AppData\Local\Temp\test.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\test.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 1336 wrote to memory of 208 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 1756 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 1756 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 3488 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 4460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 4460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 208 wrote to memory of 4460 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Processes

C:\Users\Admin\AppData\Local\Temp\test.exe

"C:\Users\Admin\AppData\Local\Temp\test.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.0.1769095693\525875252" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {afd20bd9-0c85-48aa-b6cd-f58a7227f202} 208 "\\.\pipe\gecko-crash-server-pipe.208" 1764 2528e0d6858 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.1.1194289044\294948057" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c952efa5-ec74-4451-9429-043bcab51eb9} 208 "\\.\pipe\gecko-crash-server-pipe.208" 2120 2528dc30e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.2.1503346409\210400" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 3048 -prefsLen 21055 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbb5d6aa-fda0-4847-8ee7-2dcd4f3a375f} 208 "\\.\pipe\gecko-crash-server-pipe.208" 3024 252922ec858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.3.367339332\2099748522" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3428 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1084ca98-c997-423c-ac63-0b573753ee14} 208 "\\.\pipe\gecko-crash-server-pipe.208" 3452 25290b37358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.4.162576551\1317084216" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3dfdd95-195a-4c0c-aecd-79e23ef93ad6} 208 "\\.\pipe\gecko-crash-server-pipe.208" 3772 25283161c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.5.162110592\1421143292" -childID 4 -isForBrowser -prefsHandle 4628 -prefMapHandle 4656 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3b687b3-21b6-49a2-85fd-bbbf3babd4b1} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4716 25290b37c58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.7.570236312\1121716462" -childID 6 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0892161b-3f1f-49ec-a13d-2b4ad03ae819} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4716 252946ca358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.6.101298466\1734529498" -childID 5 -isForBrowser -prefsHandle 4876 -prefMapHandle 4880 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c30d79a2-0769-4e76-8144-e04810e15fb1} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4868 252946cb858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.0.1413823450\1891986387" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dc0b0c4-f414-4e89-bdf9-f8079d1b1c7d} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 1764 17b146d6558 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.1.511606937\2011904631" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {552b8e95-0eb9-4ce4-965d-deeb7897decc} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 2120 17b0956f858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.2.1028359774\1704020351" -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3248 -prefsLen 21055 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ce420ae-1339-45ad-aeb5-68bcbae3172a} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 2792 17b185d0558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.3.434948343\1253193167" -childID 2 -isForBrowser -prefsHandle 1004 -prefMapHandle 972 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ee9c82-294d-4983-b5fc-6d0205481d50} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 3780 17b09562b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.4.1300884846\426975889" -childID 3 -isForBrowser -prefsHandle 4296 -prefMapHandle 4288 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5224694c-a39c-4af6-8da6-a27457ba11a6} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4312 17b1a79f258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.5.1449651103\1629294679" -childID 4 -isForBrowser -prefsHandle 4708 -prefMapHandle 4744 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d390c0eb-b126-49de-a3f6-da88b4c88946} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4724 17b197be458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.6.1920493624\2040117799" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {051436a1-cd42-4049-a001-ea2a0396c1f4} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4964 17b197bf358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.7.1105210350\1699018455" -childID 6 -isForBrowser -prefsHandle 4688 -prefMapHandle 4648 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d72dcb-7649-4110-a482-354d138ed5be} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4852 17b1a79fe58 tab

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE

"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\SubmitStep.xlt"

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" /s /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3aed855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 f.f.f.f.8.f.1.0.2.7.4.3.9.2.0.9.f.f.f.f.8.f.1.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.56.68.3.in-addr.arpa udp
US 8.8.8.8:53 ipwho.is udp
CA 108.181.98.179:443 ipwho.is tcp
US 8.8.8.8:53 126.132.241.8.in-addr.arpa udp
US 8.8.8.8:53 179.98.181.108.in-addr.arpa udp
DE 3.68.56.232:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 7.tcp.eu.ngrok.io udp
DE 3.67.15.169:11273 7.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 169.15.67.3.in-addr.arpa udp
N/A 127.0.0.1:49770 tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
N/A 127.0.0.1:49776 tcp
N/A 127.0.0.1:49875 tcp
US 34.117.237.239:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
N/A 127.0.0.1:49887 tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 push.services.mozilla.com tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 aus5.mozilla.org udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 35.244.181.201:443 aus5.mozilla.org tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 2.18.121.79:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
GB 216.58.208.110:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 autopush.prod.mozaws.net tcp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 34.117.65.55:443 push.services.mozilla.com tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp

Files

memory/4968-117-0x0000000000B00000-0x0000000000E24000-memory.dmp

memory/4968-118-0x00007FFB4FE00000-0x00007FFB507EC000-memory.dmp

memory/4968-119-0x00000000014D0000-0x00000000014E0000-memory.dmp

memory/4968-120-0x0000000003150000-0x00000000031A0000-memory.dmp

memory/4968-121-0x000000001BEC0000-0x000000001BF72000-memory.dmp

memory/4968-124-0x000000001CDF0000-0x000000001CEF4000-memory.dmp

memory/4968-125-0x000000001BE00000-0x000000001BE12000-memory.dmp

memory/4968-126-0x000000001BE60000-0x000000001BE9E000-memory.dmp

memory/4968-127-0x000000001D050000-0x000000001D09A000-memory.dmp

memory/4968-128-0x00007FFB4FE00000-0x00007FFB507EC000-memory.dmp

memory/4968-129-0x00000000014D0000-0x00000000014E0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js

MD5 5523a610bbfb66c2d4a58c3f28732937
SHA1 2362dc6457f6413ad8180eab35e9fcb440321577
SHA256 e287895ddcdcf9fb2d808e200022058b0692bd68b58f6a5f3aa5b0cbbe5d7f27
SHA512 ed7a14608eab78a9c5eb29671dc03d5a1b1cbd73075258d90497e56aec2784d3b8e0104c74af1ab83539d657957e89e1ce6d4a95a092281ce140d7a8dd654d3d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore.jsonlz4

MD5 69aacfde0de086e3f7b7ea6bcce1107a
SHA1 b584397321dff457f51190d18f3188b2a3a365ec
SHA256 ce6c214f924092216ecf61125c432db71c5a9770d210940a3f2313326322df5e
SHA512 8f2ef8e138f1babaf01f6cf7964fd6b07716716100c7fdb1c637ea973b7fc7ca084defd7bad1fdd0166f97696280f744349ef2a3e21adcfd6294a8f9798f3ade

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs.js

MD5 00e76249f8a1a2f8f6950eaf87cf6b89
SHA1 a51dd0545f26a746196cb650a4f0aaaf605d7c96
SHA256 873c86032dc0ee33cd660cba82f6fde8634baff80f79588e1725ee75116f5add
SHA512 4f8c2125910b73423bbb53a780a211e3055b074cb7ac9e88fe74db6bc8ab253322fd96f2474ac2835be4957bf0084e9543b062e4738ca6764b4888a832bfb9cd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\xulstore.json

MD5 05e1ddb4298be4c948c3ae839859c3e9
SHA1 ea9195602eeed8d06644026809e07b3ad29335e5
SHA256 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be
SHA512 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\startupCache\urlCache.bin

MD5 1fa3d6b00e8aa8f8d55f611abf82093b
SHA1 4ada2cc332923850d06972a2abf1108e89c54af8
SHA256 e9d208c0c02474d49986a3304ce9f9183e6632ae3cd23250a148c774a2863c87
SHA512 3d741ae0d7a713e1d00faabd83b5e86289cdfb14d28e430f2b235b8780a4a7fb45bbb91ef1068a8fa3a1af17fb27a589eaf6019989f5a0541af0cca8550680af

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\startupCache\scriptCache-child.bin

MD5 b1c0b3951a7abee30fb0ab72941beba3
SHA1 3d996cedee1d6eb87d144f8e220d41740978247e
SHA256 41edcec5320de0978c90cc2563ad07fd3e1e39b00be164ec27a299885b71299f
SHA512 dc2f9b4b5e4a81d9537d47372763b7570e8dee1b25e80131548ad816c8823424e9e2e298975932ea2d36e680922312cab5e65ee6c5715ba078a4c28d11b8829f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json

MD5 e08ef355498ae2c73e75f5a7e60eada5
SHA1 c98b5ab80782513f6e72d95ab070e1ed7626c576
SHA256 d1a98a30522d1bf882574df5ed2793bba5c4fdf0381788babea0846f6946745c
SHA512 a0550e83ecd1cf632b4e54bf43744ee9f7c0a8dfcf9a043e018c00d4ca0bba606cfcaaa469b204e7c9dffec1f79b91e16cd4f1c94ff512c45d3dd25b7174e859

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore.jsonlz4

MD5 69aacfde0de086e3f7b7ea6bcce1107a
SHA1 b584397321dff457f51190d18f3188b2a3a365ec
SHA256 ce6c214f924092216ecf61125c432db71c5a9770d210940a3f2313326322df5e
SHA512 8f2ef8e138f1babaf01f6cf7964fd6b07716716100c7fdb1c637ea973b7fc7ca084defd7bad1fdd0166f97696280f744349ef2a3e21adcfd6294a8f9798f3ade

