Analysis Overview
SHA256
781ecb1f7366bf4ae82fc447898d1ec82f49a48787dff6b0bfb9a0f69e85c354
Threat Level: Known bad
The file test.exe was found to be: Known bad.
Malicious Activity Summary
Detected phishing page
Suspicious use of NtCreateUserProcessOtherParentProcess
Quasar RAT
Quasar payload
Quasar family
Downloads MZ/PE file
Sets service image path in registry
Drops file in Drivers directory
Registers COM server for autorun
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Modifies data under HKEY_USERS
Suspicious use of WriteProcessMemory
Modifies system certificate store
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious behavior: AddClipboardFormatListener
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-08-16 10:13
Signatures
Quasar family
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-08-16 10:13
Reported
2023-08-16 10:18
Platform
win10v2004-20230703-de
Max time kernel
290s
Max time network
313s
Command Line
Signatures
Detected phishing page
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 3764 created 3268 | N/A | C:\Users\Admin\Downloads\MBSetup.exe | C:\Windows\Explorer.EXE |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\SET3C69.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET4062.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET3C69.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET5E3C.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET5E3C.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET60CE.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET60CE.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\SET493C.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET493C.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\SET4062.tmp | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMChameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LOCALSERVER32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Control.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\ApplicationWindow.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Popup.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\question.png | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_nl.qm | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\MenuBarStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\SliderStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\SwitchStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-21.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-37.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\plugins.qmltypes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\CheckIndicator.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\DelayButton.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-3.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Label.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\MenuBarItem.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\qtquickcontrols2plugin.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\icons.ttf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\TableViewStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\CheckDelegate.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtWebEngineProcess.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-25.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\knob.png | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\TextFieldStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\plugins.qmltypes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\TextField.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmldir | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\TextSingleton.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\arrow-down.png | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-31.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-32.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-34.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbamelam.inf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\ModalPopupBehavior.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Pane.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-19.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\3de760a7-3f8a-4710-87b2-c7f32d5c560a | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\check.png | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\ToolBar.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\ScrollBar.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\plugins.qmltypes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQml\qmlplugin.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\ComboBoxStyle.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\CheckIndicator.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\RangeSlider.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\ScrollBar.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\Dialog.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\ToolTip.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\ScrollView.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_pl.qm | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\AbstractCheckable.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\[email protected] | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\CheckBox.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\TextArea.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\Dial.qml | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\security\logs\scecomp.log | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\WerFault.exe | C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\MY | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8FEFED84-854E-4029-A986-1D7774D4CF7D}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3B42C782-9650-4EFF-9618-91118DF96061}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2A153977-1A37-4EF7-9226-9E128FA51AE1}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F418F2F6-5173-4E4F-80EF-AF21E516C461}\ = "ITelemetryControllerV10" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869} | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A993F934-6341-4D52-AB17-F93184A624E4}\TypeLib | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00}\ = "ISPControllerV2" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.CloudController.1\CLSID\ = "{BF474111-9116-45C6-AF53-209E64F1BB53}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2FB37514-21FA-4B2C-94DA-1562126E9F5F}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{76AD4430-9C5C-4FC2-A15F-4E16ACD735AC}\TypeLib\Version = "1.0" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4EA13DC-F9D2-4DB9-A19F-2B462FFC81F3}\TypeLib\ = "{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1D8E799-D5A2-45B4-9524-067144A201E4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9185897A-76F4-4083-A02C-5FFC2A51F6D4}\ = "ICleanControllerV10" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E32ABD9A-1CBD-44A5-8A62-55D347D3C4F0}\TypeLib\Version = "1.0" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0F2D6C4F-0B95-4A53-BA9D-55526737DC34} | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55E4B8FB-921C-4751-8B2D-AE33BD7D0B74} | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5250E5C8-A09C-4F87-A0DA-A46A62A0EACF}\ProxyStubClsid32 | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2870643-0645-41F9-BCCB-F5969386162C}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{81541635-736E-4460-81AA-86118F313CD5}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DB82CDC6-F12A-4156-8DBF-EC7465B9C0B9} | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E41AC038-1688-417F-BE23-52D898B93903}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E90361FE-F6B5-43E8-99F7-1BD40500981F}\ProxyStubClsid32 | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A3E14F0-01F5-492E-AA97-3D880941D814}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.SPController.1\ = "SPController Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2058A31F-5F59-4452-9204-03F588252FFC}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{61964EBA-D9C0-4834-B01C-A6133F432BB1}\ = "IScanParametersV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4215DAB-7574-44DE-8BE9-78CC62597C95}\TypeLib\Version = "1.0" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController\ = "MBAMServiceController Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4E0F1EE6-E7CA-4BEE-8C08-0959842DA615}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94E6A9DF-4AAB-48E7-8A94-65CA2481D1F6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0B14402F-4F35-443E-A34E-0F511098C644}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{55E4B8FB-921C-4751-8B2D-AE33BD7D0B74}\ = "_IMWACControllerEventsV6" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{34544A67-823A-484D-8E18-371AFEAEC02E}\TypeLib | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00}\TypeLib\ = "{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\ProgID\ = "MB.TelemetryController.1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9442AA1-AEB8-4FB4-B998-BFBC37BA8A99}\TypeLib | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3B42C782-9650-4EFF-9618-91118DF96061}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0F2D6C4F-0B95-4A53-BA9D-55526737DC34}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{09F245DA-55E7-451E-BDF3-4EE44637DFF1}\ProxyStubClsid32 | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}\1.0\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869}\TypeLib\Version = "1.0" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B5186B66-AE3D-4EC4-B9F5-67EC478625BE}\TypeLib\Version = "1.0" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C710FA9-862A-40CF-9F54-063EF8FC8438}\TypeLib | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD6673C7-8E52-46EE-80B8-58F3FB6AA036}\TypeLib\Version = "1.0" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3641B831-731C-4963-B50B-D84902285C26}\ = "ICleanControllerV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AFC6D7FD-62B9-4016-9674-53BAC603E9FC}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DFD7E94-47E6-483A-B4FD-DC586A52CE5D} | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5BA2811A-EE5B-44DF-81CD-C75BB11A82D4}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00}\TypeLib | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A993F934-6341-4D52-AB17-F93184A624E4}\ProxyStubClsid32 | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC97FF29-5CE2-4897-8175-94672057E02D}\TypeLib\Version = "1.0" | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EABA01A8-8468-430A-9D6E-4C9F1CE22C88}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D7A05281-DB9E-4E02-9680-E4D83CDAA6AB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 1900000001000000100000001453ecde791c95bb23a22893e83ab8cd0f0000000100000030000000d746a5bf1663a495fb88bbe77dbce6a325c994a696299331ef4c5afa26c00970bacdd3d3b49db055b6582b5d1a54b7af0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a140000000100000014000000b00cf04c30f405580248fd33e552af4b84e366522000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b05030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0f00000001000000200000006d29dbed0025d7540e14e4110aefa547c48fc75c85e2180b6038f18e126cb74f0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 140000000100000014000000b00cf04c30f405580248fd33e552af4b84e366520300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a0f0000000100000030000000d746a5bf1663a495fb88bbe77dbce6a325c994a696299331ef4c5afa26c00970bacdd3d3b49db055b6582b5d1a54b7af2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 190000000100000010000000f933477d7483263afe071268578f9e420f0000000100000030000000e0da58676e3a50de9d8cb3aa5ffeffdae691ba9705b3abe41a09270d63a3284f58247ce20d354b579eb548755912e833030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be140000000100000014000000d3ecc73a656ecce1da769a56fb9cf3866d57e5812000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0f00000001000000200000006fc4b8ac3d2b52c08baf56255e43d22c762962e4facab01ace16d48ec008be0a0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 19000000010000001000000094ba2a8e68434595d5aff46246c54c120f00000001000000200000006fc4b8ac3d2b52c08baf56255e43d22c762962e4facab01ace16d48ec008be0a0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede161400000001000000140000008418cc8534ecbc0c94942e08599cc7b2104e0a082000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 190000000100000010000000e9fe3f941400b279d238b701cb8c891e0f00000001000000200000006d29dbed0025d7540e14e4110aefa547c48fc75c85e2180b6038f18e126cb74f0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e140000000100000014000000abb6dbd7069e37ac3086079170c79cc419b178c02000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 140000000100000014000000d3ecc73a656ecce1da769a56fb9cf3866d57e581030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be0f0000000100000030000000e0da58676e3a50de9d8cb3aa5ffeffdae691ba9705b3abe41a09270d63a3284f58247ce20d354b579eb548755912e8332000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 1400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b27030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b052000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 1400000001000000140000008418cc8534ecbc0c94942e08599cc7b2104e0a080300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede160f00000001000000200000006fc4b8ac3d2b52c08baf56255e43d22c762962e4facab01ace16d48ec008be0a2000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 19000000010000001000000060e2dc65295f1062e558f3fef235ed3c0f000000010000002000000071b437f087f3700ffd4e2fa46f42b6b810d7bf19adfedf951c023edd65b50b05030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e1400000001000000140000007c0c321fa7d9307fc47d68a362a8a1ceab075b272000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 140000000100000014000000abb6dbd7069e37ac3086079170c79cc419b178c00300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e0f00000001000000200000006d29dbed0025d7540e14e4110aefa547c48fc75c85e2180b6038f18e126cb74f2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 0f0000000100000030000000e0da58676e3a50de9d8cb3aa5ffeffdae691ba9705b3abe41a09270d63a3284f58247ce20d354b579eb548755912e833030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0f0000000100000030000000d746a5bf1663a495fb88bbe77dbce6a325c994a696299331ef4c5afa26c00970bacdd3d3b49db055b6582b5d1a54b7af0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.0.2097140439\1245449122" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d955819-ebed-49dc-9d86-d481c05af8e7} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 1976 21c59bdd658 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.1.472542743\969268322" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 20896 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a4cc899-ff1e-4ec3-b64b-285c3ee9ab79} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 2376 21c59afa258 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.2.781093411\396274647" -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 2964 -prefsLen 20999 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f53f4ae-c0f9-4fa4-bd40-3c28a486a196} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 3136 21c5ddc0f58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.3.1471972689\1175192179" -childID 2 -isForBrowser -prefsHandle 3592 -prefMapHandle 3588 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59a11cfc-db56-4895-abb8-1f278dbe7ae1} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 3600 21c4d367558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.4.819258043\125952070" -childID 3 -isForBrowser -prefsHandle 3988 -prefMapHandle 3976 -prefsLen 26359 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37927d79-4cba-4f75-9638-6832c3bab97c} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 4004 21c5c3cfb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.5.1196762492\1755549934" -childID 4 -isForBrowser -prefsHandle 5068 -prefMapHandle 5092 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a3477ab-8b80-4a9e-95fe-4e3210fed6e0} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 4996 21c6018e858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.6.785849160\501747901" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b58c239-5d58-4c7e-affb-9c4a131b3514} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5220 21c6018e558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.7.1864393452\1397737199" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26418 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6636d982-7e9d-4ef1-894c-c5cce04882b1} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5408 21c6018ee58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.8.6054291\884988114" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 5744 -prefsLen 26656 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bca353d-cd58-41eb-b305-462c5d5791d2} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5772 21c5e82b558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.9.1433745680\2104853739" -childID 8 -isForBrowser -prefsHandle 5856 -prefMapHandle 2848 -prefsLen 26831 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f13c8752-caca-45b5-8914-214be10aa371} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5864 21c613eb058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.10.1489671707\1092353454" -parentBuildID 20221007134813 -prefsHandle 6632 -prefMapHandle 6636 -prefsLen 27096 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36e58a96-66a4-48e2-85d3-86d3459d3c24} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 6656 21c6148b658 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.11.1900729897\2016507144" -childID 9 -isForBrowser -prefsHandle 10012 -prefMapHandle 10004 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a15c93db-49f9-4587-bbaa-e6f297aa111c} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 10028 21c62c47158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.13.1600424536\1121145318" -childID 11 -isForBrowser -prefsHandle 6488 -prefMapHandle 6484 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d768a0f-28c0-47db-8825-3ce293233ed5} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 9736 21c630f1558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.12.1441030122\1933489611" -childID 10 -isForBrowser -prefsHandle 4864 -prefMapHandle 4860 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56d5e775-cd4f-44ff-8351-3c62a0bff7d3} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 4872 21c5fb58658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.14.1371595732\80476893" -childID 12 -isForBrowser -prefsHandle 6428 -prefMapHandle 9832 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bc49322-a931-4b53-a794-76082cebebff} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 9816 21c6383ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.15.1187987794\1123151461" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6172 -prefMapHandle 4000 -prefsLen 27096 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84724cca-7236-4c61-ad52-ab955645b10f} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 6192 21c60e38e58 utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.16.1680565873\1245457093" -childID 13 -isForBrowser -prefsHandle 6556 -prefMapHandle 6560 -prefsLen 27096 -prefMapSize 232645 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26ec5c61-afc6-43f5-9f42-1961ff3908d7} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 9616 21c638f8058 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-1.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-2.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-3.exe
ig.exe reseed
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-4.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-6.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-7.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-8.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-9.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-10.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-11.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-12.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-13.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-14.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-15.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-16.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-17.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-18.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-19.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-20.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-21.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-22.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-23.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-24.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-25.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-26.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-27.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-28.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-29.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-30.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-31.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-32.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-33.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-34.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-35.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-36.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-37.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-38.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-39.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-40.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-41.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-42.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-43.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-44.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-45.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-46.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-47.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-48.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-49.exe
ig.exe reseed
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
C:\Windows\system32\compattelrunner.exe
C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x458
C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe" -trialEndedFreeBenefits
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 1160 -ip 1160
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1160 -s 2452
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3967055 /state1:0x41c64e6d
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status off true /updatesubstatus none /scansubstatus recommended /settingssubstatus none
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.130.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.67.15.169:11273 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 169.15.67.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.211.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipwho.is | udp |
| CA | 108.181.98.179:443 | ipwho.is | tcp |
| US | 8.8.8.8:53 | 179.98.181.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:60412 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:60420 | tcp | |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 44.240.235.3:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 3.235.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eset.com | udp |
| SK | 91.228.166.47:80 | eset.com | tcp |
| SK | 91.228.166.47:80 | eset.com | tcp |
| US | 8.8.8.8:53 | eset.com | udp |
| US | 8.8.8.8:53 | eset.com | udp |
| US | 8.8.8.8:53 | www.eset.com | udp |
| NL | 23.72.252.144:443 | www.eset.com | tcp |
| US | 8.8.8.8:53 | a1281.dscr.akamai.net | udp |
| US | 8.8.8.8:53 | a1281.dscr.akamai.net | udp |
| US | 8.8.8.8:53 | 144.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.166.228.91.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | api.eset.com | udp |
| US | 8.8.8.8:53 | api.gtm.eset.com | udp |
| US | 52.4.210.140:443 | api.gtm.eset.com | tcp |
| US | 52.4.210.140:443 | api.gtm.eset.com | tcp |
| US | 8.8.8.8:53 | api.gtm.eset.com | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.210.4.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sgtm.eset.com | udp |
| US | 8.8.8.8:53 | sgtm.gtm.eset.com | udp |
| US | 8.8.8.8:53 | cdn.esetstatic.com | udp |
| US | 8.8.8.8:53 | sgtm.gtm.eset.com | udp |
| US | 13.107.246.67:443 | cdn.esetstatic.com | tcp |
| US | 13.107.246.67:443 | cdn.esetstatic.com | tcp |
| US | 13.107.246.67:443 | cdn.esetstatic.com | tcp |
| US | 8.8.8.8:53 | part-0039.t-0009.t-msedge.net | udp |
| US | 13.107.246.67:443 | part-0039.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | part-0039.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| NL | 108.156.60.21:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| IE | 34.254.142.64:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com | udp |
| US | 52.4.210.140:443 | api.gtm.eset.com | tcp |
| US | 8.8.8.8:53 | 67.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.142.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | tags.w55c.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| US | 172.67.38.66:443 | embed.tawk.to | tcp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | embed.tawk.to | udp |
| US | 8.8.8.8:53 | dxedge-prod-lb-946522505.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | static-cdn.hotjar.com | udp |
| US | 8.8.8.8:53 | invitejs.trustpilot.com | udp |
| US | 8.8.8.8:53 | dxedge-prod-lb-946522505.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | front.optimonk.com | udp |
| US | 8.8.8.8:53 | refer.eset.com | udp |
| US | 8.8.8.8:53 | front.optimonk.com | udp |
| US | 8.8.8.8:53 | front.optimonk.com | udp |
| US | 8.8.8.8:53 | invitejs.trustpilot.com | udp |
| US | 8.8.8.8:53 | eset.extole.io | udp |
| US | 8.8.8.8:53 | invitejs.trustpilot.com | udp |
| NL | 108.156.60.77:443 | invitejs.trustpilot.com | tcp |
| DE | 157.245.25.14:443 | front.optimonk.com | tcp |
| US | 54.163.62.180:443 | eset.extole.io | tcp |
| US | 8.8.8.8:53 | eset.extole.io | udp |
| US | 172.67.38.66:443 | embed.tawk.to | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 154.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.38.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.245.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.62.163.54.in-addr.arpa | udp |
| GB | 157.240.240.1:443 | scontent.xx.fbcdn.net | tcp |
| US | 52.23.88.72:443 | dxedge-prod-lb-946522505.us-east-1.elb.amazonaws.com | tcp |
| NL | 52.222.139.110:443 | static-cdn.hotjar.com | tcp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.194:443 | googleads.g.doubleclick.net | udp |
| GB | 157.240.240.1:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 110.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.240.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.88.23.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| NL | 13.227.219.28:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 8.8.8.8:53 | gs-cdn.optimonk.com | udp |
| IN | 103.180.115.9:443 | gs-cdn.optimonk.com | tcp |
| US | 8.8.8.8:53 | om-cdn-jfsdk.b-cdn.net | udp |
| US | 8.8.8.8:53 | om-cdn-jfsdk.b-cdn.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | buy.eset.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 13.107.246.67:443 | buy.eset.com | tcp |
| US | 8.8.8.8:53 | acsbapp.com | udp |
| IN | 103.180.115.9:443 | om-cdn-jfsdk.b-cdn.net | udp |
| US | 172.67.11.155:443 | acsbapp.com | tcp |
| US | 8.8.8.8:53 | acsbapp.com | udp |
| US | 8.8.8.8:53 | www.mczbf.com | udp |
| US | 8.8.8.8:53 | acsbapp.com | udp |
| US | 8.8.8.8:53 | 28.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.115.180.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dcjdc5qmbbux7.cloudfront.net | udp |
| US | 8.8.8.8:53 | bd89567e8d1d4727932403fd80578a58.js.ubembed.com | udp |
| US | 8.8.8.8:53 | wc.js.ubembed.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | dcjdc5qmbbux7.cloudfront.net | udp |
| US | 8.8.8.8:53 | wc.js.ubembed.com.cdn.cloudflare.net | udp |
| NL | 108.156.60.38:443 | dcjdc5qmbbux7.cloudfront.net | tcp |
| US | 104.18.10.150:443 | wc.js.ubembed.com.cdn.cloudflare.net | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | udp |
| US | 8.8.8.8:53 | cdn.acsbapp.com | udp |
| NL | 108.156.60.38:443 | dcjdc5qmbbux7.cloudfront.net | tcp |
| US | 172.67.11.155:443 | cdn.acsbapp.com | tcp |
| US | 8.8.8.8:53 | cdn.acsbapp.com | udp |
| US | 8.8.8.8:53 | cdn.acsbapp.com | udp |
| US | 8.8.8.8:53 | assets.ubembed.com | udp |
| US | 18.65.39.4:443 | assets.ubembed.com | tcp |
| US | 8.8.8.8:53 | assets.ubembed.com | udp |
| US | 8.8.8.8:53 | assets.ubembed.com | udp |
| US | 8.8.8.8:53 | 155.11.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.60.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.39.65.18.in-addr.arpa | udp |
| US | 172.67.38.66:443 | embed.tawk.to | udp |
| US | 8.8.8.8:53 | ssitecat.eset.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | udp |
| US | 63.140.62.164:443 | ssitecat.eset.com | tcp |
| US | 8.8.8.8:53 | eset.com.ssl.sc.omtrdc.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | eset.com.ssl.sc.omtrdc.net | udp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.62.140.63.in-addr.arpa | udp |
| US | 8.8.8.8:53 | va.tawk.to | udp |
| US | 104.22.25.131:443 | va.tawk.to | tcp |
| US | 8.8.8.8:53 | va.tawk.to | udp |
| US | 104.22.25.131:443 | va.tawk.to | udp |
| US | 8.8.8.8:53 | va.tawk.to | udp |
| US | 8.8.8.8:53 | eset.demdex.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| IE | 52.18.94.124:443 | eset.demdex.net | tcp |
| US | 8.8.8.8:53 | eset.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | cm.everesttech.net.akadns.net | udp |
| US | 66.235.152.126:443 | eset.tt.omtrdc.net | tcp |
| US | 8.8.8.8:53 | adobetarget.data.adobedc.net | udp |
| US | 104.22.25.131:443 | va.tawk.to | udp |
| US | 8.8.8.8:53 | cm.everesttech.net.akadns.net | udp |
| US | 8.8.8.8:53 | adobetarget.data.adobedc.net | udp |
| IE | 52.49.221.144:443 | cm.everesttech.net.akadns.net | tcp |
| US | 8.8.8.8:53 | 131.25.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.94.18.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.221.49.52.in-addr.arpa | udp |
| NL | 20.31.122.183:443 | sgtm.gtm.eset.com | tcp |
| US | 8.8.8.8:53 | sgtm.gtm.eset.com | udp |
| US | 8.8.8.8:53 | front.optimonk.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| NL | 216.58.214.14:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 8.8.8.8:53 | jfapiprod.optimonk.com | udp |
| US | 8.8.8.8:53 | jfapiprod.optimonk.com | udp |
| US | 8.8.8.8:53 | jfapiprod.optimonk.com | udp |
| US | 34.117.177.207:443 | jfapiprod.optimonk.com | tcp |
| NL | 216.58.214.14:443 | analytics.google.com | udp |
| US | 8.8.8.8:53 | vsb77.tawk.to | udp |
| US | 34.117.177.207:443 | jfapiprod.optimonk.com | udp |
| US | 8.8.8.8:53 | vsb77.tawk.to | udp |
| US | 8.8.8.8:53 | vsb77.tawk.to | udp |
| US | 172.67.38.66:443 | vsb77.tawk.to | tcp |
| US | 8.8.8.8:53 | www.redditstatic.com | udp |
| US | 151.101.1.140:443 | www.redditstatic.com | tcp |
| US | 8.8.8.8:53 | dualstack.reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | dualstack.reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | snap.licdn.com | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | a1916.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | 8117415.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| NL | 142.250.179.134:443 | 8117415.fls.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 204.79.197.200:443 | bat.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | img.en25.com | udp |
| DE | 184.24.21.236:443 | img.en25.com | tcp |
| US | 8.8.8.8:53 | e5763.x.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 183.122.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.177.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | e5763.x.akamaiedge.net | udp |
| US | 8.8.8.8:53 | scout-cdn.salesloft.com | udp |
| US | 104.17.1.41:443 | scout-cdn.salesloft.com | tcp |
| US | 8.8.8.8:53 | scout-cdn.salesloft.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | ws.zoominfo.com | udp |
| US | 8.8.8.8:53 | scout-cdn.salesloft.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | ws.zoominfo.com | udp |
| US | 8.8.8.8:53 | ws.zoominfo.com | udp |
| US | 8.8.8.8:53 | alb.reddit.com | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 104.17.1.41:443 | scout-cdn.salesloft.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| NL | 88.221.25.184:443 | a1916.dscg2.akamai.net | tcp |
| US | 13.107.246.67:443 | www.clarity.ms | tcp |
| US | 104.16.168.82:443 | ws.zoominfo.com | tcp |
| US | 151.101.1.140:443 | reddit.map.fastly.net | tcp |
| US | 104.16.168.82:443 | ws.zoominfo.com | udp |
| US | 8.8.8.8:53 | s786665.t.eloqua.com | udp |
| US | 8.8.8.8:53 | p06a.t.eloqua.com | udp |
| US | 8.8.8.8:53 | p06a.t.eloqua.com | udp |
| US | 8.8.8.8:53 | scout.salesloft.com | udp |
| US | 54.146.165.204:443 | scout.salesloft.com | tcp |
| US | 8.8.8.8:53 | scout.us1.salesloft.com | udp |
| US | 8.8.8.8:53 | 236.21.24.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.1.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.168.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | scout.us1.salesloft.com | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 8.8.8.8:53 | cdn-asset.optimonk.com | udp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| IN | 103.180.115.9:443 | cdn-asset.optimonk.com | tcp |
| US | 34.117.177.207:443 | jfapiprod.optimonk.com | udp |
| US | 8.8.8.8:53 | cdn-renderer.optimonk.com | udp |
| US | 8.8.8.8:53 | om-cdn-assets.b-cdn.net | udp |
| US | 8.8.8.8:53 | om-cdn-assets.b-cdn.net | udp |
| IN | 103.180.115.10:443 | cdn-renderer.optimonk.com | tcp |
| US | 8.8.8.8:53 | om-cdn-renderer.b-cdn.net | udp |
| US | 8.8.8.8:53 | om-cdn-renderer.b-cdn.net | udp |
| US | 8.8.8.8:53 | cdn.linkedin.oribi.io | udp |
| NL | 52.222.139.92:443 | cdn.linkedin.oribi.io | tcp |
| US | 8.8.8.8:53 | d1ni990a184w7d.cloudfront.net | udp |
| US | 8.8.8.8:53 | d1ni990a184w7d.cloudfront.net | udp |
| US | 8.8.8.8:53 | px.ads.linkedin.com | udp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | l-0005.l-msedge.net | udp |
| US | 151.101.1.229:443 | jsdelivr.map.fastly.net | udp |
| NL | 192.29.202.14:443 | p06a.t.eloqua.com | tcp |
| IE | 68.219.88.97:443 | c-msn-com-nsatc.trafficmanager.net | tcp |
| US | 13.107.42.14:443 | l-0005.l-msedge.net | tcp |
| US | 8.8.8.8:53 | 204.165.146.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.202.29.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.115.180.103.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.42.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | eset.extole.io | udp |
| US | 8.8.8.8:53 | w.clarity.ms | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus-e-sc.eastus.cloudapp.azure.com | udp |
| US | 23.96.124.156:443 | clarity-ingest-eus-e-sc.eastus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus-e-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | origin.xtlo.net | udp |
| US | 8.8.8.8:53 | origin.xtlo.net | udp |
| US | 204.79.197.200:443 | dual-a-0001.a-msedge.net | tcp |
| US | 18.239.94.55:443 | origin.xtlo.net | tcp |
| US | 8.8.8.8:53 | malwarebytes.com | udp |
| US | 8.8.8.8:53 | 156.124.96.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | origin.xtlo.net | udp |
| NL | 52.222.139.104:80 | malwarebytes.com | tcp |
| US | 8.8.8.8:53 | malwarebytes.com | udp |
| US | 8.8.8.8:53 | malwarebytes.com | udp |
| NL | 52.222.139.104:443 | malwarebytes.com | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus-e-sc.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| NL | 65.9.86.124:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | d3qkzafivw36ke.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3qkzafivw36ke.cloudfront.net | udp |
| US | 8.8.8.8:53 | 55.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 3.229.81.37:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| NL | 65.9.86.6:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| IN | 103.180.115.10:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | 37.81.229.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| IN | 103.180.115.10:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.169.114:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.169.114:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.28.38:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 114.169.18.104.in-addr.arpa | udp |
| GB | 157.240.240.1:443 | scontent.xx.fbcdn.net | tcp |
| GB | 157.240.240.1:443 | scontent.xx.fbcdn.net | udp |
| US | 204.79.197.200:443 | dual-a-0001.a-msedge.net | tcp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 34.117.39.58:443 | www.upsellit.com | tcp |
| US | 8.8.8.8:53 | munchkin.marketo.net | udp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 8.8.8.8:53 | scripts.demandbase.com | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | platform.twitter.map.fastly.net | udp |
| US | 8.8.8.8:53 | e10776.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdn.bizible.com | udp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 8.8.8.8:53 | platform.twitter.map.fastly.net | udp |
| US | 8.8.8.8:53 | e10776.b.akamaiedge.net | udp |
| US | 8.8.8.8:53 | scripts.demandbase.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 8.8.8.8:53 | fp2c5c.wac.kappacdn.net | udp |
| US | 104.16.126.175:443 | unpkg.com | tcp |
| US | 152.199.2.76:443 | fp2c5c.wac.kappacdn.net | tcp |
| US | 8.8.8.8:53 | scripts.demandbase.com | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 34.117.39.58:443 | www.upsellit.com | udp |
| US | 8.8.8.8:53 | fp2c5c.wac.kappacdn.net | udp |
| US | 8.8.8.8:53 | 38.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.141.123.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.39.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.126.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.2.199.152.in-addr.arpa | udp |
| NL | 88.221.25.184:443 | a1916.dscg2.akamai.net | tcp |
| JP | 23.207.102.218:443 | e10776.b.akamaiedge.net | tcp |
| NL | 65.9.86.98:443 | scripts.demandbase.com | tcp |
| NL | 199.232.148.157:443 | platform.twitter.map.fastly.net | tcp |
| US | 8.8.8.8:53 | cdn.bizibly.com | udp |
| US | 152.199.2.76:443 | cdn.bizibly.com | tcp |
| NL | 216.58.214.14:443 | analytics.google.com | tcp |
| NL | 216.58.214.14:443 | analytics.google.com | udp |
| NL | 52.222.139.92:443 | d1ni990a184w7d.cloudfront.net | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | 98.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 218.102.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 104.244.42.5:443 | t.co | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 8.8.8.8:53 | s.company-target.com | udp |
| US | 8.8.8.8:53 | s.twitter.com | udp |
| US | 8.8.8.8:53 | s.dsp-prod.demandbase.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 34.96.71.22:443 | s.dsp-prod.demandbase.com | tcp |
| US | 8.8.8.8:53 | s.twitter.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | s.dsp-prod.demandbase.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 34.96.71.22:443 | s.dsp-prod.demandbase.com | udp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | tcp |
| NL | 142.250.102.155:443 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 805-usg-300.mktoresp.com | udp |
| US | 192.28.144.124:443 | 805-usg-300.mktoresp.com | tcp |
| US | 8.8.8.8:53 | 805-usg-300.mktoresp.com | udp |
| US | 8.8.8.8:53 | 805-usg-300.mktoresp.com | udp |
| US | 8.8.8.8:53 | dsum-sec.casalemedia.com | udp |
| US | 8.8.8.8:53 | partners.tremorhub.com | udp |
| US | 8.8.8.8:53 | pixel.rubiconproject.com | udp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| NL | 213.19.162.90:443 | pixel.rubiconproject.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | fr-xn.lb.indexww.com | udp |
| CA | 185.80.39.216:443 | fr-xn.lb.indexww.com | tcp |
| US | 8.8.8.8:53 | pixel.rubiconproject.net.akadns.net | udp |
| US | 8.8.8.8:53 | partners-alb-1113315349.us-east-1.elb.amazonaws.com | udp |
| US | 54.145.94.184:443 | partners.tremorhub.com | tcp |
| NL | 13.227.219.83:443 | api.company-target.com | tcp |
| US | 8.8.8.8:53 | fr-xn.lb.indexww.com | udp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| US | 8.8.8.8:53 | partners-alb-1113315349.us-east-1.elb.amazonaws.com | udp |
| US | 13.107.42.14:443 | l-0005.l-msedge.net | tcp |
| US | 104.244.42.3:443 | s.twitter.com | tcp |
| US | 35.190.60.146:443 | id.rlcdn.com | tcp |
| GB | 157.240.240.35:443 | www.facebook.com | tcp |
| GB | 157.240.240.35:443 | www.facebook.com | tcp |
| GB | 157.240.240.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| GB | 157.240.240.35:443 | www.facebook.com | udp |
| US | 35.190.60.146:443 | id.rlcdn.com | udp |
| US | 8.8.8.8:53 | tag-logger.demandbase.com | udp |
| US | 8.8.8.8:53 | 5.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.71.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.162.19.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.144.28.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.39.80.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.219.227.13.in-addr.arpa | udp |
| NL | 52.222.139.114:443 | tag-logger.demandbase.com | tcp |
| US | 8.8.8.8:53 | tag-logger.demandbase.com | udp |
| US | 8.8.8.8:53 | tag-logger.demandbase.com | udp |
| US | 8.8.8.8:53 | segments.company-target.com | udp |
| NL | 65.9.86.64:443 | segments.company-target.com | tcp |
| US | 8.8.8.8:53 | segments.company-target.com | udp |
| US | 8.8.8.8:53 | segments.company-target.com | udp |
| US | 8.8.8.8:53 | 184.94.145.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.60.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.28.38:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 151.101.1.140:443 | reddit.map.fastly.net | tcp |
| US | 8.8.8.8:53 | dualstack.reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.estore.malwarebytes.com | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 151.101.1.140:443 | reddit.map.fastly.net | tcp |
| US | 151.101.1.140:443 | reddit.map.fastly.net | tcp |
| US | 8.8.8.8:53 | 126.132.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 52.40.177.161:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 161.177.40.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 34.225.178.206:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 52.222.139.16:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 206.178.225.34.in-addr.arpa | udp |
| US | 34.225.178.206:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 52.222.139.16:443 | cdn.mwbsys.com | tcp |
| US | 34.225.178.206:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 52.222.139.37:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 37.139.222.52.in-addr.arpa | udp |
| US | 34.225.178.206:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 52.222.139.63:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 63.139.222.52.in-addr.arpa | udp |
| US | 34.225.178.206:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 52.222.139.14:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 14.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 3.208.14.168:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 168.14.208.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | keystone.mwbsys.com | udp |
| US | 35.168.109.214:443 | keystone.mwbsys.com | tcp |
| US | 35.168.109.214:443 | keystone.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 214.109.168.35.in-addr.arpa | udp |
| US | 35.168.109.214:443 | keystone.mwbsys.com | tcp |
| US | 104.18.14.101:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | 101.14.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 104.85.1.163:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 101.15.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 35.81.188.127:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 127.188.81.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | versionhistory.googleapis.com | udp |
| NL | 142.250.179.138:443 | versionhistory.googleapis.com | tcp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | links.malwarebytes.com | udp |
| NL | 52.222.139.26:443 | links.malwarebytes.com | tcp |
| US | 52.200.141.15:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 26.139.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod-www.malwarebytes.com | udp |
| US | 18.239.94.15:443 | prod-www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 15.141.200.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 35.81.188.127:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | lic-iris-content-prod.mwbsys.com | udp |
| US | 18.65.39.7:443 | lic-iris-content-prod.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 7.39.65.18.in-addr.arpa | udp |
| NL | 142.250.179.138:443 | versionhistory.googleapis.com | tcp |
| NL | 142.250.179.138:443 | versionhistory.googleapis.com | tcp |
| US | 35.81.188.127:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | keystone.mwbsys.com | udp |
| US | 35.168.109.214:443 | keystone.mwbsys.com | tcp |
| US | 35.81.188.127:443 | telemetry.malwarebytes.com | tcp |
| NL | 142.250.179.138:443 | versionhistory.googleapis.com | tcp |
| NL | 142.250.179.138:443 | versionhistory.googleapis.com | tcp |
Files
memory/232-133-0x0000000000640000-0x0000000000964000-memory.dmp
memory/232-134-0x00007FFF47540000-0x00007FFF48001000-memory.dmp
memory/232-135-0x0000000002A80000-0x0000000002A90000-memory.dmp
memory/232-136-0x000000001B5E0000-0x000000001B630000-memory.dmp
memory/232-137-0x000000001D690000-0x000000001D742000-memory.dmp
memory/232-140-0x000000001D5D0000-0x000000001D5E2000-memory.dmp
memory/232-141-0x000000001D630000-0x000000001D66C000-memory.dmp
memory/232-142-0x000000001E210000-0x000000001E25A000-memory.dmp
memory/232-143-0x00007FFF47540000-0x00007FFF48001000-memory.dmp
memory/232-144-0x0000000002A80000-0x0000000002A90000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 7db36eda175a2a144fa6bef35768ae08 |
| SHA1 | e16750bd9164e7dfd7b726f919966a17610357eb |
| SHA256 | 6059a6574ac48d6e0deee653427cfb86a65c09a3b371a335c73b1570b6321fe2 |
| SHA512 | ba8ee3514fae3ea12ac293cc33e6019ec43cff9e1879f010a6e2865ae6c4f357611b1733d03ee3f15677f9d1f677878d0e3c1907cb109cbee693c894bc0d5518 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs.js
| MD5 | 8e287a9209e81df5cd9d5cc5ab54aa25 |
| SHA1 | 652b79f12be5d4559599deee014627709e2dea81 |
| SHA256 | bb32c46ed07efd8a7a5ee1649e85a4eaec8120bf48a4bc5d5cb6214978148dd9 |
| SHA512 | 8f8eb81e8db2eda18f9c006c276313a70ff7d6de19a1ed6d4785a851f145f38d6170ca31bf8e16bd1d69ba6755e507d2b4aa7f7a4d973053e30a0ad0ca2fa5e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js
| MD5 | 8bbfc80b9e80a1c9f23dcea48db3b6d2 |
| SHA1 | 61b5c893f6f3c8c93b0231c8f8b7d93b36a06ebe |
| SHA256 | 2281683f9f9bf1314d2af2745a97202ee50478719ff0c320a6e2214f33802807 |
| SHA512 | 5afbfbe3a088a72534088565c253392d6d418f6676aa59973ac4a498746ee279b225d78da2840265d0b42021b706e6b22fd9447399a697c7bacbb00198f8557c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 11a33ae3935eac324e1d93d7a31b3812 |
| SHA1 | 6ce56599cf12ea1d1cc609878a758977bd4fe168 |
| SHA256 | 4a99a254a053876dd5cf2d4ac187ffbb5abc6ffca780d0d1581a9aca57677cc2 |
| SHA512 | 675efa488b805cce362d162f37136a83abe3934088511b40d85c3c7ea3bbb47b4b6f7c8d5229dbce4c2768cea15622937e8d05536385c581018f6a470ddcc427 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js
| MD5 | d0bb5dee31ca0a2e5754c249b204e005 |
| SHA1 | 06ba0110438131b1b7fe9a8f28db4e997b5b1b3f |
| SHA256 | c12edcad492bcfc3c9428816a01bfa7858c44cc21aa2e6665a2b5f865c12ceb4 |
| SHA512 | 3730f64ab2c658b677e825bd2102ae0a7190a0eb4b496bc1803064abf0e1b9c6a3b6239df4d876bc671341dbbcf23c0312443fc74e462b496c9394d65296fb6a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c35394f15361134447c7f37069c2baae |
| SHA1 | 42b44c80315fcf7ed050334973ea28693e5d42f8 |
| SHA256 | 0067ad48444e3f2a317db010e7a919f1432dbda7447713f84ffd29f943de746f |
| SHA512 | b19446de6dda7effb75f68ac8684e56bf761f850a6db930a1a91366084930d15aca3d60317c6056162a626d4e1bcf3f6719d21b62aba310677e1d85d5bc57e49 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\16925
| MD5 | 0a7be00d11af7eafb7d65c71b24485d5 |
| SHA1 | fc047dbc253466f0aefdfb79267ba08c8d59a60f |
| SHA256 | dc65915fc481973d8d3769c7ec21901107ca71c2feda6fca50b208944200752d |
| SHA512 | f8af27b2d49f82cea5ba6d14b14a6af677f10f89855eac36fdaf4d1655f5dcea947ceb81bcc5842859127121dca9166711588de4fc7428778129ef368ac05ac3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\46be7tph.default-release\cache2\doomed\655
| MD5 | 8e25280268734a7d0e778de340c56851 |
| SHA1 | 1069376dd533edfe1d2804229e02ee12bd010af2 |
| SHA256 | 456ebdf4dc706b0fe058e2828e7abe1df13f1f49754a40958863141430c26d01 |
| SHA512 | 995caa1daf6b8b4eaac8484041ce81c69349b3ce5716e050c8ebd297d16cc6f7c5a9c1cc32010602c2c67009774a1fd9bc83b82e8195a63c08ef719e6eedcd0d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 046f3ab5972042295ece470518245175 |
| SHA1 | 521d2113fb9a12242bf10123d381275840dd35a6 |
| SHA256 | 2cc81743d7af46b940414d9b13b6ddaabd28181a6d50820c4c616d6620af3f5f |
| SHA512 | b6aa6f2a5feb915327a76a3e1a6e65ffe401ab7ad2958e8bcc710c90c47055ab99a5389c116363c7446ed7b64fd81e65bb4a43ecce1ef5b170878a4cc19b9853 |
C:\Users\Admin\Downloads\MBSetup.ozw-8ZLE.exe.part
| MD5 | 1e885823577394ea61ea89438ffe2954 |
| SHA1 | e53e96f7374790bdad8a614949b398b055c3a27b |
| SHA256 | 7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c |
| SHA512 | 73f600833dad0047b6444110d722dc95237b38bb486abc7fc8e4f59b69e2154c885fb46d65f488d5139a0b6e76ebde33ea72711c7f58436650ef992fb8995627 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\sessionstore.jsonlz4
| MD5 | 67b5cc981fad5e766141ce67d99145aa |
| SHA1 | 5789e6575f62569184f9e86c15179313a26107c7 |
| SHA256 | 49ae6fbe90763c4d3c468bca5397a7307e1f6f61e5b04e3092de9ed3574a5b24 |
| SHA512 | 234a8435adb1778f3e6f194d14e30f8bdd25ad1eb52c048d5a7212221f3cdb6e208816c3ecec3140ae722c2efbba4e40eb73afed4abd7abc6e2088143b576f6e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\46be7tph.default-release\prefs-1.js
| MD5 | dc7cd6e6697527818a3fed12a4b6f1a7 |
| SHA1 | c1d032e24c89dc0a7adf04b4bff86b9185646095 |
| SHA256 | 042142a9a3c9a2d4c965a1a3f3b7c91c10def76a2d5b5666ea514155ea9c0c5f |
| SHA512 | 374596d0550464c38c8fc5db1e9168f9cb6c9515586dc9fdc98c79b89f072415322b76000ffaeee57c4337b1ba205ba77a3f58ef99708cb5876e66652641d15b |
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | 1e885823577394ea61ea89438ffe2954 |
| SHA1 | e53e96f7374790bdad8a614949b398b055c3a27b |
| SHA256 | 7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c |
| SHA512 | 73f600833dad0047b6444110d722dc95237b38bb486abc7fc8e4f59b69e2154c885fb46d65f488d5139a0b6e76ebde33ea72711c7f58436650ef992fb8995627 |
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | 1e885823577394ea61ea89438ffe2954 |
| SHA1 | e53e96f7374790bdad8a614949b398b055c3a27b |
| SHA256 | 7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c |
| SHA512 | 73f600833dad0047b6444110d722dc95237b38bb486abc7fc8e4f59b69e2154c885fb46d65f488d5139a0b6e76ebde33ea72711c7f58436650ef992fb8995627 |
memory/232-915-0x000000001EB10000-0x000000001EC14000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | 7b63a1e09ec588a4b3f0c234e8a2e878 |
| SHA1 | bc30968eca0a1d0bbd91af5093df772fd100c7b6 |
| SHA256 | e9390428bbf48825304080a593c66d78ff63cefe049469f82aa7fbd008f57d56 |
| SHA512 | 331294bf7342443fa795fcf6c3e6e66335b3fd997a0ac51b6dcae4c011dcd84446691174ff90eabb65599a405a05d2cc08c7ef6c6f5042e6c8a0b30b60a86a31 |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\7z.dll
| MD5 | ab8f0c1a37c0df5c8924aab509db42c9 |
| SHA1 | 53dba959124e6d740829bda2360e851bcb85cce8 |
| SHA256 | 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5 |
| SHA512 | ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\7z.dll
| MD5 | ab8f0c1a37c0df5c8924aab509db42c9 |
| SHA1 | 53dba959124e6d740829bda2360e851bcb85cce8 |
| SHA256 | 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5 |
| SHA512 | ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\MBAMService.exe
| MD5 | e7d1bfbee9a8fca1d3df7dfc6fa1d629 |
| SHA1 | 17decad12027a58e7408cbc994394c705f909630 |
| SHA256 | 75f5d1db040c215957c848981101f1194e6502cb064c599f59a8202b137121ba |
| SHA512 | ce83d2f259e99b133ee3577363e9cad5a22e2e81107dd822a1ea8a44d8935e52f3737aaf1d1bcba5335dd120aff8fbf7fb3387c7811ba7198d806665813cab60 |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | d37afb15fedf2a6b5a79facfc6338da8 |
| SHA1 | f627e9a634c983a9c3eaadd5ea3ba605394d71b6 |
| SHA256 | bf6e11d2961738509407f1213a43990803aa6337bfb67cc353c3812a3c7f2b89 |
| SHA512 | 293ca9d8ee175052a75c94699a2027eed153fdba49640089fd74b6c9f6b2c8dffd00d3f9567a352bdac1c38f0343122b95c536fce04d05aed6420f34e25799b5 |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qml
| MD5 | d8c9674c0e9bddbd8aa59a9d343cf462 |
| SHA1 | 490aa022ac31ddce86d5b62f913b23fbb0de27c2 |
| SHA256 | 1ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7 |
| SHA512 | 0b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82 |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml
| MD5 | 829769b2741d92df3c5d837eee64f297 |
| SHA1 | f61c91436ca3420c4e9b94833839fd9c14024b69 |
| SHA256 | 489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0 |
| SHA512 | 4061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521 |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | 4c36f0ee008ed9f02f20c940a30ddd0c |
| SHA1 | 2b3ca5c4dec9a12e58e15fb4a4c80f54bf6de22e |
| SHA256 | e0cf5c24aeae65dfeb91485d55ac5e04ef7379e1e0805bd799ae1c248c226186 |
| SHA512 | 7c27e43139c02a067015f7d23cba113dcf7e3f2203e21c8036cad229f3d9694bd59a3a5032151ad0a2a7ab33431aee7880b676c672541defa568f22715ac9729 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 7113ebca1bd77c38757d0475439c937f |
| SHA1 | c6eb88111e69d13a3f5789dd5304b88f61190997 |
| SHA256 | 8059699fc5567a9fe5a0b857095cb5fe2c8b24eb5990f3821998ee3c06129805 |
| SHA512 | 0e1d5d03561f042aaf9db134f9bc4e5688061760e3770085c2faf0e90919b3f9d0ade7d55ef0785935c115c2c117ce880025d7837aca44e5e561882328be5c1e |
C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.dat
| MD5 | 74c6677020fc6b6c867aab117078bf5f |
| SHA1 | 8c46db37dc0b39eb963d4144539c8b591e122400 |
| SHA256 | cdbb9bc874d71e154c71b68b1fe959913d286036dac11e226e5620c919ba9708 |
| SHA512 | 3f9db8d9bb25322f8d8e750750bf92dbe6ac63d686eced65cddfcd61178cf0e947118a491058414d4d2cbb4892e39815565669aee0dfdda23aece72d278292d0 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 9b187892016909b91fdf819888e4309d |
| SHA1 | 80a85b19dfd4c1bfe9093eddaef92f3e46b48223 |
| SHA256 | 2b617693e1ceb443160beb85094eab7938a2a920ed3ad313f3e10fa29bc7ae5f |
| SHA512 | e107f0e22af501679346235546f4d2be77841ab6489be8cfd16b5f9ba7a53016310a4511f65b3e2966ff43e8bdfe7dff25441fa4ff74590e3e5c29f478954494 |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
| MD5 | e7d1bfbee9a8fca1d3df7dfc6fa1d629 |
| SHA1 | 17decad12027a58e7408cbc994394c705f909630 |
| SHA256 | 75f5d1db040c215957c848981101f1194e6502cb064c599f59a8202b137121ba |
| SHA512 | ce83d2f259e99b133ee3577363e9cad5a22e2e81107dd822a1ea8a44d8935e52f3737aaf1d1bcba5335dd120aff8fbf7fb3387c7811ba7198d806665813cab60 |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
| MD5 | e7d1bfbee9a8fca1d3df7dfc6fa1d629 |
| SHA1 | 17decad12027a58e7408cbc994394c705f909630 |
| SHA256 | 75f5d1db040c215957c848981101f1194e6502cb064c599f59a8202b137121ba |
| SHA512 | ce83d2f259e99b133ee3577363e9cad5a22e2e81107dd822a1ea8a44d8935e52f3737aaf1d1bcba5335dd120aff8fbf7fb3387c7811ba7198d806665813cab60 |
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTempf330e3e13c1d11eeb1a74a365b746f85\servicepkg\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
| MD5 | e7d1bfbee9a8fca1d3df7dfc6fa1d629 |
| SHA1 | 17decad12027a58e7408cbc994394c705f909630 |
| SHA256 | 75f5d1db040c215957c848981101f1194e6502cb064c599f59a8202b137121ba |
| SHA512 | ce83d2f259e99b133ee3577363e9cad5a22e2e81107dd822a1ea8a44d8935e52f3737aaf1d1bcba5335dd120aff8fbf7fb3387c7811ba7198d806665813cab60 |
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
| MD5 | 16663d125398773a90d0a53333b7cf5e |
| SHA1 | f92928ae3c9292588547ceaca1cb1d372bfd7936 |
| SHA256 | 38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc |
| SHA512 | 091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 9b187892016909b91fdf819888e4309d |
| SHA1 | 80a85b19dfd4c1bfe9093eddaef92f3e46b48223 |
| SHA256 | 2b617693e1ceb443160beb85094eab7938a2a920ed3ad313f3e10fa29bc7ae5f |
| SHA512 | e107f0e22af501679346235546f4d2be77841ab6489be8cfd16b5f9ba7a53016310a4511f65b3e2966ff43e8bdfe7dff25441fa4ff74590e3e5c29f478954494 |
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
| MD5 | 16663d125398773a90d0a53333b7cf5e |
| SHA1 | f92928ae3c9292588547ceaca1cb1d372bfd7936 |
| SHA256 | 38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc |
| SHA512 | 091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
| MD5 | 5471d57066b9c30fd2ded9353ef0cf85 |
| SHA1 | 21d231c088ac7e983f0d620c3f172fa0fa373e3b |
| SHA256 | 1454ea0493b479bff5c3e27a7600d24f61d107451c05902cc6dff4abf86533f0 |
| SHA512 | 1409a79e6b35253f3276425de518eb760623065c2c6290fffba3fa9b75675b7456b7cd535c54b7a4b9ca3cc5f5df9231727d2d531e9e824e7192c4e03ce23b83 |
C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll
| MD5 | 5471d57066b9c30fd2ded9353ef0cf85 |
| SHA1 | 21d231c088ac7e983f0d620c3f172fa0fa373e3b |
| SHA256 | 1454ea0493b479bff5c3e27a7600d24f61d107451c05902cc6dff4abf86533f0 |
| SHA512 | 1409a79e6b35253f3276425de518eb760623065c2c6290fffba3fa9b75675b7456b7cd535c54b7a4b9ca3cc5f5df9231727d2d531e9e824e7192c4e03ce23b83 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 0aadb1b6b0fcff6dc7b4a946abf181f1 |
| SHA1 | 0191472c05c786e0c51f290900e009f2787ad80b |
| SHA256 | 026be320cbb83c79639b46bbda967dd2c4d95082a932ea91ee850f68fa77a116 |
| SHA512 | 97d1a2eee8092068fa459ffd3483771d97520f564dd840dc4f36fed9ce4b9151f642eb341ccfe5f0932806f2f65a1ed7134bd8032ae0fded9ad1df3a0bf4b5b6 |
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll
| MD5 | 1e102c36c622f1a221f9c7af8a96a6c2 |
| SHA1 | 0e350dfa57a7c2c8d4daddc77d4b9da539a917c9 |
| SHA256 | 0be22af897b18d15f739363d32ffdcd5f4cdf1e0973dd1dffb949ac3b64e2dca |
| SHA512 | 4c3262d53c9e9508dcaf70bf58c5c9a2b501274fabec186533e21ae6e988d0f54518672b60909901de79c5ade2f6b1d8d7bdc0b29b9150c94e7a28a3e85ef818 |
C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll
| MD5 | 1e102c36c622f1a221f9c7af8a96a6c2 |
| SHA1 | 0e350dfa57a7c2c8d4daddc77d4b9da539a917c9 |
| SHA256 | 0be22af897b18d15f739363d32ffdcd5f4cdf1e0973dd1dffb949ac3b64e2dca |
| SHA512 | 4c3262d53c9e9508dcaf70bf58c5c9a2b501274fabec186533e21ae6e988d0f54518672b60909901de79c5ade2f6b1d8d7bdc0b29b9150c94e7a28a3e85ef818 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | f782ef057fc2e4a54c9f424413f277ae |
| SHA1 | 2a23622ec49268500afe42d9174ac86844f7298b |
| SHA256 | d620750c3fcc3f858e391996d1c37c1e7066c8133f0f16750db95d4a761ad6c1 |
| SHA512 | bb2dc0e456fe4d4820fbb8ba07b0935325b325a1ff4093e5a686088c2d44ae746b6c7c6a3ddceaacbd2cfa4cdd41341c2c70218e2eb67cceacd6cb395c43ca1a |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
| MD5 | 900c4c891467f8561e45d802b5de80c9 |
| SHA1 | d648fb40dabd2f349b90f5850ed37f0bd445ce17 |
| SHA256 | 632ee57df24f41fd26d0a54d8049a3b259c10dc932353c37d0e252aa495f1482 |
| SHA512 | c6421008402c9da4b20fb61e3c6ff8bdc9bba85c8ca6dd75ce8ff38f2003cf2814fbed475a8fd555e6ee7e3afbd1e4d394b76f1e4d4ba032be0ec09ad33589b3 |
C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll
| MD5 | 900c4c891467f8561e45d802b5de80c9 |
| SHA1 | d648fb40dabd2f349b90f5850ed37f0bd445ce17 |
| SHA256 | 632ee57df24f41fd26d0a54d8049a3b259c10dc932353c37d0e252aa495f1482 |
| SHA512 | c6421008402c9da4b20fb61e3c6ff8bdc9bba85c8ca6dd75ce8ff38f2003cf2814fbed475a8fd555e6ee7e3afbd1e4d394b76f1e4d4ba032be0ec09ad33589b3 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 560bb35aa14891dce8612000767ff76e |
| SHA1 | f6110d8e21d3e11eb1fae5339627a0dc836133d5 |
| SHA256 | 5485329acb9cb31294057e5790eb0a312761e21ad4682cab9f0e866508eaeddb |
| SHA512 | 519402a89996f11c225f2a5cbd90ec9337f43bc3643d73a054ddcf7702a237bbf96e8fe0602e145d30941ef99f4a5231f67360cc8485dce2c8e1cf41b8a0fa88 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat
| MD5 | a743d971af1154e28229e810c933d2f9 |
| SHA1 | a370169afcd9c216a81674a808d47583312e0345 |
| SHA256 | 4effc6f504bfae784a33616e8337962f49ba2c2e34e23aa08bc991d6dc4e28dc |
| SHA512 | 43427859b2672e88c1771481145f729ef4e8b7d3dfcba9e5195100a890a3d9a52b1b0d6a1d7d390faa06dbc25d4f713495e82156df972de428adeb0dc826ad66 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\version.dat
| MD5 | 7113ebca1bd77c38757d0475439c937f |
| SHA1 | c6eb88111e69d13a3f5789dd5304b88f61190997 |
| SHA256 | 8059699fc5567a9fe5a0b857095cb5fe2c8b24eb5990f3821998ee3c06129805 |
| SHA512 | 0e1d5d03561f042aaf9db134f9bc4e5688061760e3770085c2faf0e90919b3f9d0ade7d55ef0785935c115c2c117ce880025d7837aca44e5e561882328be5c1e |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 307c74fa2b524c37c9dfa1417334e5a5 |
| SHA1 | e9ab3def1f56147d2e8db14fb486fae31ef815b9 |
| SHA256 | 4dedcfb5600e585946c62bd082b2489b0d48353a1e1a5e4583eb9d1afd8e672f |
| SHA512 | 1ed96abbacebba06c2cb6636f4f98f37d14189b44b3bbef362bfd051a8bb009aa2fd756ed284d666465c07aee8d92b4762a2cb15d63d9f77e033da05805267f4 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 314e0f9ce244c7b56723f4b43cd3e99d |
| SHA1 | 23de5486f84f35d77b05e0d746507a702db49c89 |
| SHA256 | 0bb273d0841828a2ec2cddbd0a21743fac229a79e3bda1f5bd40cce6b918b3c0 |
| SHA512 | 5f5cb9f8b257049ae783ffbe5e1bcfa15df80746f2a4afdd904419e288736105485abd9545b63d9b4718280902cd11941a1d75ee085073612a48219052d1824d |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | dc09f1254e56dec774db342fbec3bb4c |
| SHA1 | e292cf9b6321b10c44d6458f69fda97163604961 |
| SHA256 | cb420e61a50309c695261e3a941a88591b47b1b7004445758d84cdaf66b8a251 |
| SHA512 | 81531123a70f7975e824704263db1edad8e00b4162aa9944f156122a4f10a1e8dc3f0b2b7aeebae55700bf363f8466deb7dc9ab9d09587f63bc65b04749211e4 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | a743d971af1154e28229e810c933d2f9 |
| SHA1 | a370169afcd9c216a81674a808d47583312e0345 |
| SHA256 | 4effc6f504bfae784a33616e8337962f49ba2c2e34e23aa08bc991d6dc4e28dc |
| SHA512 | 43427859b2672e88c1771481145f729ef4e8b7d3dfcba9e5195100a890a3d9a52b1b0d6a1d7d390faa06dbc25d4f713495e82156df972de428adeb0dc826ad66 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb
| MD5 | 7be32de455a071f60a4e7a88a0727108 |
| SHA1 | 790b63e246aad713a976c4093e6fa3fcd65af7ca |
| SHA256 | aac1e00d672f36d9cf49ae90a427f15d60a6a475c5421dbc758b972fc1fd9898 |
| SHA512 | 9c260a9a6e18b26a5a0976f32dcd7ec3456412419739f6314e723a058a3fa7c781f393547c3b94cbf8ae042fb583e91f1c3b01f1873817e2e9b3cfa01f1c5222 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb
| MD5 | dd77c16c7d4affdfdf63bd121135856b |
| SHA1 | 3f1cbfa96fe50e2331867ca3b9d2f2044bb125e4 |
| SHA256 | 0f25e0d43988fadbed5977ae6266ce5c96b440857b94cb24c160006e548a6ec7 |
| SHA512 | 82b4b9a69ac69ba85aa1edd85966b773d19a0a27e3389b38ef98eb98fe9179d16f5a93a433ff465e71d6f089d6c37b31867a0ce1acb9df571a0f4891a03ca240 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat
| MD5 | 09a176c75b2751aeca9a07b87e6515af |
| SHA1 | dd8cea2515fb3e600a9328836b7a020e6aa47881 |
| SHA256 | 9f64c6e9d4e783b2d675a7f16e50c8aa7c5fccb2e15327ad833a97ac412f3d18 |
| SHA512 | 36240c333bc2c1782d3631226e935b281515c2dfe4204d21f7a1484a4e4528f4239e9f39e1512b19a9986b4eedbc47d30ec973624bfa2ad5cceca12645a2f184 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat
| MD5 | bd4b80350c5d6cdc08a7cba1168b6400 |
| SHA1 | 6dd387816d1b998468bf44a736e8f218081d633b |
| SHA256 | 6c768fe0183f36f50aaccc1661ba8e4bbb68cac0a23e447cee17c7c7dc3a35a2 |
| SHA512 | 37819ac7aa8439a20bbae0ddd3b2e8e2ff42c6a286993effe76dcb72b7923d77937d4fe3b3493846ad9654d13b9a0abfb28649c208b2d05921a5f54179b829ae |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 5e5272cfda4a728ce2db55e92638a05e |
| SHA1 | 18597556649416815ae422c6252b27c7d497b89d |
| SHA256 | 2f70362b69ec445516c39e525d939844614a858eb0f2796e44285361949f1671 |
| SHA512 | 9357a12329d4635b26d0c190a2774f769e796989a0a86651f79a19944457c3d3ebbe996642d77df852224a529329aead072cca0fea1a6d37efe57f4ed0f86d7e |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb
| MD5 | 1113a9bff6389f47a020fca74dd03c59 |
| SHA1 | ecf5c9c3b209d94d053b919ee7a737cfb25a88f8 |
| SHA256 | 47422f50e07dd29fdd9290bec8ddc08e6a411665b2c7ee0d3f157b454f6fdefe |
| SHA512 | 0911d2f269be06cfaa46a1b3af88225a7b43f72e01d3c156b9f2f5ea83e624ef58c7a60b46242ecba9ff15be36cef3d6ba0027a55afc1e2ee05bbfc1386019d5 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb
| MD5 | e0d88a95bf85ea2c9f01d481c03dda53 |
| SHA1 | 3b911e380a1129e95582dab6956d264d14a899dd |
| SHA256 | 0acce254ae62bc041ece730e7b14e901ce190a9f5936002b2744d68b46080c30 |
| SHA512 | e802ae1f9552ed6e41eab78b2ff9ab93ef12d1fb38a52faad8172923857b638fac15f2fc594c2cf77573b5b364ece7a6da3d4c28b0aacd1295a0e6add30bd01a |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb
| MD5 | aa375408cc73107df5f7f47a693a5717 |
| SHA1 | 9cfec1291dcbe306f2fed5e83c6c6d5d4abf4a9d |
| SHA256 | dcce80053dd72a8ad7a19d1bbf784f0b795c1e9389204003d221a13b37355909 |
| SHA512 | 65430d24e6ea0914dd4e32c09114a2924b1223bbe215ad940a8b4c1507a92a07fd5d7f769a1de6cce8b9303e931c2d78f7a0e48bdf8fdaaa3f5baf94f8592eda |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr
| MD5 | e59b9d344dc47e24bbd046e9ddfcecf3 |
| SHA1 | 15837e283a6a779af5a967ae7233fbef5de9b1ed |
| SHA256 | c8e27509ae33d681409e7a710cacc8f6d23b8687aac6a17281f4832f295359a8 |
| SHA512 | ebea63038b7ab7675be161cf44a8f00a18984ffbfe33317b9ff29ee0793db31ece1cc8810dc8f3bd1ee2a1f701833e95cfd1e67bee4b7925958cdff32c27501b |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | 1113a9bff6389f47a020fca74dd03c59 |
| SHA1 | ecf5c9c3b209d94d053b919ee7a737cfb25a88f8 |
| SHA256 | 47422f50e07dd29fdd9290bec8ddc08e6a411665b2c7ee0d3f157b454f6fdefe |
| SHA512 | 0911d2f269be06cfaa46a1b3af88225a7b43f72e01d3c156b9f2f5ea83e624ef58c7a60b46242ecba9ff15be36cef3d6ba0027a55afc1e2ee05bbfc1386019d5 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | e0d88a95bf85ea2c9f01d481c03dda53 |
| SHA1 | 3b911e380a1129e95582dab6956d264d14a899dd |
| SHA256 | 0acce254ae62bc041ece730e7b14e901ce190a9f5936002b2744d68b46080c30 |
| SHA512 | e802ae1f9552ed6e41eab78b2ff9ab93ef12d1fb38a52faad8172923857b638fac15f2fc594c2cf77573b5b364ece7a6da3d4c28b0aacd1295a0e6add30bd01a |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | aa375408cc73107df5f7f47a693a5717 |
| SHA1 | 9cfec1291dcbe306f2fed5e83c6c6d5d4abf4a9d |
| SHA256 | dcce80053dd72a8ad7a19d1bbf784f0b795c1e9389204003d221a13b37355909 |
| SHA512 | 65430d24e6ea0914dd4e32c09114a2924b1223bbe215ad940a8b4c1507a92a07fd5d7f769a1de6cce8b9303e931c2d78f7a0e48bdf8fdaaa3f5baf94f8592eda |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | dd77c16c7d4affdfdf63bd121135856b |
| SHA1 | 3f1cbfa96fe50e2331867ca3b9d2f2044bb125e4 |
| SHA256 | 0f25e0d43988fadbed5977ae6266ce5c96b440857b94cb24c160006e548a6ec7 |
| SHA512 | 82b4b9a69ac69ba85aa1edd85966b773d19a0a27e3389b38ef98eb98fe9179d16f5a93a433ff465e71d6f089d6c37b31867a0ce1acb9df571a0f4891a03ca240 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | 7be32de455a071f60a4e7a88a0727108 |
| SHA1 | 790b63e246aad713a976c4093e6fa3fcd65af7ca |
| SHA256 | aac1e00d672f36d9cf49ae90a427f15d60a6a475c5421dbc758b972fc1fd9898 |
| SHA512 | 9c260a9a6e18b26a5a0976f32dcd7ec3456412419739f6314e723a058a3fa7c781f393547c3b94cbf8ae042fb583e91f1c3b01f1873817e2e9b3cfa01f1c5222 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.bin
| MD5 | 8fd13803b1e5f14b4d241facc601a170 |
| SHA1 | 7321eec794bc766d84d75bd0370a9f2e4d7abdf6 |
| SHA256 | 925d771b2643715b62ef720801dfa96047fff1ee70eabb244bed802234673717 |
| SHA512 | f5b3514258487f8576fe32a795eefcffef049c7d002a6abdca17383bba838c7a218be23ec6803dcefed615f40afc2ba4b15bf65c9a74c4f6bb891d15d02bfc22 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nm
| MD5 | 401d5cb944173cb2c45fb247d17a4ba8 |
| SHA1 | ab2a5a056fda44492326588194b2a792adfbda15 |
| SHA256 | 46dc97567c66bd2621307fdeedeaeb04735670314b87b7101d494fd932d54047 |
| SHA512 | bb3156318fcbdb50bb4bcedb934a0d2afcbcc0a3277bcd0369951bf67a8ffdaaed5b28634292f85929817f1e928cdbee4801141926c5888831ac65e54def2485 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | 8fd13803b1e5f14b4d241facc601a170 |
| SHA1 | 7321eec794bc766d84d75bd0370a9f2e4d7abdf6 |
| SHA256 | 925d771b2643715b62ef720801dfa96047fff1ee70eabb244bed802234673717 |
| SHA512 | f5b3514258487f8576fe32a795eefcffef049c7d002a6abdca17383bba838c7a218be23ec6803dcefed615f40afc2ba4b15bf65c9a74c4f6bb891d15d02bfc22 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | 09a176c75b2751aeca9a07b87e6515af |
| SHA1 | dd8cea2515fb3e600a9328836b7a020e6aa47881 |
| SHA256 | 9f64c6e9d4e783b2d675a7f16e50c8aa7c5fccb2e15327ad833a97ac412f3d18 |
| SHA512 | 36240c333bc2c1782d3631226e935b281515c2dfe4204d21f7a1484a4e4528f4239e9f39e1512b19a9986b4eedbc47d30ec973624bfa2ad5cceca12645a2f184 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll
| MD5 | 1eff53d95ecaf6bbfffe80d866d8e1dd |
| SHA1 | d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f |
| SHA256 | 6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac |
| SHA512 | c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | bd4b80350c5d6cdc08a7cba1168b6400 |
| SHA1 | 6dd387816d1b998468bf44a736e8f218081d633b |
| SHA256 | 6c768fe0183f36f50aaccc1661ba8e4bbb68cac0a23e447cee17c7c7dc3a35a2 |
| SHA512 | 37819ac7aa8439a20bbae0ddd3b2e8e2ff42c6a286993effe76dcb72b7923d77937d4fe3b3493846ad9654d13b9a0abfb28649c208b2d05921a5f54179b829ae |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
| MD5 | b2216df400c3ef59f9406831ba7956b5 |
| SHA1 | 1e26588190fc8a608e773239d498ceb79a92fca3 |
| SHA256 | 1e429ee1da8a0fe6569673b7052c5f49c193aaa8f3152451f645539a431b792d |
| SHA512 | 3aa3c9ed3bcaa0f2b7c4de36f7a83e35e8abf63c972c8e5377915bed41a803ae516cf8ef14e9c455043dd1ae46e4aec1820fa3572e65d0c87a99eac1d43d1f40 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | 1eff53d95ecaf6bbfffe80d866d8e1dd |
| SHA1 | d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f |
| SHA256 | 6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac |
| SHA512 | c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sample.dll
| MD5 | 936021397e23fc913c55992ce9468913 |
| SHA1 | d65af889a379f2982b1ebf29d83d2783b9aa0ded |
| SHA256 | ce7bdd309701942d97bd8cd3c2455a8d37d93b4d9ce4c14986703daf46fab7fb |
| SHA512 | 4fb968bee32b5f2b5a5d1629ec2855dc0150ec6b753e83a457ec704350b1f219b5e1349a75ec41f94757d1ef2de9a020933f8e42566bf6123543b7709ecc3d74 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | 14cd82fe89752e3723a9b42aaa68763a |
| SHA1 | ea407d8d7064581406eb1b14e0f01cee61afb252 |
| SHA256 | 60e6029bdf3a2d88772bd4ec3aea6b688505e7dfcb76ce371d6942e9de95ce04 |
| SHA512 | 16114ff38a2e2cc59a9bbf420304fda8e558022f385748a5f48c02f037cbe815221a1cb4f0ac1deeb408ebf66ee3e25c059b157c7cc5cb169dbac75a73694fdc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | 936021397e23fc913c55992ce9468913 |
| SHA1 | d65af889a379f2982b1ebf29d83d2783b9aa0ded |
| SHA256 | ce7bdd309701942d97bd8cd3c2455a8d37d93b4d9ce4c14986703daf46fab7fb |
| SHA512 | 4fb968bee32b5f2b5a5d1629ec2855dc0150ec6b753e83a457ec704350b1f219b5e1349a75ec41f94757d1ef2de9a020933f8e42566bf6123543b7709ecc3d74 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
| MD5 | 14cd82fe89752e3723a9b42aaa68763a |
| SHA1 | ea407d8d7064581406eb1b14e0f01cee61afb252 |
| SHA256 | 60e6029bdf3a2d88772bd4ec3aea6b688505e7dfcb76ce371d6942e9de95ce04 |
| SHA512 | 16114ff38a2e2cc59a9bbf420304fda8e558022f385748a5f48c02f037cbe815221a1cb4f0ac1deeb408ebf66ee3e25c059b157c7cc5cb169dbac75a73694fdc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 1ed53171d00f440f29a12f9beb84dac4 |
| SHA1 | 4d9a1e3579b0999f1ab2fa818b588411e9ee920c |
| SHA256 | e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e |
| SHA512 | 17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll
| MD5 | 1ed53171d00f440f29a12f9beb84dac4 |
| SHA1 | 4d9a1e3579b0999f1ab2fa818b588411e9ee920c |
| SHA256 | e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e |
| SHA512 | 17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll
| MD5 | b2216df400c3ef59f9406831ba7956b5 |
| SHA1 | 1e26588190fc8a608e773239d498ceb79a92fca3 |
| SHA256 | 1e429ee1da8a0fe6569673b7052c5f49c193aaa8f3152451f645539a431b792d |
| SHA512 | 3aa3c9ed3bcaa0f2b7c4de36f7a83e35e8abf63c972c8e5377915bed41a803ae516cf8ef14e9c455043dd1ae46e4aec1820fa3572e65d0c87a99eac1d43d1f40 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | 401d5cb944173cb2c45fb247d17a4ba8 |
| SHA1 | ab2a5a056fda44492326588194b2a792adfbda15 |
| SHA256 | 46dc97567c66bd2621307fdeedeaeb04735670314b87b7101d494fd932d54047 |
| SHA512 | bb3156318fcbdb50bb4bcedb934a0d2afcbcc0a3277bcd0369951bf67a8ffdaaed5b28634292f85929817f1e928cdbee4801141926c5888831ac65e54def2485 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | e59b9d344dc47e24bbd046e9ddfcecf3 |
| SHA1 | 15837e283a6a779af5a967ae7233fbef5de9b1ed |
| SHA256 | c8e27509ae33d681409e7a710cacc8f6d23b8687aac6a17281f4832f295359a8 |
| SHA512 | ebea63038b7ab7675be161cf44a8f00a18984ffbfe33317b9ff29ee0793db31ece1cc8810dc8f3bd1ee2a1f701833e95cfd1e67bee4b7925958cdff32c27501b |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll
| MD5 | a22f4dd3f75413faba618de10315540d |
| SHA1 | 450a9abff68ffb922abaa0ba193ea4ffc983e92b |
| SHA256 | 31d628b6c6c58d76dbd8071e155c9bfef575444d3ce7fa83c2a0c3a16e67e7ea |
| SHA512 | b34bec558e556dc8602717fc8b2601f18d02217551bcb1b3d7df7f9574f7ddf46a29dcfe043119f353e1e258fdc1e9a6db6d38ce8e5f3eda9fdb92216a31ccd6 |
C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll
| MD5 | a22f4dd3f75413faba618de10315540d |
| SHA1 | 450a9abff68ffb922abaa0ba193ea4ffc983e92b |
| SHA256 | 31d628b6c6c58d76dbd8071e155c9bfef575444d3ce7fa83c2a0c3a16e67e7ea |
| SHA512 | b34bec558e556dc8602717fc8b2601f18d02217551bcb1b3d7df7f9574f7ddf46a29dcfe043119f353e1e258fdc1e9a6db6d38ce8e5f3eda9fdb92216a31ccd6 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll
| MD5 | 461faf68ccc02b0223fd273b630f21fe |
| SHA1 | 363b8beaa74f0f454c2d544ace9e71a84bc2b4cf |
| SHA256 | cb07f3f461e9c267831b1ab93af6dfda1bb51d72e42d73d00d26594f09326be1 |
| SHA512 | 4b671f48e45fdedf50c7f7bb6c8d82a3b98f7502006eb002aaf8ff31f25f9ff1257c7bcc12caf622e43d4ec665b19d978ae3e3762f76def0bc71485ebdb8426f |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 236da06c4a81e4134f6239c5441a8bd8 |
| SHA1 | 9f4f1f515cdf8f84196b7e230879cf3d9edc56c8 |
| SHA256 | a4a53cd357e1a2ac8c2df731dfc3365762f1296b629c647cae23ebc3291e0102 |
| SHA512 | 89847e2379190f5b80d7aa748503b9946e185d0e559125202a95bb922faec96f4f53d577d6a2ebd62fc16545eab46492136c5ceecc0cf6cdbf6d1c7925b1d4ce |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | 7b63a1e09ec588a4b3f0c234e8a2e878 |
| SHA1 | bc30968eca0a1d0bbd91af5093df772fd100c7b6 |
| SHA256 | e9390428bbf48825304080a593c66d78ff63cefe049469f82aa7fbd008f57d56 |
| SHA512 | 331294bf7342443fa795fcf6c3e6e66335b3fd997a0ac51b6dcae4c011dcd84446691174ff90eabb65599a405a05d2cc08c7ef6c6f5042e6c8a0b30b60a86a31 |
C:\Program Files\Malwarebytes\Anti-Malware\7z.dll
| MD5 | 461faf68ccc02b0223fd273b630f21fe |
| SHA1 | 363b8beaa74f0f454c2d544ace9e71a84bc2b4cf |
| SHA256 | cb07f3f461e9c267831b1ab93af6dfda1bb51d72e42d73d00d26594f09326be1 |
| SHA512 | 4b671f48e45fdedf50c7f7bb6c8d82a3b98f7502006eb002aaf8ff31f25f9ff1257c7bcc12caf622e43d4ec665b19d978ae3e3762f76def0bc71485ebdb8426f |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll
| MD5 | 1383a56bdf56a56f40e26ab9c77a9ebd |
| SHA1 | 72d7d2f3bb95ca4ad6a0857d67b3fa438ade4753 |
| SHA256 | 134319520445785ea9e369b713406075520e8ee15944aa2590e4de9f13b9988c |
| SHA512 | 1cc682a68914b4897f63f4bb7076e28db61b8d8e7edb3ed77905caa8f233c9e8faa870f8067be77af62c1c02be807989ec3a98cd212c92bc1fb35391657ad975 |
C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll
| MD5 | 1383a56bdf56a56f40e26ab9c77a9ebd |
| SHA1 | 72d7d2f3bb95ca4ad6a0857d67b3fa438ade4753 |
| SHA256 | 134319520445785ea9e369b713406075520e8ee15944aa2590e4de9f13b9988c |
| SHA512 | 1cc682a68914b4897f63f4bb7076e28db61b8d8e7edb3ed77905caa8f233c9e8faa870f8067be77af62c1c02be807989ec3a98cd212c92bc1fb35391657ad975 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 8395bdcf8d9eeb9cfd730618d0d22e03 |
| SHA1 | 145e6e051209232bbd8fa380de87745bc37a64a9 |
| SHA256 | ea6439cb85d3a993b0e11b093428131b39832577f912cfc7c7f319862850d0b0 |
| SHA512 | 4c450df8617bafdc7d925b5ab2be5fed17cbdb3c35f27da9528826b4744c1f41b7288ea6ed2b1a768401d03c549271a4f2e6a8e6ecf23d69d41d2cf789e35805 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 8395bdcf8d9eeb9cfd730618d0d22e03 |
| SHA1 | 145e6e051209232bbd8fa380de87745bc37a64a9 |
| SHA256 | ea6439cb85d3a993b0e11b093428131b39832577f912cfc7c7f319862850d0b0 |
| SHA512 | 4c450df8617bafdc7d925b5ab2be5fed17cbdb3c35f27da9528826b4744c1f41b7288ea6ed2b1a768401d03c549271a4f2e6a8e6ecf23d69d41d2cf789e35805 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
| MD5 | 7c0aa9006fbef5bbf87bcaa1d33c0a66 |
| SHA1 | 5a55f2ae74324d57a047654b7a5456966c6c2b12 |
| SHA256 | 6cd39828a887302bba0a7231570c150df793dbaa2a0d349dc95102070559790c |
| SHA512 | f72c5c84569684ef1faec9e63c3a22a2d126033c5b819f80d0ee72a15b0e4367d36488a91d85e581b5292961821b1d0a51038e8255f7402cb9cfc47979a8e071 |
C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll
| MD5 | 7c0aa9006fbef5bbf87bcaa1d33c0a66 |
| SHA1 | 5a55f2ae74324d57a047654b7a5456966c6c2b12 |
| SHA256 | 6cd39828a887302bba0a7231570c150df793dbaa2a0d349dc95102070559790c |
| SHA512 | f72c5c84569684ef1faec9e63c3a22a2d126033c5b819f80d0ee72a15b0e4367d36488a91d85e581b5292961821b1d0a51038e8255f7402cb9cfc47979a8e071 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | c39d5283ffc593d0552d254da37d322a |
| SHA1 | d942d1253a45a52180c1ff814d16ebf8284a03dc |
| SHA256 | d4830de819010073e86e06e17224daf90239481a522bc94ece999063c84a9312 |
| SHA512 | 80cdc4050cd5b266620fda5d20cfec06a3bf954445a98f514ee6567801af33e6a2878f1fb6d79076f3ad8368ab3ca7bad421a5592dfdeef8f97c03aac62e67bc |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ActionsShim.dll
| MD5 | 58149edf4990067b4c1ffe1c32a51a01 |
| SHA1 | 80c0c8b8def45420159659d2eaad181eb0b05c40 |
| SHA256 | 67af73f9b49ce113d02d7f2824e45d48044273772c94e6e8c300cf86bf83cb55 |
| SHA512 | fe69f4eccaa35b132b7dfc77fae50733398cfa5ab7377f502a50e1bb83be6b81fad26a0a24f6dfbc99dca6e118784f3452edc4a30c11ac161fc0db62b039cb4e |
C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll
| MD5 | 58149edf4990067b4c1ffe1c32a51a01 |
| SHA1 | 80c0c8b8def45420159659d2eaad181eb0b05c40 |
| SHA256 | 67af73f9b49ce113d02d7f2824e45d48044273772c94e6e8c300cf86bf83cb55 |
| SHA512 | fe69f4eccaa35b132b7dfc77fae50733398cfa5ab7377f502a50e1bb83be6b81fad26a0a24f6dfbc99dca6e118784f3452edc4a30c11ac161fc0db62b039cb4e |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
| MD5 | 1ff50d44fcb92f99dd7af478171e8b18 |
| SHA1 | a4d3b41df2173d8363ef99d2cea92cff8ff60338 |
| SHA256 | 118841f1c274e8dfd94fc6a31f4f2c10df38a71d0fa96c1f3f6453339e20bf02 |
| SHA512 | f7df13e47f88cf77797a153cab5aea17d03bd9a9aebd2fa64d49175d3fc820604ba7ce9d43081624dd660fca5bf42eda2ff1309c018bc4ff7e4fd982e14650b1 |
C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll
| MD5 | 1eff53d95ecaf6bbfffe80d866d8e1dd |
| SHA1 | d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f |
| SHA256 | 6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac |
| SHA512 | c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d |
C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll
| MD5 | 1ff50d44fcb92f99dd7af478171e8b18 |
| SHA1 | a4d3b41df2173d8363ef99d2cea92cff8ff60338 |
| SHA256 | 118841f1c274e8dfd94fc6a31f4f2c10df38a71d0fa96c1f3f6453339e20bf02 |
| SHA512 | f7df13e47f88cf77797a153cab5aea17d03bd9a9aebd2fa64d49175d3fc820604ba7ce9d43081624dd660fca5bf42eda2ff1309c018bc4ff7e4fd982e14650b1 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMShim.dll
| MD5 | f44b6c80c46c4cf3071b5f5b916e1271 |
| SHA1 | 839f2238ecbbfa80ebf9c1f77eafc78204b58761 |
| SHA256 | 732523df43358729d5e85cceb557d69016dcdd3e2238d903c33c5327c3131fae |
| SHA512 | 99be164ae96bc4f93dc896d5df445ad1c2f023f10605a8c9857d7ebedfc5b070f50cd33b401d61003e601a06b8446e6c0b5dbddda4927a2e1352407d3b266942 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SwissarmyShim.dll
| MD5 | 89a38afcfa758e3298609c6c51929593 |
| SHA1 | 2df1ee30adc92bd995526e41fd9c823354de30b4 |
| SHA256 | 4795576483af0c136a71dcee87a0ffb54f0869cae6395ac2ff8312bf555e7161 |
| SHA512 | cceaed0b9a7517aebd739a377c7bd8987b9ac357be2bf987dbae31d59f2121c5bb9a9bfa2c70a9a54ad65546ef23903176dd6328d93408cb5c991257d59e2717 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 1b2940d2befbe9f8b0c05d64b4def876 |
| SHA1 | b7df4744ba3a5add9d620b0d3bcad28a13331b97 |
| SHA256 | d52bc7de7bcf881bdd8c2453db9a8973481029e5929f8260469b3a6fe95da2d0 |
| SHA512 | 73746b62a098b099e85d9bf8606ec0a983d1544e3d99d983231bea7c854792646379e162fbc34d9fd3f38f7a57a601e51ee682269902ccb6d9d2f6660fe60b5e |
C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll
| MD5 | 89a38afcfa758e3298609c6c51929593 |
| SHA1 | 2df1ee30adc92bd995526e41fd9c823354de30b4 |
| SHA256 | 4795576483af0c136a71dcee87a0ffb54f0869cae6395ac2ff8312bf555e7161 |
| SHA512 | cceaed0b9a7517aebd739a377c7bd8987b9ac357be2bf987dbae31d59f2121c5bb9a9bfa2c70a9a54ad65546ef23903176dd6328d93408cb5c991257d59e2717 |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll
| MD5 | f44b6c80c46c4cf3071b5f5b916e1271 |
| SHA1 | 839f2238ecbbfa80ebf9c1f77eafc78204b58761 |
| SHA256 | 732523df43358729d5e85cceb557d69016dcdd3e2238d903c33c5327c3131fae |
| SHA512 | 99be164ae96bc4f93dc896d5df445ad1c2f023f10605a8c9857d7ebedfc5b070f50cd33b401d61003e601a06b8446e6c0b5dbddda4927a2e1352407d3b266942 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Swissarmy.dll
| MD5 | 3486801ce1e8ffc1bbc6d4f097b0f369 |
| SHA1 | 08f2a85cd07cf1c0d6f27f0d5e7179c2a5cb8600 |
| SHA256 | 26720d0b669898089a4ab5a6c53203918ec399d227331273ba11169bbe273678 |
| SHA512 | 81974a79bf4e4086549874ef778e7716713a0107ccce212e9564f3355a26670943845aaba744691d2b68224e06e2f9d9a263e29f4ca7e46e1bfdb507a24656d5 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | a9981394563c7f0a0362b5d796aa248a |
| SHA1 | e96a8fe737e1f40d43e619a3b2b0f3f2ff1d27c7 |
| SHA256 | a9b7fc50dee2f1742d14e13902f27d7544c24b2a3bd65cd4280608059d247109 |
| SHA512 | a72b95cabe68760770cc5a6cad3f7cbd80c35fa7a2bd0e4a9c21b29c5218cb0a278c9014a446b41d9094beeaabf849a98a5e78b477d714ca8f3bef1bd06247d4 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
| MD5 | 1dc6d344ee9b6b024ba23278891db9a5 |
| SHA1 | 519b792d11daa2bf9d127f69cdd603a236576e04 |
| SHA256 | 823e1c7321e177b006c1f3fd1ec8b99607a12d2c3c321f3a6cbbcf7030b6c240 |
| SHA512 | fb96c4ede03c3aa729d2ea5a72c5f14029f6d69a79b6e0d5449e371bf3acdbbd1cb2079e8bbac3a3140a257c71018bc7a2a31a45ad5c8b65382e67cc3431ab6a |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 320e83d51efd46f1a10ccca242fd0f22 |
| SHA1 | 013f9eb83bc9a4a93e639748543f380132a31eee |
| SHA256 | b6765ed8cd9f4d55a004fee33feaf6b57822b9cf75a5422862280dbc14830bd6 |
| SHA512 | 3339de36c18c912e7854cd779ac7bbf1101b9b122b88fffac8193e6fd5d903daf0bf1223d5bdeeeb74acd58dcc11829d564110241bc044f7dc2f63af75710159 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 5055f502a60af9ecee5756ff30da5bba |
| SHA1 | e3352f379870eebd2d9153fb64bf53c61020b1f5 |
| SHA256 | bd237ef5765ee12c5f3cd0cadadfcecb329ff30a67a24713a3d880c093c73c15 |
| SHA512 | 10a4d51a55c794b8be26f8aac0f1f9c303518f69d55d424009fc3dc891ff2318297d6dc31456aee723712df6eb293caf454b213c3d1d197b6e74be82a55c7264 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
| MD5 | 0ff3f3ba83e1dc78aa42e205e1a01867 |
| SHA1 | 0a557f31af77bfccccd9530227d593efb4809fd2 |
| SHA256 | 9c5dad17bd0878115a88a4c94405fbd9048294462eea474f265ddddedc90771e |
| SHA512 | 80543530d28722b926d3aeda4a0c61fc5bea1812e38a3a1b7b84a5a1803c078bc54c32eff23b96766fd5e27301818f105d86235cdddbaa0dc51ac347ed3d7dfd |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
| MD5 | 83c630f8c1f291b522f2b83fdd2acdc4 |
| SHA1 | a56949b27a80a6a205c0aa7945fcb879feadeb2d |
| SHA256 | 6dabd76a6688902db5bd63342c1a88dfbd8fee71855ce556b5d26df7420fb20d |
| SHA512 | be56c4da3889f8600f2f7f73fc6ea6a3277195b8ddf626699c4eaeae9f399bbe6d86ce0d9b6fbb5963ac4bdac3acef8e7427f027d9c87aec5750527842d59e3e |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 18ccdf811e90441e187d057ef5313873 |
| SHA1 | 29dd7fb0d81689059d07ead1951ebe3aaa40f4ef |
| SHA256 | cc70ce96d68485ced4f48623a8996d5e45c8c1330253a0c4c60c063f2d960afd |
| SHA512 | 3502b654248ff0bd1f537c6ab36d55d740b205e0bb336492cc4d1a627377de42645114de845400caa9da3be32f2df6b064808fe0c7f12fdb6f14381b5044eeaf |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 6a21162e1c8a9f65787b14bc439eb077 |
| SHA1 | 1bf68b253edd6cae098144e24e09b4e22178784f |
| SHA256 | 8b7990e1c676f53918e41f6b18b20179d77e598352d9243b05e2ea22b2d9e4fe |
| SHA512 | a0dafe66479b9e68ebf04a7e2fa7c7cc352fb075356b7eccebee7af527393711e3cb36c7ff6466a5e28b17d1d003c1c49ef176b448f5de36a7c8177c9c8808c4 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 63e8e4f9f72d1601a2b5702cf6ec04ac |
| SHA1 | c270395147b18023b5e418a835d703bfff43b131 |
| SHA256 | dd8595507332ac281bdd2fb559599d47ecabbf38098eeca98b37a3e998e15c16 |
| SHA512 | ba53297e972ac2dc01b6d3adcc7b2e882e96e15b0142976b1933c4981358f092665483c7d5b58c20df64fb1fe56263d1aec229a10d3d47f52b8872a138a549f6 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
| MD5 | 836a168103264e523e341727dfdecc7c |
| SHA1 | cf47074d664dada502086edd3bce2309902e2493 |
| SHA256 | ce346ac3bc7137727fce50bd116a347f8cb5a3e38adb9045e03e6e2bca8196d0 |
| SHA512 | b42d4d7a30e0a7ff1c51c21d5bfc5eeafbdb26ef64692e3dceceb324350f4972d566af96f36ebdadf7142b3cf590689bb50f4345ddba598eb49a66b03108dce5 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 836a168103264e523e341727dfdecc7c |
| SHA1 | cf47074d664dada502086edd3bce2309902e2493 |
| SHA256 | ce346ac3bc7137727fce50bd116a347f8cb5a3e38adb9045e03e6e2bca8196d0 |
| SHA512 | b42d4d7a30e0a7ff1c51c21d5bfc5eeafbdb26ef64692e3dceceb324350f4972d566af96f36ebdadf7142b3cf590689bb50f4345ddba598eb49a66b03108dce5 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | e535602b1aff56bc0ab82d58b58026c1 |
| SHA1 | 787bfaa8dd28e6c4f9234c79da80124609c8bd17 |
| SHA256 | 0eaa8c6cb2b727118de146eb5a013d5ffd4611b239eae6bf581c5acc4d05da25 |
| SHA512 | 2d36db916d86e74912841447f9c041ada10b0dbdacb4b40b92e9679b6e138c9dadafa13f038b4dec34099dcd648dfaccc8dd7729dd54f95e0cd7a1924e3fa9f6 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 0976e212875889b29b6f5867b7f7df5a |
| SHA1 | a106c54cd9929cf3f61c3087be9ae5db85fd067c |
| SHA256 | 33b7289f30d4c187c406f51e4a43276296f0c1feb4f1b443ab9e8e68599c78ca |
| SHA512 | a277b8832bfde93afac735c5ddbf6b33dcd7e5d356bb90fd90b5f01ab2f31e4ecfd5ed36e37576e45c041a187a153fc6f0436e59160e4a76f2b92838939f946e |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | e5bb98e4d7adf79cf7355aeb4a12d3c4 |
| SHA1 | c2996909b98b95863d54c6a2f7843e5c05015596 |
| SHA256 | 1f2ec66c3947802dd97abead84d71bacebf84e4a2e871852cf5291958d45a189 |
| SHA512 | f65ec684a21481c66f4571fec4f5cd17fb629fbc4b5fda88bfe00ada30573f3c74313311f5e8a164709824b8033a60fa2ae0f1643d0ee3ba8ae4fd558709aa7f |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 63975f978d2f6b39d0f8e36e861f3241 |
| SHA1 | c7cce6e80025f1a1ab2659aa74472f796e3e557f |
| SHA256 | 8f3bf391545fcca8e5bd6784a599a4633b50addf7dec1d688e85d0d335202ec2 |
| SHA512 | 6f3ab350ba9b31c5d99bec646b81af726fdae60f862356b5fca4799e71bd5e74686af87070b71ab0b5293c98c1d058df0cf568475a3925e296a295b46b401c06 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 6a1abb71b5aa5c9e2300a1e91a38b6a7 |
| SHA1 | 5875a0b9cfb82315cfc8ce04ae27379f60cf4c06 |
| SHA256 | 2938b7456360480a7889e0474191348d595b17fe8a3c267d8cc39568ca959ece |
| SHA512 | dcb8b65aebbefef5dab25cba67cf69783d2f0d0f9bf963c7d42dbef7231a671b9d628d4e728d3f272b41035885f3ab8d8d093d08db6715f02883b79e838b1895 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | af74a6f9f38b30154c86796b8f144537 |
| SHA1 | c9f67d1cb7f8d1e5be48cd9e009a2fff30ded3e9 |
| SHA256 | afb7284db691fd7c4cf5a13facc8d79df9017db6a712b76edb682b7117f8c200 |
| SHA512 | 4494001fe4a9337627e0bee585d94a8d5ffcad4eae50ddb29ee7333ddeefd7bd61cec478cca449f39d304f30d7c3ada7bea259d38de8dfc8bb938d3fb5774925 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | cb279a58c9a7c7770401b01f3921e4c6 |
| SHA1 | 9a2498bb25b2211623d052815efedf0b10cf6bb0 |
| SHA256 | d833f5ec3cf974a69e9c09ab421a8162cd7413c8d4c7c92082e163c3fc9eb037 |
| SHA512 | 0022aa7a0fc4482f45b841c99ef23528c674cf4b7ca37a649f46dff4f0ecc876915d476990ec76eccf2f7009e2a7e0b80deedd2c72f4b53b070cf7633eabc399 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 2b57c69a6a7db0c41ab192d1109fe90b |
| SHA1 | a4c8096a51e55ad92fcbdc6e217b4eaa3e2a1259 |
| SHA256 | f29863b2e2d7e42e200ae4b011893fef7ecfd89160856e11a2009c15b71fe521 |
| SHA512 | 0b7bf65014cec2015a54f6c4278d161b39a1acd994dfdb3a2b135001024123cec768c8b36c2484be6c266b999d998ac189cb400ea7b010ebfea63b71c1463bce |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 20e3b4003f192e9d7cc508981624c06b |
| SHA1 | a3e6d95914a219045ce38209badbca879f6ed875 |
| SHA256 | 5525e481fbf3b4ecfc1fdb918ec9129bc43f2dc2c2ff1ec8048d16a75a576c5e |
| SHA512 | e4e3c629ff3ed2381eb9d453972ae9c2bc1a88e47c0a7e7f80097924ee09233d5774e9cdfb234adcc351c36dc167f279344b4b902b70edd1bf9594b57874a16e |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 12f4a2d55aee1ab31f5ed968ffa20d23 |
| SHA1 | 3153fdb725d94b6c27e37e7a27af827de5d33c1c |
| SHA256 | e88991d4a8e32c653be625ef8a98aea1f8f4a0a6638f34b56f408458c67d477d |
| SHA512 | e4681a4f475ebfe6ac8301bfa7280d558a93add3ec89cbbde46c22e38a09fdce55d9c526321bcbd8792ff6eadcb46a7ebe3c96199e1db77a4d2d13d7402ce046 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.sys
| MD5 | 2152a9aba3407e2cfcaa84e4c20423a2 |
| SHA1 | 825e79fe98922ac978aee92e243aec0ab44ddd91 |
| SHA256 | a7d456c7679717500c4a8968a9ea205107dd6e72c81ba1435777af2bd3bd95d3 |
| SHA512 | 32c1d5f1ba553848213353a2f39b9971c7ac6818390b1a00d6b23335be8f542665d4ed60202e7ca04a1976141881515833665782cdfa8f69fcb3ef0abfd4f37a |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 3757b24cb01227ceb0a7bc717a74dadf |
| SHA1 | f256cc8f111c2f2f993db41f427686bc1b1a52e4 |
| SHA256 | e5ebd2146d55eb87bb905b329abec0243c8c6c48bc5858fe4527795a1e77790c |
| SHA512 | 04009aaea4197a00b25eaadc0dced5d7ab2f3a926836a0248657e27de54fc28fcc09cba0ac43f919331dddb577a263a6aa289473d400982cd522847a05cd9c9c |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | efa203f1cef26b534c784dbda97305d1 |
| SHA1 | 819ca8d4bcd45dd027c4c756d30f5514fb33e225 |
| SHA256 | 157f846083eaa200bdd466d488008bc25c616b1fa4b0f707a68d0cb23fb4df65 |
| SHA512 | 2cc3099798044329f9bcb7a4f6c3493c68d7b3a3672bbb80c19d77b47e50fd5118616a54d0740fc209c341a664499a8312649f5974fb9b1d4e5226a775f4e56b |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 21d8b7f30280d07b3dc24f6192b089f4 |
| SHA1 | 90f03c80e7fa89f3053f29e82d17fad8253f10cc |
| SHA256 | dc05a71bfd8b22a7dde12c403c10f9bf6fe67a7fa2b59c31d67f8cc4f2ad1bc3 |
| SHA512 | 040c73ccbfde00c1773576256bc236f9ec5f9caadba49714edf7defd170790351011e3430ff74273c5b9cf8f037493db8b4e1ca8f3e8339ef81454b96235dab8 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | ad4fd78e6b141dfbef3cf718ec0ef32f |
| SHA1 | ca28227d30b4bf79f848d72c0f1b537cd697fa32 |
| SHA256 | 543314717e6acb53484e456d61fc94955612142d5e7ae72d649c2a15b05af25a |
| SHA512 | 53011a6cd45abeda76b4c2507c5b65f05e32bd375ea7995ac4f4910f475b0ef1b06de2d8203cc08f7a535e0325cbb312c7896da5a13ef3fdd5b6792365b8a155 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | b7c13db5945afc2bec27a0f16954c792 |
| SHA1 | b60b3d02ef14df03c1149779aa6f328c64c9e570 |
| SHA256 | f0b7f4a7d4d6a798d3044e379c62550cdbb90b3098af8f3cb01ff97bb2c6d910 |
| SHA512 | a658a86d062a985bda46f78c952e79e04aa374b502f406feb2176d4e6128f093328caa2fc7dd65b4265ee1e7919a65ac251ce3120d5dc86ee46ca2f4495eff4b |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | e8d843d2eb592ce08c71d1bb3b26c38b |
| SHA1 | 9df3e3ab696b8da678e168857c3d8fbe7f3e6280 |
| SHA256 | 55f3cc817d01c1b655ef3ebb879b72f8db98c622c9653ed0a7d2bf13c206c2b7 |
| SHA512 | 6114fd91da8717831f1bcc15405fa42ed4c60d96194b6ff1f81257c108c10cf4690b2510da799d24447bb37bd2650c7506ecd7f017fd31cffe433b5756d8f155 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | f2f84edbc53b6dacc346d386a2d7f4b1 |
| SHA1 | 930794f8ee12dec57a5be6dacb926da4cb0627ce |
| SHA256 | f625135d484e94c8ba8b9ebd66bed5d86f8802ddee9f95180bd5ac468cc8a350 |
| SHA512 | 4b4d11b33a584f9c6c6540667210552904c04c69736281d803c26bcde7e685895b8e4a7e036148fb8b87d17f1cef3ad2d7aef1bee99a4f1d0713c51c98dd7c02 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 308d2122e5fedf8bf8f0c719fab4a100 |
| SHA1 | d6b8af7902e599e0c858f0a5e14fc9723abdabfa |
| SHA256 | e90501f46962346a09cefb6d6ebcbd4b24269939aa56aa41af41e767419388e4 |
| SHA512 | f87fb8935e1b08e66b5032bee78cfd9fb862781a9fffae853c3211ff5bd52d7e85a766046b90cc926baa54af2200179fe058eaa6c7d01780205cbc529ab8d987 |
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
| MD5 | 6c83cd1c84db1cc5943b81388e0d13d5 |
| SHA1 | 732ff7eccf8c0caade8f5c79d09dd90bc0d79f2a |
| SHA256 | 78ec20d744f04a06113e14cc43c67270710e5f60852b495cb27c301508aadaac |
| SHA512 | 0ede8d3d039e3cfa0e982923630652c60d6920bfa5888d4b25a6d2dc29031368c9e9d1a18211fe76173eea2e69633d42a5896d2646894679e4621c20ca7aff6a |
C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe
| MD5 | e8dd943b67fb14caf3f09d6762e25660 |
| SHA1 | 0414f4cc1157559479b5f2c1d6f452eab14ca2c1 |
| SHA256 | 683946520fefe89c98edf1fe3b8adf17ae48d0ba0a76782bec8537a6c9c6361e |
| SHA512 | 4fd53b35901612fe80d4ca223c99027bded437cd700a90f367234d21fe15690e6626c30525ed9beefb412729f9d8334d72e0a1625ab74596d463a19ca47c8645 |
memory/2544-5202-0x00007FFF35100000-0x00007FFF3566B000-memory.dmp
memory/2544-5201-0x00007FFF35670000-0x00007FFF35A8E000-memory.dmp
memory/2544-5205-0x000001EC8D110000-0x000001EC8D120000-memory.dmp
memory/2544-5209-0x000001EC8F6C0000-0x000001EC8FB00000-memory.dmp
memory/2544-5212-0x000001EC8EFD0000-0x000001EC8F1D0000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 9914e5ec0250831ab8e5321f5691c5e8 |
| SHA1 | cb8984a332c0344050021902b9ae2a7f1c1f0dac |
| SHA256 | 18e3fe60025aa35501ddf9cac0a58f452c3cadf422c7f35a7a41dcba6bc80064 |
| SHA512 | fef40485da584dea738abd8e7ee355e7e6c6ae5cdde325da6e83dc332953ec2e042c965cbdd666a7faf19e751a8f17639bc986424183ee97785131bf2508a576 |
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
| MD5 | b16676a4ddb43aa0368d450af0b53da6 |
| SHA1 | 434dae4d7aac721034c9a169faed3615ced9cd9b |
| SHA256 | c8a9b6c9351c59b802ed570700ba048f0d21f05e814b90662c6d25bc589d35b6 |
| SHA512 | 641f533db7d3245cf21da79609db544da1cf0fa7db915d1a182ace7895253eeb5a153aaeba0d571e79f83d2f03f66c706fd4e33928175187b8b362c67cf2d370 |
memory/1160-5385-0x00007FFF35100000-0x00007FFF3566B000-memory.dmp
memory/1160-5386-0x00007FFF35670000-0x00007FFF35A8E000-memory.dmp
memory/1160-5384-0x00007FF76E530000-0x00007FF76FC25000-memory.dmp
memory/1160-5390-0x0000026D41660000-0x0000026D41670000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
| MD5 | a6f9c972c35865bc59d6432a6c6dc12c |
| SHA1 | ee1065b816a96d9d3747e93a502ef972438f9688 |
| SHA256 | c1063de65c20583ec451c9487b18787ddef565c9938dfda20a565456301481c6 |
| SHA512 | d7f722fbbc45bb755cfe242782e53bfec461e587fabd38366b31e86d1eb1b25b0d8fad5a080204c9a312b9343d39b524a656e76fd35e284704680ca0099272c6 |
memory/2544-5495-0x000001EC8F300000-0x000001EC8F301000-memory.dmp
memory/2544-5497-0x000001EC8F300000-0x000001EC8F301000-memory.dmp
memory/2544-5493-0x000001EC8F300000-0x000001EC8F301000-memory.dmp
memory/2544-5501-0x000001EC8F310000-0x000001EC8F311000-memory.dmp
memory/2544-5511-0x000001EC8F310000-0x000001EC8F311000-memory.dmp
memory/2544-5510-0x000001EC8F310000-0x000001EC8F311000-memory.dmp
memory/2544-5512-0x000001EC8F310000-0x000001EC8F311000-memory.dmp
memory/2544-5513-0x000001EC8F310000-0x000001EC8F311000-memory.dmp
memory/2544-5515-0x000001EC8F310000-0x000001EC8F311000-memory.dmp
memory/2544-5518-0x000001EC8F320000-0x000001EC8F322000-memory.dmp
memory/2544-5516-0x000001EC8F310000-0x000001EC8F311000-memory.dmp
memory/2544-5519-0x000001EC8F320000-0x000001EC8F322000-memory.dmp
memory/2544-5521-0x000001EC8F330000-0x000001EC8F332000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 4b5ccc8adbe22f4874ef5dc8a2990c9a |
| SHA1 | 65b66d21dc4a66e6f456ed954cd417c0371b3cef |
| SHA256 | bf2daa839f3a13944d0d9c61f4abc1f791fc2a2113e9631a1bc40a7af12dbab4 |
| SHA512 | 55b8b6c5e0c6848cd0ccc9078ef7ac039c1fcf8b253bbfdb3363d913c3970070f3a6544a2eb7566e1146f44d2bf13cda5b0cca06cf4e49dcf561259bf16f66f6 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 5583f7de927ed12c464976bbac078f47 |
| SHA1 | b528a5eab94131c41fc7c4993a03937f99700364 |
| SHA256 | ee44acda609976ac592937f15fa9afea2f89ca00ce8838866ff140fb33039f3d |
| SHA512 | 9a474ed1ea9478b5cd6a66c680cf708f6b3430091db79974cba36ed4254ef603ee8043438e4345f428376f3dd5729ea87b2aa0127344e027c03229dd340ae89e |
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
| MD5 | 720bf1a2a636462bacb7840d585e2f63 |
| SHA1 | 05a73197a7004a1dd2ac70018fc93232dc65a16d |
| SHA256 | 9cf6d7033f79e7ec8ef1a1d0fa1bf3cc226836fea6d58ba0e98cbb41ed878955 |
| SHA512 | f9fbebfd1abbac8c2521cfa28ff01a5ec104c5372726569a3c5bd8d7575893ffa75906753bd9d1063ec25c35311e01e1c6183610396e9509e2d395a4a44dbdc0 |
memory/3920-5591-0x00007FFF35100000-0x00007FFF3566B000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
| MD5 | d2ca2905c56fad1a8a3c4cedb710b226 |
| SHA1 | f604b83c84aa9e1439031f5a545a88be9ece3141 |
| SHA256 | 88d65f2b71c2feb3837fee3974db0b3d5ab34825f3b96827f99f84de2a1df5cb |
| SHA512 | 2a172272f9ed0bc60965ff83e44a265257200d28a995a5fe0a8860bfce73fece2587d3a6216af16433443d0c0baad138f97ab56f0a5f5ba5fc3a234223754899 |
memory/3920-5613-0x0000027B20510000-0x0000027B20520000-memory.dmp
memory/1160-5624-0x0000026D41660000-0x0000026D41670000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 2bef118eea38fc1a60b47f90b2aa4999 |
| SHA1 | a1af184ddb5ae2c3efea575828e62de68bbaaa16 |
| SHA256 | 326bb0ce49744315a0a197ee2be8ef3d7889c2a0183137012f9c9dc16170cc95 |
| SHA512 | 8197ddc70a805c9722220efe92ae026f67ac95cfc824d66d76d7afbcedc322a69ee7a8104cc0652a7f09e6cb32f926757b74c60e9ecbe98aa6e978eb7b2f1547 |
memory/556-5636-0x00007FFF35670000-0x00007FFF35A8E000-memory.dmp
memory/556-5637-0x00007FFF35100000-0x00007FFF3566B000-memory.dmp
memory/556-5635-0x00007FF76E530000-0x00007FF76FC25000-memory.dmp
memory/556-5638-0x00007FFF35670000-0x00007FFF35A8E000-memory.dmp
memory/556-5639-0x00007FF76E530000-0x00007FF76FC25000-memory.dmp
memory/556-5640-0x0000016C93340000-0x0000016C93350000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\a712c324879904b1.customDestinations-ms
| MD5 | 9b688c1cd42bfaf0c472f7b1cd53a412 |
| SHA1 | 3818b3e561770e75699e06d02a9da7bca3694049 |
| SHA256 | 09dba785e6a37e2269b87e99906b61a8dedee6802329a41e617cdb3092b4a196 |
| SHA512 | 8a8ce72e436b83fef5d4312d964486f3f2d9b309c590e4a708fc3d3c204731b1db01d40f990553292c74e50a96c87c3f19fdafcc444eb9e89ca2acc555ccdda7 |
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
| MD5 | 0ef56392005686d99189e388badb94a4 |
| SHA1 | 2c66a2136b517758f61b79144fc1fd55eef29f55 |
| SHA256 | 39e8c9b41dc29bac6221566e33900e8ab7f04f1547c9a1a69b7550cef924c408 |
| SHA512 | 816a8313141ea9a54cc24936472bbbdf28a21d3724f9c4c406623f0e38949ad2ea552e2b5f27dafdfef1c348443b73e7b82d6fa396f38c337475771e4a351db4 |
memory/556-5730-0x0000016C93340000-0x0000016C93350000-memory.dmp
memory/232-5857-0x00007FFF47540000-0x00007FFF48001000-memory.dmp
memory/556-6117-0x0000016C93340000-0x0000016C93350000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-16 10:13
Reported
2023-08-16 10:24
Platform
win10-20230703-de
Max time kernel
647s
Max time network
656s
Command Line
Signatures
Quasar RAT
Quasar payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Users\Admin\AppData\Local\Temp\test.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Users\Admin\AppData\Local\Temp\test.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\test.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\shutdown.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\test.exe
"C:\Users\Admin\AppData\Local\Temp\test.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.0.1769095693\525875252" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {afd20bd9-0c85-48aa-b6cd-f58a7227f202} 208 "\\.\pipe\gecko-crash-server-pipe.208" 1764 2528e0d6858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.1.1194289044\294948057" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c952efa5-ec74-4451-9429-043bcab51eb9} 208 "\\.\pipe\gecko-crash-server-pipe.208" 2120 2528dc30e58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.2.1503346409\210400" -childID 1 -isForBrowser -prefsHandle 2972 -prefMapHandle 3048 -prefsLen 21055 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbb5d6aa-fda0-4847-8ee7-2dcd4f3a375f} 208 "\\.\pipe\gecko-crash-server-pipe.208" 3024 252922ec858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.3.367339332\2099748522" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3428 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1084ca98-c997-423c-ac63-0b573753ee14} 208 "\\.\pipe\gecko-crash-server-pipe.208" 3452 25290b37358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.4.162576551\1317084216" -childID 3 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3dfdd95-195a-4c0c-aecd-79e23ef93ad6} 208 "\\.\pipe\gecko-crash-server-pipe.208" 3772 25283161c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.5.162110592\1421143292" -childID 4 -isForBrowser -prefsHandle 4628 -prefMapHandle 4656 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3b687b3-21b6-49a2-85fd-bbbf3babd4b1} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4716 25290b37c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.7.570236312\1121716462" -childID 6 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0892161b-3f1f-49ec-a13d-2b4ad03ae819} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4716 252946ca358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="208.6.101298466\1734529498" -childID 5 -isForBrowser -prefsHandle 4876 -prefMapHandle 4880 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c30d79a2-0769-4e76-8144-e04810e15fb1} 208 "\\.\pipe\gecko-crash-server-pipe.208" 4868 252946cb858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.0.1413823450\1891986387" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dc0b0c4-f414-4e89-bdf9-f8079d1b1c7d} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 1764 17b146d6558 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.1.511606937\2011904631" -parentBuildID 20221007134813 -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 21017 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {552b8e95-0eb9-4ce4-965d-deeb7897decc} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 2120 17b0956f858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.2.1028359774\1704020351" -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3248 -prefsLen 21055 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ce420ae-1339-45ad-aeb5-68bcbae3172a} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 2792 17b185d0558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.3.434948343\1253193167" -childID 2 -isForBrowser -prefsHandle 1004 -prefMapHandle 972 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80ee9c82-294d-4983-b5fc-6d0205481d50} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 3780 17b09562b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.4.1300884846\426975889" -childID 3 -isForBrowser -prefsHandle 4296 -prefMapHandle 4288 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5224694c-a39c-4af6-8da6-a27457ba11a6} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4312 17b1a79f258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.5.1449651103\1629294679" -childID 4 -isForBrowser -prefsHandle 4708 -prefMapHandle 4744 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d390c0eb-b126-49de-a3f6-da88b4c88946} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4724 17b197be458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.6.1920493624\2040117799" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {051436a1-cd42-4049-a001-ea2a0396c1f4} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4964 17b197bf358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4936.7.1105210350\1699018455" -childID 6 -isForBrowser -prefsHandle 4688 -prefMapHandle 4648 -prefsLen 26539 -prefMapSize 232675 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d72dcb-7649-4110-a482-354d138ed5be} 4936 "\\.\pipe\gecko-crash-server-pipe.4936" 4852 17b1a79fe58 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "C:\Users\Admin\Desktop\SubmitStep.xlt"
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" /s /t 0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3aed855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.68.56.232:11273 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | f.f.f.f.8.f.1.0.2.7.4.3.9.2.0.9.f.f.f.f.8.f.1.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.56.68.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipwho.is | udp |
| CA | 108.181.98.179:443 | ipwho.is | tcp |
| US | 8.8.8.8:53 | 126.132.241.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.98.181.108.in-addr.arpa | udp |
| DE | 3.68.56.232:11273 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.tcp.eu.ngrok.io | udp |
| DE | 3.67.15.169:11273 | 7.tcp.eu.ngrok.io | tcp |
| US | 8.8.8.8:53 | 169.15.67.3.in-addr.arpa | udp |
| N/A | 127.0.0.1:49770 | tcp | |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:49776 | tcp | |
| N/A | 127.0.0.1:49875 | tcp | |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| N/A | 127.0.0.1:49887 | tcp | |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
memory/4968-117-0x0000000000B00000-0x0000000000E24000-memory.dmp
memory/4968-118-0x00007FFB4FE00000-0x00007FFB507EC000-memory.dmp
memory/4968-119-0x00000000014D0000-0x00000000014E0000-memory.dmp
memory/4968-120-0x0000000003150000-0x00000000031A0000-memory.dmp
memory/4968-121-0x000000001BEC0000-0x000000001BF72000-memory.dmp
memory/4968-124-0x000000001CDF0000-0x000000001CEF4000-memory.dmp
memory/4968-125-0x000000001BE00000-0x000000001BE12000-memory.dmp
memory/4968-126-0x000000001BE60000-0x000000001BE9E000-memory.dmp
memory/4968-127-0x000000001D050000-0x000000001D09A000-memory.dmp
memory/4968-128-0x00007FFB4FE00000-0x00007FFB507EC000-memory.dmp
memory/4968-129-0x00000000014D0000-0x00000000014E0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js
| MD5 | 5523a610bbfb66c2d4a58c3f28732937 |
| SHA1 | 2362dc6457f6413ad8180eab35e9fcb440321577 |
| SHA256 | e287895ddcdcf9fb2d808e200022058b0692bd68b58f6a5f3aa5b0cbbe5d7f27 |
| SHA512 | ed7a14608eab78a9c5eb29671dc03d5a1b1cbd73075258d90497e56aec2784d3b8e0104c74af1ab83539d657957e89e1ce6d4a95a092281ce140d7a8dd654d3d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore.jsonlz4
| MD5 | 69aacfde0de086e3f7b7ea6bcce1107a |
| SHA1 | b584397321dff457f51190d18f3188b2a3a365ec |
| SHA256 | ce6c214f924092216ecf61125c432db71c5a9770d210940a3f2313326322df5e |
| SHA512 | 8f2ef8e138f1babaf01f6cf7964fd6b07716716100c7fdb1c637ea973b7fc7ca084defd7bad1fdd0166f97696280f744349ef2a3e21adcfd6294a8f9798f3ade |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs.js
| MD5 | 00e76249f8a1a2f8f6950eaf87cf6b89 |
| SHA1 | a51dd0545f26a746196cb650a4f0aaaf605d7c96 |
| SHA256 | 873c86032dc0ee33cd660cba82f6fde8634baff80f79588e1725ee75116f5add |
| SHA512 | 4f8c2125910b73423bbb53a780a211e3055b074cb7ac9e88fe74db6bc8ab253322fd96f2474ac2835be4957bf0084e9543b062e4738ca6764b4888a832bfb9cd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\xulstore.json
| MD5 | 05e1ddb4298be4c948c3ae839859c3e9 |
| SHA1 | ea9195602eeed8d06644026809e07b3ad29335e5 |
| SHA256 | 1c2c5d5211674c3c8473e0589085499471399e53e9a85d7dd3b075fef6cbb6be |
| SHA512 | 3177b48cd0c877821419d7e5eb247a4c899bc37258994f22257ceaafefb316e6f5959faae02e380e432d7752f0218d45d56d6878c1e751d201d9fdb3ff98612e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\startupCache\urlCache.bin
| MD5 | 1fa3d6b00e8aa8f8d55f611abf82093b |
| SHA1 | 4ada2cc332923850d06972a2abf1108e89c54af8 |
| SHA256 | e9d208c0c02474d49986a3304ce9f9183e6632ae3cd23250a148c774a2863c87 |
| SHA512 | 3d741ae0d7a713e1d00faabd83b5e86289cdfb14d28e430f2b235b8780a4a7fb45bbb91ef1068a8fa3a1af17fb27a589eaf6019989f5a0541af0cca8550680af |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\startupCache\scriptCache-child.bin
| MD5 | b1c0b3951a7abee30fb0ab72941beba3 |
| SHA1 | 3d996cedee1d6eb87d144f8e220d41740978247e |
| SHA256 | 41edcec5320de0978c90cc2563ad07fd3e1e39b00be164ec27a299885b71299f |
| SHA512 | dc2f9b4b5e4a81d9537d47372763b7570e8dee1b25e80131548ad816c8823424e9e2e298975932ea2d36e680922312cab5e65ee6c5715ba078a4c28d11b8829f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json
| MD5 | e08ef355498ae2c73e75f5a7e60eada5 |
| SHA1 | c98b5ab80782513f6e72d95ab070e1ed7626c576 |
| SHA256 | d1a98a30522d1bf882574df5ed2793bba5c4fdf0381788babea0846f6946745c |
| SHA512 | a0550e83ecd1cf632b4e54bf43744ee9f7c0a8dfcf9a043e018c00d4ca0bba606cfcaaa469b204e7c9dffec1f79b91e16cd4f1c94ff512c45d3dd25b7174e859 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore.jsonlz4
| MD5 | 69aacfde0de086e3f7b7ea6bcce1107a |
| SHA1 | b584397321dff457f51190d18f3188b2a3a365ec |
| SHA256 | ce6c214f924092216ecf61125c432db71c5a9770d210940a3f2313326322df5e |
| SHA512 | 8f2ef8e138f1babaf01f6cf7964fd6b07716716100c7fdb1c637ea973b7fc7ca084defd7bad1fdd0166f97696280f744349ef2a3e21adcfd6294a8f9798f3ade |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json.tmp
| MD5 | ea8b62857dfdbd3d0be7d7e4a954ec9a |
| SHA1 | b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a |
| SHA256 | 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da |
| SHA512 | 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json.tmp
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | fcf5c7d2400f1bee48933205a70fef1a |
| SHA1 | b7fdc6a64188edc9ebb67c02d8d46e13799d0da5 |
| SHA256 | 9356caed9848ff6f5beb42402b04beb83238c13212efd5e507b8cdd7a8162084 |
| SHA512 | c83fb559a023027435683e189116455ddf33152aaa3de968a53a8ab5fec6ca374c2fe0bb6caed51c50c78bdc171e188b98b2827882df9bc5a6713f058681f095 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\protections.sqlite
| MD5 | 49397db0486dc59d607907a086f40c9b |
| SHA1 | 08742ce9db9569062def08e99eea8470702feb7d |
| SHA256 | 890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4 |
| SHA512 | fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 63b1bb87284efe954e1c3ae390e7ee44 |
| SHA1 | 75b297779e1e2a8009276dd8df4507eb57e4e179 |
| SHA256 | b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a |
| SHA512 | f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495
| MD5 | f86cfa7ff661197e3981ce19574758fc |
| SHA1 | 8b6cf87908d88975d1cbba435d11268ed1772a62 |
| SHA256 | 5596b869a647830766fcc5874a565c70590a2fc80ebd8d50e4cb37055a88fcb2 |
| SHA512 | 74d64e426cc2bca45628d85ecb3a49a503043cecc4c329750a89a197da3b0d14a7da3c7019fb301508c60a92be000d33fb1ab42763be62970d4757a4b5405dc8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\cache2\entries\118BB2BA245AAA64B01692DF29396B97E11FC1A0
| MD5 | cb075adfcb82f3ae4c195e690068166d |
| SHA1 | 86a06b70b04e659793023acba29141df7355a232 |
| SHA256 | d1b9677e52ea062883619acfa84b2f6f30a1a996a2ce57e69430f36389930c8f |
| SHA512 | 30e574ea1d25c23c1fad91516fefe893624c0adc39c620c4e991203af25032a4fe0f936ffd10e607d134da396b8b439c21fa8eec9e0642ae1e123dc05a13fd37 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
| MD5 | 7bfd85d0318421ea730ce9d3bc60029b |
| SHA1 | 561d94d3adb89a9d6d32d26ea7a8b183e36a78d2 |
| SHA256 | 81a86ea7ef3a9005a5d74c3bd7bbee91ee12273f267f37168cef77eb03877d00 |
| SHA512 | baf824823fd8d92c17af051431028ac44c44462d8d9c960643b3e31f5c8141af5d19a949825cb62f58ae16c7b7210bd3d589e4cabf24b50d8ca0c61fe69397ac |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\activity-stream.discovery_stream.json
| MD5 | fcf5c7d2400f1bee48933205a70fef1a |
| SHA1 | b7fdc6a64188edc9ebb67c02d8d46e13799d0da5 |
| SHA256 | 9356caed9848ff6f5beb42402b04beb83238c13212efd5e507b8cdd7a8162084 |
| SHA512 | c83fb559a023027435683e189116455ddf33152aaa3de968a53a8ab5fec6ca374c2fe0bb6caed51c50c78bdc171e188b98b2827882df9bc5a6713f058681f095 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
| MD5 | bc599f77a10c3966af802ed338fe4dd9 |
| SHA1 | 4cd4db1484b716ce6cd0761fe782390f1c954352 |
| SHA256 | c1feabd5bf4c9860dabbbbf48150d22ee71ed35115ebd1223306a2e4b3906401 |
| SHA512 | 7d922be7406851d3bb84478e78136dac2409086fb072383240d1de0c08b4ad524be653d0bfa220e52ebfd4b5839b0c43f3b40e5a444fd393ddc28851a92dcd6e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b2d25afc20aa49453935561f6fef77a7 |
| SHA1 | bbc3cf3f2cf1421b845afd057e158db9ef049f5b |
| SHA256 | d6a171589f38f5c71ff6a1a6c4f059b3b8ca19312d152ec12e3529b3f31f34b5 |
| SHA512 | eba9cd88576ca33bc06d53df958d10949174b4c5c3ee84b252f95006881f5e5ca5e1d6daa3ef73ae189f31c2ed81f5efde1073159c0323b35cd7e0ea9afd5959 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js
| MD5 | e292e07c0aaceac299f0bd98a1d004fa |
| SHA1 | c9548323533467bdffdd5424f2163e22406c5136 |
| SHA256 | 3e4339804c6c75b467d00d74972eb7cbc9f272497948fcd4838d33bda85dc994 |
| SHA512 | efc7c8e65eb8217d6327a8636c887ade2aa8025f65b64cbf25eb2b22165b9a79791f2d2a71fcbd88b3a50da8b9d25a643c49bf52c5ce144a2fd3138a4aad130b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js
| MD5 | 43cc207942adcef7c5ea07d3a031d484 |
| SHA1 | bdae079e547ee878c22592b42ec5ab8b7c58f4a0 |
| SHA256 | 1ea2c42c9924ae0c2594c8b260dd981987956ce49443d5c1b148aeaed9a05b9f |
| SHA512 | c59fbb9963757657c96ba6dd1822312da423809947f6d2eb87183df7b16e6c656224c6dc37c30dbee3207b60ed505e3fbda2faeeeb5c05375cc71cdfb293bd10 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\datareporting\session-state.json
| MD5 | b3975ccb085e6bd4bff124807f1f6ad3 |
| SHA1 | 5ff9352c6a2275046c0b0da22d4284800def2ea0 |
| SHA256 | 61a603d24e4ddb9d2d7a7b404c5b14896c84fa2b88f0bc7a848f864c545296ce |
| SHA512 | 63df8d9a6af8d7ca3407ec1ff87956bf324f403acf6309fa6eadd5c40937358970376d06842210d268c30659740272fa0a55f1bbec242fcb23559cd5c23b6ad8 |
memory/208-344-0x00007FFB1DD10000-0x00007FFB1DD20000-memory.dmp
memory/208-345-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-346-0x00007FFB1DD10000-0x00007FFB1DD20000-memory.dmp
memory/208-347-0x00007FFB1DD10000-0x00007FFB1DD20000-memory.dmp
memory/208-348-0x00007FFB1DD10000-0x00007FFB1DD20000-memory.dmp
memory/208-349-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-352-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-353-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-357-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-362-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-361-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-363-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-366-0x00007FFB1A370000-0x00007FFB1A380000-memory.dmp
memory/208-367-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-368-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-370-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-374-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-375-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-373-0x00007FFB1A370000-0x00007FFB1A380000-memory.dmp
memory/208-372-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-371-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-369-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-365-0x00007FFB5D4D0000-0x00007FFB5D57E000-memory.dmp
memory/208-364-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 27766d11f17795d46a68795d9531d594 |
| SHA1 | 25f5021b53f0adb8909f0f7f5903af44f1ebdd03 |
| SHA256 | bb334b5073915f8a77a66f1bf9f59cc6cd95b88bcdba37a7959961d278663a18 |
| SHA512 | 5ba19a04d579864b6cad1c2f45cd1f67350bb86814516dfd2596691eb5a4b35b81cc9f9a1c421915d7e8e0295ef9c2909202e1e0786a10e1de9c5e88c618c729 |
memory/208-538-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-539-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-540-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
memory/208-541-0x00007FFB5D4D0000-0x00007FFB5D57E000-memory.dmp
memory/208-542-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 63b1bb87284efe954e1c3ae390e7ee44 |
| SHA1 | 75b297779e1e2a8009276dd8df4507eb57e4e179 |
| SHA256 | b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a |
| SHA512 | f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json.tmp
| MD5 | 99601438ae1349b653fcd00278943f90 |
| SHA1 | 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9 |
| SHA256 | 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a |
| SHA512 | ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json.tmp
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |
memory/4968-567-0x00007FFB4FE00000-0x00007FFB507EC000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore.jsonlz4
| MD5 | 4c3b19090d9a45dee42f414bd9caa046 |
| SHA1 | 4e1e62aa13a26844498611af5c9f18f5bb70fe5d |
| SHA256 | 553cccf12d43365fdd55c6d7d2a57179ccb32bc5369de62cabbe559b033b9362 |
| SHA512 | 274301b0e635cf5535e4a41ae9233c3b874c42fe9cf52691e1a8475a608b2981485d940d84f33fee773a20d0e1e72c5815c204d2241566cea4509bddd0c76ff9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs.js
| MD5 | 185fd0ed8fd796bb50f98518b59cc789 |
| SHA1 | b2e4dba350ab3a2579d323ec843b04a078e0dea9 |
| SHA256 | 3637f7e85787c701d474d47f7db663440a00d30dcaaa9ce32d64f0ea29931ed8 |
| SHA512 | 6ae3f29c24e9ec5d185fd62830480488abd1e2dc8228cdc0aed6fffb03da6614026ee2447c36ec7db58c0d87bb79de85e7ceb3b6d563640f1426205ed44441cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js
| MD5 | c2d4e250cd7a6aa834c5cb69b6301e86 |
| SHA1 | 66c2103b8538e9d34712b0acaea3e8af9ab2a604 |
| SHA256 | 4b59ebc97555ee0cec0531ad192ef99add527fc5fcf92371acae095f051eda2d |
| SHA512 | 72625eaa4eb8152396769fccfe12027c42f572b290d5b0cfd8db181a78a56aec87117735e507be154d6d8ed206418a946611e86eab3e307e94d48f5032810a7f |
memory/208-596-0x00007FFB5DC80000-0x00007FFB5DE5B000-memory.dmp