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\activity-stream.discovery_stream.json.tmp

MD5 fcf5c7d2400f1bee48933205a70fef1a
SHA1 b7fdc6a64188edc9ebb67c02d8d46e13799d0da5
SHA256 9356caed9848ff6f5beb42402b04beb83238c13212efd5e507b8cdd7a8162084
SHA512 c83fb559a023027435683e189116455ddf33152aaa3de968a53a8ab5fec6ca374c2fe0bb6caed51c50c78bdc171e188b98b2827882df9bc5a6713f058681f095

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\protections.sqlite

MD5 49397db0486dc59d607907a086f40c9b
SHA1 08742ce9db9569062def08e99eea8470702feb7d
SHA256 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4
SHA512 fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\datareporting\glean\db\data.safe.bin

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

MD5 f86cfa7ff661197e3981ce19574758fc
SHA1 8b6cf87908d88975d1cbba435d11268ed1772a62
SHA256 5596b869a647830766fcc5874a565c70590a2fc80ebd8d50e4cb37055a88fcb2
SHA512 74d64e426cc2bca45628d85ecb3a49a503043cecc4c329750a89a197da3b0d14a7da3c7019fb301508c60a92be000d33fb1ab42763be62970d4757a4b5405dc8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\cache2\entries\118BB2BA245AAA64B01692DF29396B97E11FC1A0

MD5 cb075adfcb82f3ae4c195e690068166d
SHA1 86a06b70b04e659793023acba29141df7355a232
SHA256 d1b9677e52ea062883619acfa84b2f6f30a1a996a2ce57e69430f36389930c8f
SHA512 30e574ea1d25c23c1fad91516fefe893624c0adc39c620c4e991203af25032a4fe0f936ffd10e607d134da396b8b439c21fa8eec9e0642ae1e123dc05a13fd37

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

MD5 7bfd85d0318421ea730ce9d3bc60029b
SHA1 561d94d3adb89a9d6d32d26ea7a8b183e36a78d2
SHA256 81a86ea7ef3a9005a5d74c3bd7bbee91ee12273f267f37168cef77eb03877d00
SHA512 baf824823fd8d92c17af051431028ac44c44462d8d9c960643b3e31f5c8141af5d19a949825cb62f58ae16c7b7210bd3d589e4cabf24b50d8ca0c61fe69397ac

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\activity-stream.discovery_stream.json

MD5 fcf5c7d2400f1bee48933205a70fef1a
SHA1 b7fdc6a64188edc9ebb67c02d8d46e13799d0da5
SHA256 9356caed9848ff6f5beb42402b04beb83238c13212efd5e507b8cdd7a8162084
SHA512 c83fb559a023027435683e189116455ddf33152aaa3de968a53a8ab5fec6ca374c2fe0bb6caed51c50c78bdc171e188b98b2827882df9bc5a6713f058681f095

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

MD5 bc599f77a10c3966af802ed338fe4dd9
SHA1 4cd4db1484b716ce6cd0761fe782390f1c954352
SHA256 c1feabd5bf4c9860dabbbbf48150d22ee71ed35115ebd1223306a2e4b3906401
SHA512 7d922be7406851d3bb84478e78136dac2409086fb072383240d1de0c08b4ad524be653d0bfa220e52ebfd4b5839b0c43f3b40e5a444fd393ddc28851a92dcd6e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b2d25afc20aa49453935561f6fef77a7
SHA1 bbc3cf3f2cf1421b845afd057e158db9ef049f5b
SHA256 d6a171589f38f5c71ff6a1a6c4f059b3b8ca19312d152ec12e3529b3f31f34b5
SHA512 eba9cd88576ca33bc06d53df958d10949174b4c5c3ee84b252f95006881f5e5ca5e1d6daa3ef73ae189f31c2ed81f5efde1073159c0323b35cd7e0ea9afd5959

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js

MD5 e292e07c0aaceac299f0bd98a1d004fa
SHA1 c9548323533467bdffdd5424f2163e22406c5136
SHA256 3e4339804c6c75b467d00d74972eb7cbc9f272497948fcd4838d33bda85dc994
SHA512 efc7c8e65eb8217d6327a8636c887ade2aa8025f65b64cbf25eb2b22165b9a79791f2d2a71fcbd88b3a50da8b9d25a643c49bf52c5ce144a2fd3138a4aad130b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js

MD5 43cc207942adcef7c5ea07d3a031d484
SHA1 bdae079e547ee878c22592b42ec5ab8b7c58f4a0
SHA256 1ea2c42c9924ae0c2594c8b260dd981987956ce49443d5c1b148aeaed9a05b9f
SHA512 c59fbb9963757657c96ba6dd1822312da423809947f6d2eb87183df7b16e6c656224c6dc37c30dbee3207b60ed505e3fbda2faeeeb5c05375cc71cdfb293bd10

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\datareporting\session-state.json

MD5 b3975ccb085e6bd4bff124807f1f6ad3
SHA1 5ff9352c6a2275046c0b0da22d4284800def2ea0
SHA256 61a603d24e4ddb9d2d7a7b404c5b14896c84fa2b88f0bc7a848f864c545296ce
SHA512 63df8d9a6af8d7ca3407ec1ff87956bf324f403acf6309fa6eadd5c40937358970376d06842210d268c30659740272fa0a55f1bbec242fcb23559cd5c23b6ad8

memory/208-344-0x00007FFB1DD10000-0x00007FFB1DD20000-memory.dmp

memory/208-345-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-346-0x00007FFB1DD10000-0x00007FFB1DD20000-memory.dmp

memory/208-347-0x00007FFB1DD10000-0x00007FFB1DD20000-memory.dmp

memory/208-348-0x00007FFB1DD10000-0x00007FFB1DD20000-memory.dmp

memory/208-349-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-352-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-353-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-357-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-362-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-361-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-363-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-366-0x00007FFB1A370000-0x00007FFB1A380000-memory.dmp

memory/208-367-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-368-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-370-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-374-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-375-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-373-0x00007FFB1A370000-0x00007FFB1A380000-memory.dmp

memory/208-372-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-371-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-369-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-365-0x00007FFB5D4D0000-0x00007FFB5D57E000-memory.dmp

memory/208-364-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 27766d11f17795d46a68795d9531d594
SHA1 25f5021b53f0adb8909f0f7f5903af44f1ebdd03
SHA256 bb334b5073915f8a77a66f1bf9f59cc6cd95b88bcdba37a7959961d278663a18
SHA512 5ba19a04d579864b6cad1c2f45cd1f67350bb86814516dfd2596691eb5a4b35b81cc9f9a1c421915d7e8e0295ef9c2909202e1e0786a10e1de9c5e88c618c729

memory/208-538-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-539-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-540-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

memory/208-541-0x00007FFB5D4D0000-0x00007FFB5D57E000-memory.dmp

memory/208-542-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\datareporting\glean\db\data.safe.bin

MD5 63b1bb87284efe954e1c3ae390e7ee44
SHA1 75b297779e1e2a8009276dd8df4507eb57e4e179
SHA256 b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a
SHA512 f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json.tmp

MD5 c8dc58eff0c029d381a67f5dca34a913
SHA1 3576807e793473bcbd3cf7d664b83948e3ec8f2d
SHA256 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17
SHA512 b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

memory/4968-567-0x00007FFB4FE00000-0x00007FFB507EC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore.jsonlz4

MD5 4c3b19090d9a45dee42f414bd9caa046
SHA1 4e1e62aa13a26844498611af5c9f18f5bb70fe5d
SHA256 553cccf12d43365fdd55c6d7d2a57179ccb32bc5369de62cabbe559b033b9362
SHA512 274301b0e635cf5535e4a41ae9233c3b874c42fe9cf52691e1a8475a608b2981485d940d84f33fee773a20d0e1e72c5815c204d2241566cea4509bddd0c76ff9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs.js

MD5 185fd0ed8fd796bb50f98518b59cc789
SHA1 b2e4dba350ab3a2579d323ec843b04a078e0dea9
SHA256 3637f7e85787c701d474d47f7db663440a00d30dcaaa9ce32d64f0ea29931ed8
SHA512 6ae3f29c24e9ec5d185fd62830480488abd1e2dc8228cdc0aed6fffb03da6614026ee2447c36ec7db58c0d87bb79de85e7ceb3b6d563640f1426205ed44441cc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js

MD5 c2d4e250cd7a6aa834c5cb69b6301e86
SHA1 66c2103b8538e9d34712b0acaea3e8af9ab2a604
SHA256 4b59ebc97555ee0cec0531ad192ef99add527fc5fcf92371acae095f051eda2d
SHA512 72625eaa4eb8152396769fccfe12027c42f572b290d5b0cfd8db181a78a56aec87117735e507be154d6d8ed206418a946611e86eab3e307e94d48f5032810a7f

memory/208-596-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp