Analysis Overview
SHA256
b3a511876e3ac955d2e1a7304230d168f77f67aab06f0789b19fd359a852862d
Threat Level: Likely malicious
The file 2024-02-28_980b400e3c06fa3cad859ba2d3a24e0c_cryptolocker was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Drops file in Drivers directory
Checks BIOS information in registry
Executes dropped EXE
Loads dropped DLL
Obfuscated with Agile.Net obfuscator
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Enumerates system info in registry
Modifies Internet Explorer settings
Modifies registry class
Modifies system certificate store
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-02 10:40
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-02 10:40
Reported
2024-03-02 10:43
Platform
win11-20240221-en
Max time kernel
170s
Max time network
208s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\asih.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| N/A | N/A | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbxnd0a.inf_amd64_777881a2c4c0272c\netbxnd0a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_d54f628acb9dea33\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_bfb9fd6f3a078899\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1ed57daf97af7063\netrasa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_f1efe88b4f90c639\netax88772.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_5229ee1dac1c624e\usbnet.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_3aba8686305c0121\msdri.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_6686e5d9c8b063ef\usbncm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_749854ac3f28f846\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_49825a4c00258135\kdnic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_badb18141de40629\netbxnda.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_6150ccb5b6a4c3cd\rt640x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_1fab0fd8cb4d7dee\netwmbclass.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_7aeb3e6bfcb2f0f1\netmlx5.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_09e02e589e7afd83\netloop.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_bccd4c0a924862b1\netrndis.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_2299fee965b7e92c\netvwwanmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_a31306bfdf7135b0\bthpan.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_2518575b045d267b\wnetvsc.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_b98aa91c766be0ea\netavpna.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\msquic.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tracing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Forms.Design.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.Protection.Interop.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-heap-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-private-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.EntityFrameworkCore.Abstractions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-fibers-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.EntityFrameworkCore.Relational.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\ucrtbase.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.EventLog.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-handle-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.ValueTuple.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\version.dat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.EntityFrameworkCore.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Configuration.Abstractions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\D3DCompiler_47_cor3.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encoding.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.Design.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Windows.Forms.Design.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\hostpolicy.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Theme.Light.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MwacLib.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Collections.NonGeneric.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Windows.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Xaml.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Data.DataSetExtensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Resources.ResourceManager.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\WindowsBase.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\de\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-string-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbcut.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell\open\command | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell\open | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell\open\command\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\assistant.exe\" -uri \"%1\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3852399462-405385529-394778097-1000\{504938BE-35BA-4F1C-9D6A-1009983769A8} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\URL Protocol | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\DefaultIcon | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\DefaultIcon\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\assistant.exe,0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\ = "URL:Malwarebytes Protocol" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 498078.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 595471.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-02-28_980b400e3c06fa3cad859ba2d3a24e0c_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-28_980b400e3c06fa3cad859ba2d3a24e0c_cryptolocker.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffeea9c3cb8,0x7ffeea9c3cc8,0x7ffeea9c3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\asih.exe
"C:\Users\Admin\AppData\Local\Temp\asih.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3336 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8972 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8792 /prefetch:2
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,17987190571565416270,9479680279853554570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8804 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000154" "Service-0x0-3e7$\Default" "00000000000000BC" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\8A40.tmp\8A41.tmp\8A42.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\8A40.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\8A40.tmp\eulascr.exe"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 3.140.13.188:443 | emrlogistics.com | tcp |
| GB | 92.123.128.171:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 92.123.128.146:443 | th.bing.com | tcp |
| GB | 92.123.128.164:443 | th.bing.com | tcp |
| GB | 92.123.128.164:443 | th.bing.com | tcp |
| GB | 92.123.128.146:443 | th.bing.com | tcp |
| IE | 40.126.31.71:443 | login.microsoftonline.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 18.119.154.66:443 | emrlogistics.com | tcp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| CZ | 65.9.95.28:443 | www.antivirusguide.com | tcp |
| CZ | 65.9.95.28:443 | www.antivirusguide.com | tcp |
| US | 68.183.21.156:443 | www.antivirussoftwareguide.com | tcp |
| CZ | 65.9.95.129:443 | www.signidata.com | tcp |
| IE | 172.253.116.155:443 | googleads.g.doubleclick.net | tcp |
| IE | 74.125.193.147:443 | www.google.com | tcp |
| IE | 172.253.116.94:443 | www.google.co.uk | tcp |
| IE | 172.253.116.94:443 | www.google.co.uk | tcp |
| CZ | 65.9.95.121:443 | static.hotjar.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| IE | 172.253.116.94:443 | www.google.co.uk | udp |
| IE | 209.85.203.155:443 | stats.g.doubleclick.net | tcp |
| IE | 209.85.203.155:443 | stats.g.doubleclick.net | tcp |
| IE | 74.125.193.147:443 | www.google.com | udp |
| CZ | 65.9.95.80:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | 80.95.9.65.in-addr.arpa | udp |
| CZ | 65.9.95.129:443 | www.signidata.com | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 3.140.13.188:443 | emrlogistics.com | tcp |
| GB | 104.84.64.150:443 | static2.avg.com | tcp |
| GB | 104.84.64.150:443 | static2.avg.com | tcp |
| US | 199.60.103.28:443 | signal.avg.com | tcp |
| US | 199.60.103.28:443 | signal.avg.com | tcp |
| US | 199.60.103.28:443 | signal.avg.com | tcp |
| US | 199.60.103.28:443 | signal.avg.com | tcp |
| GB | 104.84.64.150:443 | static2.avg.com | tcp |
| US | 104.18.130.236:443 | cdn.cookielaw.org | tcp |
| US | 104.18.130.236:443 | cdn.cookielaw.org | tcp |
| GB | 104.84.64.150:443 | static2.avg.com | tcp |
| US | 104.16.109.209:443 | cdn2.hubspot.net | tcp |
| US | 104.18.130.236:443 | cdn.cookielaw.org | tcp |
| US | 152.199.22.144:443 | platform.linkedin.com | tcp |
| CZ | 65.9.95.85:443 | widget.trustpilot.com | tcp |
| IE | 74.125.193.91:443 | www.youtube-nocookie.com | tcp |
| IE | 74.125.193.91:443 | www.youtube-nocookie.com | udp |
| IE | 74.125.193.119:443 | i.ytimg.com | tcp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| GB | 2.19.168.132:443 | 02179915.akstat.io | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| GB | 23.39.224.128:443 | c.go-mpulse.net | tcp |
| IE | 209.85.202.95:443 | jnn-pa.googleapis.com | tcp |
| IE | 74.125.193.132:443 | yt3.ggpht.com | tcp |
| IE | 209.85.202.95:443 | jnn-pa.googleapis.com | udp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| US | 174.138.119.38:443 | www.trustedantiviruscompare.com | tcp |
| IE | 172.253.116.155:443 | googleads.g.doubleclick.net | udp |
| US | 104.16.208.203:443 | cm.nordvpn.com | tcp |
| US | 104.16.208.203:443 | cm.nordvpn.com | tcp |
| US | 192.133.11.4:443 | www.flowmon.com | tcp |
| US | 192.133.11.4:443 | www.flowmon.com | tcp |
| CZ | 65.9.94.203:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| CZ | 65.9.94.160:443 | d1c9z012fkqxps.cloudfront.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.16.208.203:443 | cm.nordvpn.com | tcp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 104.17.207.237:443 | s1.nordcdn.com | tcp |
| US | 104.17.207.237:443 | s1.nordcdn.com | tcp |
| US | 104.17.207.237:443 | s1.nordcdn.com | tcp |
| CZ | 65.9.94.203:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| CZ | 65.9.94.160:443 | d1c9z012fkqxps.cloudfront.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| CZ | 65.9.94.150:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| CZ | 65.9.94.150:443 | d6vtbcy3ong79.cloudfront.net | tcp |
| US | 152.199.21.175:443 | cdn.insight.sitefinity.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| CZ | 65.9.94.227:443 | d585tldpucybw.cloudfront.net | tcp |
| GB | 142.250.200.34:443 | ade.googlesyndication.com | tcp |
| CZ | 65.9.95.107:443 | euob.ytwohlcq.telerik.com | tcp |
| GB | 142.250.200.34:443 | ade.googlesyndication.com | udp |
| IE | 34.251.101.162:443 | obseu.ytwohlcq.telerik.com | tcp |
| US | 18.119.154.66:443 | emrlogistics.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 92.123.128.170:443 | th.bing.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| IE | 172.253.116.100:443 | play.google.com | tcp |
| IE | 172.253.116.100:443 | play.google.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 3.140.13.188:443 | emrlogistics.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 34.237.190.223:443 | genesis.malwarebytes.com | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| IE | 74.125.193.136:443 | www.youtube-nocookie.com | tcp |
| IE | 74.125.193.119:443 | i.ytimg.com | udp |
| IE | 74.125.193.136:443 | www.youtube-nocookie.com | udp |
| IE | 172.253.116.155:443 | googleads.g.doubleclick.net | udp |
| IE | 209.85.202.95:443 | jnn-pa.googleapis.com | udp |
| IE | 74.125.193.148:443 | static.doubleclick.net | tcp |
| IE | 74.125.193.147:443 | www.google.com | udp |
| IE | 74.125.193.132:443 | yt3.ggpht.com | udp |
| US | 172.64.155.119:443 | privacyportal.onetrust.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| CZ | 65.9.95.2:443 | api.demandbase.com | tcp |
| CZ | 65.9.95.60:443 | www-api.malwarebytes.com | tcp |
| CZ | 65.9.95.60:443 | www-api.malwarebytes.com | tcp |
| CZ | 65.9.95.60:443 | www-api.malwarebytes.com | tcp |
| CZ | 65.9.95.60:443 | www-api.malwarebytes.com | tcp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 18.119.154.66:443 | emrlogistics.com | tcp |
| IE | 74.125.193.91:443 | www.youtube-nocookie.com | udp |
| US | 54.185.151.250:443 | api2.amplitude.com | tcp |
| US | 34.202.188.109:443 | ark.mwbsys.com | tcp |
| CZ | 65.9.95.52:443 | cdn.mwbsys.com | tcp |
| US | 34.202.188.109:443 | ark.mwbsys.com | tcp |
| CZ | 65.9.95.5:443 | cdn.mwbsys.com | tcp |
| US | 34.202.188.109:443 | ark.mwbsys.com | tcp |
| CZ | 65.9.95.39:443 | cdn.mwbsys.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 3.140.13.188:443 | emrlogistics.com | tcp |
| US | 34.202.188.109:443 | ark.mwbsys.com | tcp |
| CZ | 65.9.95.5:443 | cdn.mwbsys.com | tcp |
| US | 34.202.188.109:443 | ark.mwbsys.com | tcp |
| CZ | 65.9.95.5:443 | cdn.mwbsys.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 18.119.154.66:443 | emrlogistics.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 3.140.13.188:443 | emrlogistics.com | tcp |
| US | 3.225.208.184:443 | holocron.mwbsys.com | tcp |
| US | 3.225.208.184:443 | holocron.mwbsys.com | tcp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 3.225.208.184:443 | holocron.mwbsys.com | tcp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| GB | 92.123.241.137:80 | www.microsoft.com | tcp |
| US | 52.25.254.100:443 | api2.amplitude.com | tcp |
| US | 18.119.154.66:443 | emrlogistics.com | tcp |
Files
memory/1912-0-0x0000000000500000-0x0000000000510000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 88e9aaca62aa2aed293699f139d7e7e1 |
| SHA1 | 09d9ccfbdff9680366291d5d1bc311b0b56a05e9 |
| SHA256 | 27dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c |
| SHA512 | d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793 |
memory/1912-2-0x0000000002250000-0x0000000002256000-memory.dmp
memory/1912-9-0x0000000002150000-0x0000000002156000-memory.dmp
memory/1912-8-0x0000000002250000-0x0000000002256000-memory.dmp
\??\pipe\LOCAL\crashpad_1752_JQXNZZHJMNDDBMGW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 341f6b71eb8fcb1e52a749a673b2819c |
| SHA1 | 6c81b6acb3ce5f64180cb58a6aae927b882f4109 |
| SHA256 | 57934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29 |
| SHA512 | 57ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3240c905b6e5d652e72e3cbd21404db7 |
| SHA1 | ecd6989d56422cf0849fc87a6c2e8c9853201ded |
| SHA256 | 1941b9291326aadbc149e48c74b5f4632a5fc8b13bcbb229d06394b7e3351c34 |
| SHA512 | a6265bd85a29ef1121913942ef43a77cac1efb6252f97c40d3b7d5630b2d036f30fd52f5e81e7a3549175979013be579a60caf9704b6186cde1174a08f74d8c8 |
C:\Users\Admin\AppData\Local\Temp\asih.exe
| MD5 | 04a4466cb5f60b312f92c7876173e794 |
| SHA1 | 6ff1c0b99dc4baf82f232563f269c4cbba5e0e08 |
| SHA256 | c3de1bae476554d7a256d5c58ec7ed1a512ad2f0126401cf411b682fbd6853d8 |
| SHA512 | 03ed1a7047b466d59c52aa8359f13fb3dcd549a5b5eb3d88bcd9977a77427b09b41fe2653343eabfa21a0961156fc8a7c3bd722a52c94c9136a2cd66d1d810cb |
memory/1912-39-0x0000000000500000-0x0000000000510000-memory.dmp
memory/4228-41-0x0000000002170000-0x0000000002176000-memory.dmp
memory/4228-43-0x0000000002150000-0x0000000002156000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 81cf06552d293bd687e8ff4c5541d4b7 |
| SHA1 | 318d180a0ba40740ce42d498ce24eda4395fd65c |
| SHA256 | d637db106dc18a43d689f8b58fe6cab3b4ebc374e371db3272fc75dd15eb6d91 |
| SHA512 | 51c163c51808d4451b83f6a8a7216edc73d8f02a68d7912d99739dc4bc756ef8b4ded9a34469320b191a8a08dd39a02892722543cd4285dd18ed108761a737e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe4133207a6a34870683d7b1fb7364ee |
| SHA1 | fa7ba4481908f6130345aecb27aabbe95ce3068e |
| SHA256 | 10db062584e990c5645130577f82405f2a15a2e75f0bc12754eaf43eb0b24918 |
| SHA512 | 7c961788587e0e7f8faffea09aeca4145ce8c4ad1d2f1661a7beb9d4f6e1e4c994ea5b9f2265a3996b2fa67a3ca919e13f68ef8b9964f279a010d7e11a93024c |
memory/4228-228-0x0000000000500000-0x0000000000510000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | acd3f8bcdca044e4382c0bb6246b0234 |
| SHA1 | 1c83d89a3c40835a82f06e6bea0af86f52901bc5 |
| SHA256 | cec8af8be960f3b13ad0f554c338ab88688ae5b4ddfcda5471fc8268ce66db25 |
| SHA512 | 3cbf100cc72f4a63c7aebe0ec029fc3635b97addbb0a4e83febbd127e00ff1455fc0b4cb90839f3bec498a7cdb848d8fde4d6991cc6a1f479669e70ad220b5a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | f07899b2fa8398870c2dcb5d7fe44fc5 |
| SHA1 | 6efd418ec9d45e731cf848b75b52cfb6124e773b |
| SHA256 | 732fe8afbf4fda320d34ed9bb0d4d4f5525879ed87784870face53eb50ffbaeb |
| SHA512 | 0b30a0d01277d2f3abcb85f3fc16be3b07fd826e9cb523b73fd9e45bc5cacab03e6f0486ce84cdeab01adb70810d6891d87dae036e525959a4e97114588a900f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cee544d0d3f216315f401f32d4f663cb |
| SHA1 | 296145cbe02c8aee619ff5e7ed75d35cb4b286fb |
| SHA256 | 60da7befa015bd38b25fc26f83a52ac3e1bea71a06c7bf2c8da514d125d6a250 |
| SHA512 | f74c57aced3209714b8c9ae80178a62aa30a69f0b7dd3c4e992d51dd63fb12c7d3fe9b9632f92831162acfa212e5e64c7f97236ce96a85580b894cff8b71c6a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7f89de768b314f0bb52b6e4fe922b823 |
| SHA1 | 7d05d1d20c0cf913aa5543ec82022bc571b68f71 |
| SHA256 | bcccf2a3045d37865dbe7d4029ad462f901a74ce7f5739dc91bfb446c844ef1d |
| SHA512 | cbf76756c2cd03feef932a274b351a2ebe9496de7e7d8db24736eff69dd3cce22143e3ed6357e4b10c8aa4de362ff1728678d94aa94bd8d3a4e433e3c64630c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586618.TMP
| MD5 | 5eba58dc394ae0b61e16a3f8958f5c4c |
| SHA1 | 49805738b66db5c14d9f83b582575061ad25f2dd |
| SHA256 | e7a853bf58f7b66f6764233577bd327345d2fc0094a7919d50ccbb2e9959add8 |
| SHA512 | c48eb44fc3b51e1fb04baeedf4bf44ed215051ea1433fcafc13d015a9b6f2be3beadad097ec3a10b09cfe0485678676038251c3b09ea38f54a56abf1fff9c21d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c1df1f1681b3e64837f20ab96198e599 |
| SHA1 | 7b1437d2cf588fd3dba41ad2221f4a7491c370e5 |
| SHA256 | 8b7ff2d37e9b40c40c94acee4ed1a52553dfd7143a2bbd8a8114bd1fe64f0c26 |
| SHA512 | 9d789f0e45c456753bfae1965a3a8de19a97548fa28ed2b74396a04c117444ab454a1dd44eb33c5ea07f6055b741ab66f81e6cc37ce2f369ae49dffeff875603 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 70bead0149ae519c6838ab9f92fc9763 |
| SHA1 | 3fc9a8038c8a6338091d81f05af8052eefc50705 |
| SHA256 | f2b5588b4b5a4dd40099dc9e2e50de0cf745773b9572816d777a21d8436f9f4d |
| SHA512 | 883a2d429ee7f06bfe8c52d2a30156c41db278cd889c73bad4f34ca3fcc0a8fb87cee03bd06a4ee5a8382ec30c2e82101d4619e055a3e869ad70234f41aa2e5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | 343859b4ad03856a60d076c8cd8f22c3 |
| SHA1 | 7954a27de3329b4c5eefd4bdcb8450823881aad6 |
| SHA256 | 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f |
| SHA512 | 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt
| MD5 | f859b0da747abe6c4be14e1d5f8ab4c0 |
| SHA1 | 6fcb65d98c3fb0821162046537c1d7e97f919392 |
| SHA256 | 73021fd93d3c4e7215893f814da719245851996b0448ed37847c45c8307cbb2b |
| SHA512 | 7317c580dded3ebe8b3d9d3f85b475feda6ad89b8f16e89a5796d21abb84aa012b2d8191748bbda3659fa6b947d6488ddbd4d83c3b6c359041441d59f76408a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f15a42d2b32eac215479aae6e3b93253 |
| SHA1 | a280fecc6696c0ed43fa9d20fa20dd4b277bce11 |
| SHA256 | e61d12e36e190b4ca49bd07b709a38f557a71be9f176093aff0b7d0573eeac3c |
| SHA512 | e7b68ffc6dc2dd7824f24009280f123da291bfdb909b21d5e2d7b8d5de11f3cf5295d199065dd59fe56c16f82b1c204f9daacedc9d60998ff70a8d886a07d521 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84110d7224a36b25ed2b93c5a9e2b01d |
| SHA1 | a53daf9cbdd35bba00f5015a16df5c4695a78179 |
| SHA256 | c8722be2dc8680da2fd7c2e58cf33208319c807c52435933700eca71164dab37 |
| SHA512 | b8c711df71c5320a6aeb45a509e5bd6e7bba60afba80b4000c8b73ad5b364a94fe0ed15a9a67f07608bfb46c74646fc6167b106a8c6ef4d4baf6e6366a906951 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa5077a9825684f217d74292edb15c3f |
| SHA1 | 027446d8b3b8b68216cc586351eee34f95287869 |
| SHA256 | 320f6e171fba46a75f1da6f8d1df3ea4dfc2b57d37a3a072372ad537767ecb2a |
| SHA512 | 9d1572270a2045d6c021bef823abf98f3514b4f6867f469d5b0076593f22682168b6094346774480fcd20126dd222dbaa795b72b44beda35b9b6cb5463378ba3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 49c1136d79ea9f5fec0026f4e900b81e |
| SHA1 | 50257c9b90f443d09538ec05ff251dd289024295 |
| SHA256 | b6afd1494639cdcc723825f01b48192fd86adec0af2c1e1d9e8dea0add74a5cb |
| SHA512 | a3a800fc08ba3fec12daf54d57aa999a48ea51b33b9a146104ccaf17ee455de30e300d1bbef50f5e902f40b99ede1bac4fc9e4c7d8863c2a1b79a5df1a41b166 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | cf989be758e8dab43e0a5bc0798c71e0 |
| SHA1 | 97537516ffd3621ffdd0219ede2a0771a9d1e01d |
| SHA256 | beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615 |
| SHA512 | f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 3cd0f2f60ab620c7be0c2c3dbf2cda97 |
| SHA1 | 47fad82bfa9a32d578c0c84aed2840c55bd27bfb |
| SHA256 | 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b |
| SHA512 | ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 68f0a51fa86985999964ee43de12cdd5 |
| SHA1 | bbfc7666be00c560b7394fa0b82b864237a99d8c |
| SHA256 | f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f |
| SHA512 | 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 3051c1e179d84292d3f84a1a0a112c80 |
| SHA1 | c11a63236373abfe574f2935a0e7024688b71ccb |
| SHA256 | 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3 |
| SHA512 | df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 91dfa490ed82b097cf22533d829f8e11 |
| SHA1 | 16b3aecf239665e06d38808ebda28a5053b71ce4 |
| SHA256 | 289b1706bb9c48ab616f7d1fa3d959dc63bb8268de9b61668ed3f9d72887255d |
| SHA512 | 80d8b9c73c918211bf275dad89196acdf0e6b6fcd30d079bc72c8d36edb83bb22acf325e12897606774debcdc9da3b8b44277eb535a79ace419e64195148eb76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88154c87a8947bcf99b2a661225d45dc |
| SHA1 | 2804165957316b2ad8910aba9d8f200af0a99adb |
| SHA256 | 594cc1cebc9ccef546e10f23c8c911748b825a2ef9eac346e3a0f2370bf83d05 |
| SHA512 | 182610a9f1de252445b35a5f95dbaa97d2ac00740f0139506f64f857063cb74850f1114bb195707ddc64863255fd306831eae658cee5aa5b8edb537df3ed0ebc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b8daec02eddbbd386ffad48e0d17c27 |
| SHA1 | 6a6ee0791f4289f7178ab7910c868ac6191d4d5d |
| SHA256 | c3fcf82ee9ec43aef0d5a7c1d8e4c75f570710b5f33f8c80ddd9e79fdabced1f |
| SHA512 | 6e778d05e89b57f840f2782a4a3b980a88415f3c0cb6317c8dbeb90ad80654557b250b56121962a57166fa757f4b07812e3a17a379a2f989c5463aadd09fd23b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff5b5a78b5ab69c4682f15c17a8fc416 |
| SHA1 | 64eb949b1ecafa1592a050838711be30fbe502f4 |
| SHA256 | dd9fa19f068ccf0cf6976e16e048604afdafbb2575dd4e0742011938e32c3a28 |
| SHA512 | c6ebf0a867cec03692c7efd5a1944947174c23d2484f22e3d15b3fd4c7f9deaad244bddc120b4a7b62dd5e3314be681275bd9b4d6137618aa1fd312c22edbdce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f67cc183ba0591e3ca88be8a0985b276 |
| SHA1 | 6a5b33a905f6ff63cbcb4f61d3a7e371a11d8cce |
| SHA256 | 89b5b2ebf11cb23194867f1877f7561865a76fcdccee372dec16884bc1a81495 |
| SHA512 | 6f59937420e3d74ef79eb9de98926e46f0675f46d381500edfe206616ba3ec75106ce32dce374d004918225ab5f3b59305589e0020aa126e68a4dbf9c3e667cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b8674e325220ed08ae40ea347173b434 |
| SHA1 | b5562ac735a14b415ee268bfa01bfa2719cc4fa9 |
| SHA256 | d8e377f07fb4e5162cf8e0d140c0c60e67728a52df43c08d616d6ab5b7980dc5 |
| SHA512 | b1e2deb16cd682abe2e50d378ae5175daf2c467afb65b93eae7027bb56380ba2186f740dbaa24102e1c08fa28e698d5f5b490d088dcf3d61eeab7d24eff6e753 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a7d1b7a0a5315195e2986d9843623f48 |
| SHA1 | 629276db033f1c9c5cb79e1cd0aa192beeb389fb |
| SHA256 | 319ef2ff89dc62620adb2be20bbde8d99741dc380dbe7b659df5e7892c01fde4 |
| SHA512 | 5a281bd0fc8b39c127f5b91d877fd2d3f388108a65cf361c92c4314adc2f2dca969ed9df75da1d01287492986fa1ce4c9cd5dffd752809f2145645a2b2b1f5ca |
C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | 38fcbed91aa65065ebbe593da8a81fed |
| SHA1 | 8e13cce55f98d6d63c389980ca9c9d42af427509 |
| SHA256 | 8f0d67741e5bae151c67e274320aff754480e188499be17c08e72cb4fc6fbfec |
| SHA512 | a3df875deaccb0c8d421bf78fa5ab92c3d0bd67c4bfdac54d430d46043b4306ba138e45a223e422db43db6c305863fc84cb171d55878a774a58e794189078835 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 2f321e7c4bfdc2a1f0890a36521947c8 |
| SHA1 | 89ecf4d39949e36de2e1503cc0b2e50a3d677ae9 |
| SHA256 | 231e1e5c1b99f583875553ab2f68998926bf37c2c1cf0a1da0bd0cee7f7d08d5 |
| SHA512 | 6117775a31ccbb7b1f60b7a9b8a2004a22d3abd2f7442296b2cb425ab36dac77770160c032a1091169e6e79cdd54c40d03f30b75d600bbb5861b5c8200322829 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 21b6b165ee958834af92d3b12fd3d6be |
| SHA1 | 586cb21c446ad686f32a88a20897830efa8a1452 |
| SHA256 | c58e3b08b2fbb8f9456d0db92e539f050c6e8044bf300b6ef046ba0f9a177414 |
| SHA512 | 25fe5d0fdde452d701a1842219b692aac4af157745800609b37fdc16b76f137600a5df5784c73efb02b71adac19a91fb7aa9bad0b9cd78b8ea3edf03424ffb84 |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | bf411de146ab5191b1dcb91aa2ad9be3 |
| SHA1 | b1f0f8e8855de96f2f9d64e736de5b5e8de0d37e |
| SHA256 | 448c948edbf2fa7e9079ed2f2df40e0ed61ed87c11c5f06330daa14dda581d05 |
| SHA512 | a7af8c8834d827c32d94b6eccff081517dbf1a4c4d0ffc0019831718c49987c1598fda6cbea552911e8de68380f139f6d1e11cd477f036328484f71ec0d71d47 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 10bf333c8a2fac2f6b8d81150e2bf654 |
| SHA1 | 777334a3851070bf9afb24b4507f3e370d533f24 |
| SHA256 | d56fd2b9203805758368d81ba3c12a65132ef24f07d1570a865f36629cd98e07 |
| SHA512 | 93284471dd44bfb4a40e90383547fd39dc5b202f42b72f15ad6be04ea43eaab1261477dcd620e6d743b294ed9fdd945f85d1c386cc4632caf04d29e19a32c04c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 33b2313192e3f74d527e98e645690c1a |
| SHA1 | 8fc96149e34329c614458adf81732d223bf3c719 |
| SHA256 | 1ae4b0226375b6ad5d9d648deb0bd57c3b36d2c3da2d9bd4aed69cc6df63aaac |
| SHA512 | ac56be244167a20a98a56c8f51b6b343cd74860234470613b34fd0441dd1f2236b68257e3569e775d72fc0ac98999e570d654b0967b0447df7e69a6d97661123 |
C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\7z.dll
| MD5 | ab8f0c1a37c0df5c8924aab509db42c9 |
| SHA1 | 53dba959124e6d740829bda2360e851bcb85cce8 |
| SHA256 | 6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5 |
| SHA512 | ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 045def9b48e67be8bb07a5c8d803005c |
| SHA1 | 1d767620a8b81e1999f4c7482c6ce63caf635db1 |
| SHA256 | d341e26f3504628eeb0c64c0c5ccc8d01a3b60db61b774c9483d6de1697dab3c |
| SHA512 | c2b6add98545ab7696d490426bd28de3cdb98c3f9dca587573411c9bb5797cf8a32206de939a68ead51546c5ea8334d34c3e6434b37aa66d8f167a0d0d60c0d3 |
C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.25\mscordaccore.dll
| MD5 | 4820d2a3a060de50d67b3848f00ae811 |
| SHA1 | 934495925b85b3afa05ab2dae211d0b7f64b51ad |
| SHA256 | e5777c51dc6686dea8fab6bed6acad66e7d02662176409dd6d128be414ac7808 |
| SHA512 | 679537da497a8d62aeb6f37c54361f5ce770fcc5f19534158f6f0de00b6b82ba589e06e1b299b91fcdf7c0e35c9a3ac501dd93bc95419901914474f02cf1ca33 |
C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\servicepkg\MBAMService.exe
| MD5 | 933d04300d9c4490a562f174214b2865 |
| SHA1 | bb4a4fb152abbf7047bd1bdcffc914d3aae9f779 |
| SHA256 | 9566e2149cad9a2dca4e71fd2957936e887651585e14cf71f37b0c94ec87228c |
| SHA512 | 9e19dfc5fbbcbd0fc40df7c2895554be193b4e6875141e64cede55d5fad5a25971a895333db36b8621cf785fa17e0516231bb0cfe42f3c67a668096f6de9b21f |
C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\dbclspkg\MBAMCoreV5.dll
| MD5 | e374937efe9abeb8e8802486b7787b61 |
| SHA1 | 4425576c4de9b391ad06d66502ef38032cb32278 |
| SHA256 | 89b4be41a8a0fc009cf6940bdd7091be94ca90c9a3590b787272bced08751463 |
| SHA512 | 561e2472be122566a93473e4a59dbd81893150a1072b67d49d3415067024b3a50a0f3c520be366d1f03f39710b88ff5d3cdd6124c91444b55037e5abf450ce12 |
C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | 937a98c6672704251debffe44b580d34 |
| SHA1 | 53666699e1823565bdefc7fde86598c843b4cc6a |
| SHA256 | 9b06919af771df779a7534cba46484be00c8113356770e4c2d20e118fb3ee593 |
| SHA512 | d1581719591a99fd609fc1471db2a1c38329993cc15d5c2b05c36b81f7a0887146afa250f1ecf2ab0e6815072bb4010aaedbac591b39bace1ded40d0175161b9 |
C:\Users\Admin\Downloads\Unconfirmed 498078.crdownload
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 741464b0e19cce144fc28e0e94c5b64c |
| SHA1 | 49319149fdb8dc28056f708e867f7deba73035eb |
| SHA256 | ad87580dacc96b0eb29cb2acd069037ca14624f15c4d15ce3f2a360009e91030 |
| SHA512 | 484ad9d18610b0b58e93dbd9bb36991e6bf78e19922799ecad79680ad2a19a01dea58369f15e0dc3142f09fdeb7f95ca178b863a5159b64505f8dcb9b647bdf9 |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | ddfee006c8400cd382d722db8aba8cbf |
| SHA1 | 46db8169f77a728b1aa2fcaa35962b711c7e7653 |
| SHA256 | e1fed170feaa0541443d2417eac0a1901c36eb1abb734861edafdeffdaf54427 |
| SHA512 | 96c464d034f616fa96c6ba45c717c51f59a12e9624ec0bc166d510801227d0d1e4e3578559b14aae6087ebb828db378b47ba9b789944dff9c3a29a202bc97c3e |
C:\Windows\Temp\MBInstallTemp952e6b9bd88111eeb8b1dadbc67928ac\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 763aca65b6efaefde26476b04fdbae53 |
| SHA1 | 1a0aba13ad367580c4f921da26714a8b5307eba3 |
| SHA256 | 118b51e1269df6301fb5b9e8ed1d9cdf60c05293f24b4c2c2db14c094a998796 |
| SHA512 | 366d14524a44c2185a3054dd926aa73a69bfb56891445e3eb8b017aadec7e3b24a363f8e5b9a16c070ef7f188004662aabf546931fd8b9e50d8b1b8665612670 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak
| MD5 | dbac051733fb797165bbff533776c830 |
| SHA1 | 71e0a30d091129241308a48898211ced048a187e |
| SHA256 | 79b2a705da319c947d5ca012cb1e950a8acbbff9e0328312ca42d2ae4a08b1c0 |
| SHA512 | 18d5a4aedcbaf19725a961aa0e3814581ae254944a8b8369c4529ddd934eca2d67c6e803b3f53b60870866350a381196876c720e45321f1ae2166f25227180a0 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | f391d394be94295ca6a91b604803f133 |
| SHA1 | ac5c6fe9bc691d3ac998a6a1a549b0dc6fa0532e |
| SHA256 | c85fe3a6c013f4f13265a650ba8aaced614ea514ff21b1543d9a0cb30d2fe310 |
| SHA512 | 9becd45ba0a40e3c85e0831ad15e982b3b58da6dbd5da5306cd3358ad195cd9e92dfc3fd7635049090d209718062e665b051cc9470f1ba6d7f0aa43888fba710 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 57c5286290f4266bc281109626bd62ab |
| SHA1 | 91b4ec2a4925685ecffafbbd2724af1951bd73da |
| SHA256 | 2fdd02bc2d00054a12319d41ab40368ce47c0cb244ecf5799bc645146dec1752 |
| SHA512 | 4058b99ee186813ac68a32391e1831b522cf65ce3e17106962d2b60f25769681364653ef88316175798b511278b958b2e46534eec1c89b492e68c26f91188a7a |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 935be85186e8571536580ac7a6b0a667 |
| SHA1 | 89f45cf2ada3efc97582c6f4493d18d4bb697e17 |
| SHA256 | 4820ea2d795f536418f90341cc29d27cb91e7a8030bf6ff5f4ca0bffa21ff99e |
| SHA512 | a717006ff72ce32d839f80d03ca842a3c2c787edf33575a0e468efdb744448b95d55578dcef386db966c32ba9967d33aee506d2fa28c46350aa9ced385d4fcf8 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
| MD5 | 8e9d961a2a292c1c5b4dbf705c50469c |
| SHA1 | d608f9135cddf9520c3b7f1976857e1a2072f1c6 |
| SHA256 | 64ca92cba79c589e55eeee1ff29bab3169c6a84852a6b4a71042a9b9b6918ac4 |
| SHA512 | d9e817f6aed0d34843f83efe97e1907646caf49dfc3b3b1cf8880b106935404d19f04e03f1cbc913a1b4a14db5dbb691fca7c74809c9ffed078d8e400b313553 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
| MD5 | 5ce3f6c810f8abf4e5e3bc5da69c7135 |
| SHA1 | de563d8c4ba5786ed49a3d934319447598863bbf |
| SHA256 | 369f3c81ecf9c307252da65533c2f0823be68357ade2262e6e01d0bf6ba2c819 |
| SHA512 | 8077b945cd812977afc1596a4b3ebe6d84569ad6726279ca516371d78d5508471cefe488f140fc8f7362801ff48aaf80b0f5715c01059a372e9c514318090035 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dc1ec9d321f53bd9bfaca6fbabeff873 |
| SHA1 | e1033abaf1a437d145172fdb54530e3e99a900d1 |
| SHA256 | 188cc4d1f98eafd672a3d044b0cf91b717bf4ab38a6ac10a2295c100112c14d1 |
| SHA512 | 74481db724e901e60c53ece9466db9696c7011fd02eea5b302cdf54eb1fc318c79d18a868f869ac356056eca5bdb7f10ea1527caa0051d26229b7347d77b08cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e656d0212222bee53d497c2d21055c17 |
| SHA1 | da78bdf22fd88dcfb5eb44910b458eef73da5c19 |
| SHA256 | ed2486562dbfa2071b95c6516bec9694657d733f7516d385067e91accdee9b86 |
| SHA512 | 3d1c2e81bf5f4bc92dbb0ebbc4a2d9e0908ff03404965cac5b1042a92cd434bdad5342646689f1fe8caa2c167d65e96e1dd5208baaef9ad303824838a1140774 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | fbfd16d7093525ef063b003b737849ba |
| SHA1 | c9c89677e3996a647f1eda84f99229d40740d5bd |
| SHA256 | 12f5f0de7421517a5b6a18cf08517a1a786ac8f226f8d9d91967116dadb9ed1a |
| SHA512 | e3bc437a079815274e407679d5b6f4485a55dfc174ee8ba36f33158a9b107939d35144c80d3801d90a781d115aac8ac0d642700536bccb42307c352f2a346828 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | a2247b650d549baeca6fc480709503e3 |
| SHA1 | fb62b91929297039a952c032cf554fe782f4cabb |
| SHA256 | 53361cb2a8637f13df5c1df784234ffcde5aa4dec4eb303c27c7de44488c6ac1 |
| SHA512 | 6599a662af81c4a8e21520ad56828c36e6c4968e933715bc202150bb51f3e4e5cd0c66e4bf9026d166fb312377b98f553dce065886cc31f3f4fb75955bb7bc4e |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | dc207bfa7add352e740936efb122a03e |
| SHA1 | bd51990daa404e8ccc75c70d6f11dd7ab710719c |
| SHA256 | 92acb7c7e8193075b60e0d0c0792425841475483478018652166d33b9dfa5ccb |
| SHA512 | 310719e619e104610fffd491a602fd6284cdbfaa38df77f9affa7e542d4f39d77bf81b9e605e64ae6904c41c2ff57df9f32c833f4ae543924d6c4c3b3b4b6b13 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | d02e1fba502a2ada994d3935895b542d |
| SHA1 | 6a4c231cf373d838c16c86c05b3768d88d7f409d |
| SHA256 | 01dbd125d734ce1b1aeb5aea08e395e5a1d3f1b90e7a757b947ce5aeea4fe3c5 |
| SHA512 | 20d98d0ae473acd97bf747b26b3367a1ffbd387fe8af00dbb907466a7394bdbfea61b2a9e1d45e1ace48c41b3987a317158c9b97609dc53b307911097a8ce748 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 9832e1205be76c29dca1fb3f4c28ff08 |
| SHA1 | c727b0e209e2b04f7989fffb4878daa9587e8e53 |
| SHA256 | 15dc8ad530ca169f26e86289545bb1d52130f5380ab83cd6437d21045ac29103 |
| SHA512 | 8b1562312589fd0e959a1d2cbe7ddf5566cf67200d374bf1062103025e6cf5a95e9a36c87180cf21176fbb09904803252bef34e0aa25afa03c76ae90eb66cb90 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | b29a5f752e8fe8e45e7b698124fae7d1 |
| SHA1 | 862ed8bcd78c3f761632431f7692815897666369 |
| SHA256 | 5cb4dbfa9a5a2e89c623bff53a5edd9d7c862caee9508ad48b703b865d14ac57 |
| SHA512 | 9df742a45965317d78a1c0b21d27d3891bf6fa8ee2bed64c6692b3c0aa54b15c269af5864fd89cec144222ea19657e4bdc2b7f9820bcc3d4b168f7cb252de9e1 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 6f0ceeacb21b3bbd569d211617b2f3f6 |
| SHA1 | 9185bf76c92eb87d73d75a576edfd7bed82f1099 |
| SHA256 | 65084108ace1ba3c037e203667b67dc5d1d1c06261c0d121b3c536c7e5e247a6 |
| SHA512 | b73c1613ef5130ac6270615d6960e3e8a0125d6d742a139ed4564b5af1db8c7f8d9bff9d32e3904a377ebd04337114505b9def88aad5e72f2e4d95ebf9a8ecc6 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 5d4f8263159ac4eef7b2c15a323c5278 |
| SHA1 | 39cdb918f4e7182fb374b9f1397f5d2fb45cddba |
| SHA256 | dff2937bc38e48042590a7e2c3d64982f469423cd49dbab9c50444ff03df35ef |
| SHA512 | 3f5e7f38acd089bdc1888e277cc55367b1982419336e1dcb4cdbfd7d010c62df94e358a0283c93fe3c0773ea862ac2eea7b6ae185598ad8bdfb8a3cfdbb76362 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | e87c7f0ed2d8990feefaec6900d3e8fc |
| SHA1 | 8ff45f1a8e1c93ed5f7e9ff1786af0f5a2720781 |
| SHA256 | c07cb77c79133faba282448f82b192eb6566b8608704c98298fc24e4d6a54bf1 |
| SHA512 | 195a9156dfe7bdbd870bf72e83d6ebfcc59f0816951d06c9f82dc3d5a1276cff9acfcb6940d6dd16caa1a0897d040f7bb8f36f2cebcd9775c713c74685b1b8a7 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | 69f7fb8b8a6f02baf066638c9ca45995 |
| SHA1 | 2a605097a48c24767aafbde47939ad8e66c9602a |
| SHA256 | 6eb889f3967be2113efcf2df1a99e49a664975610924dec15186078c887872d0 |
| SHA512 | 96a6ea02054e3eda29e199280c99e32be3286479682a2885377eaa914e3f6b4cc44aa3803f291cedf20674c20ff9a10115f9e14c3cf0e636649b5cf7473ec6b1 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | ca10bf6ef26445f029e7a7d33e194171 |
| SHA1 | 837438f7abe90d38c37c5a11290a8c218cc36f4b |
| SHA256 | ecd5b927920204a654a46ce148ac1e35d36c52bf94fc35fe48a62439c4d89cf1 |
| SHA512 | 953c5b7e79c7543b290048e3094cc3813fe95306b6170ef40dd2d9cf4f27cd5b4725bb739c098338e06b4e7873e1d4a9444db3a3ab669659688819327360fd1c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 9638cd5c2f0a855cddfd38d33e4d9290 |
| SHA1 | b7f0ad7b5272306b8546f7337f9ebe87ebf75dd3 |
| SHA256 | 18a2731047c22b7963475e14b56f4f7264d1c72cf063af2219ac6e9a6679c6de |
| SHA512 | 85d91790a60639970cb7cc34360219c0b64417d8c6669be97001dce28908458a144be78f1c9f786080449c2f3aff41dd8b0d4855548b4985852db9f664998771 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | 9a0295d9cf48c1bc1ae2d3329cbd0ee3 |
| SHA1 | cee3cab21f5a24a99d63bf00c0aff3d6ee82ef26 |
| SHA256 | 2f70f654ccc5ab13182d1f909215840a4a304f284a3cc1e5af3502058fe0c8c7 |
| SHA512 | bf87fe79aad94c181ac009a8345e70b6c67d1fb7468ff414f12bc01a1a9f5435063c1c8abcc815a9701f3b20a4050b6fef36f35004695e3601229e1454a4ea32 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | be5c0bdef631a79b8187f3237b24c816 |
| SHA1 | 8ab4e5eeb3304ed41851a51e3bd7694334ba5149 |
| SHA256 | 00dc53182addf5756b5c0e0b0fc941ea5b1c91713b26a1d4a0b1a1c4e66d8f35 |
| SHA512 | 6a18750370950cd6162af0c6638fa232a4c40808aa79456537448d46dad031d89e45ba39f976da9d752b4aa220b6ecac14fe00caf30f0c6d592c77e17fffc0e0 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | 9ca43e1267af041cf9c4052ff35b8159 |
| SHA1 | 3d68b6d739a280da577a9452e5ca7b50c7dda425 |
| SHA256 | badf72956420de417aa0f4bd7d397a0234dc98f87cadec6a7ed608749ad3eca0 |
| SHA512 | 800530e449fa6fc9075330e23c6d1160936c382683cc7b14486763daf56b2b949081b843547a0e34b25ec6e2c2d02475e5fe0eb801edf167d539a6f8290783ad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7e7ec88fbbb131bb646ab6b4ee3107b |
| SHA1 | 9c47f4010324c73d2dd475efd763427c9d42b323 |
| SHA256 | 12997734cf9dfdd5aca8981208c46ea2c17c77b20f5aa9683b2c687bbe146b47 |
| SHA512 | 951390aee1dad211064677269dc6cfcd5ddb62d7033f09bcd21d73c35e83d89c75bc760196567f49b16cb464a1b1d09f34c5186c6f295a8eb4b5b6802da9b750 |
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 9ea3e3daa3b3f22599f9b8dbfa83000e |
| SHA1 | 96272db3b80729facfc78a9eabb796fef57cfc4d |
| SHA256 | eb0e45aff7b76bc0ab34642f37662403e3b26c66fb1ddb061086e76ccdda29be |
| SHA512 | b41b82b23bed227598bcd4cf5307fea522bce6a39b6f52ec69e90e6527fe4fe856584af299d41eb25b3c8838d48aea531d3975b1a03b778143e6dae375d4c54c |
memory/6348-4485-0x00007FFED7040000-0x00007FFED718F000-memory.dmp
memory/6348-4487-0x000000001B3C0000-0x000000001B3D0000-memory.dmp
memory/6348-4486-0x00007FFED4800000-0x00007FFED52C2000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | 342b6700e7bcd7dae822a286f50f2351 |
| SHA1 | 56fb8e2336636bcb0ba931f893b02b7bf7c63952 |
| SHA256 | c2414f7aafc971886cb69c6ef2f39f78cdfdea9909784a069e21b99f91c3f7cd |
| SHA512 | ece4a281691f4d8c7e0c0eed671f14e23702bce88f7a029cfbbffa4a15b64985316ac529315061f5e65609fc7a5f92ae9a89aa176e9ea75210a24397fbd05ed0 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | 26574984c49eeffaba3a9c4d4befe806 |
| SHA1 | e7e33708c74cbc5e0891eda541452570b5a42912 |
| SHA256 | c4b298a40098e3e1b699c6005049b9ad4ee92f6a17410b6a22171a94db4de1eb |
| SHA512 | eb5ca1dcaf017dc7b45ac4fbc9b3111263ed6d516ad46056338085529b81ce3690c8cdf5fcb552ea1cb5e887065bfd0c379f92cd594f8b306e086dff0ecc0e42 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | abe1425d5aae90f4f691cb4652ef3d9c |
| SHA1 | e05729578dcd3130b57220f0fb18e35d64c2826f |
| SHA256 | 75f425a7895949cf9ae8a51f335fd50a4734ed9d8f9da6cc281327706d5fbed9 |
| SHA512 | 4c5a8ebee861140cd74c26611305330c19c5ea0a2a8af2a6b619f652b77bad08bcdcbd128b49fe2767569ce547433e7a20690a19997735b06659ea6e90281b6d |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | e835b68cfd479a5fadcf3f9e83c30ed5 |
| SHA1 | 92cea9894408fba5de14d8307a8fad2e6aef7a97 |
| SHA256 | 8cb6e294288f763960b40924efb85932c407e9766404fbee8221435c3f053721 |
| SHA512 | 3a10d7531b07680636d300fea7a1bae9b66e4f060c1959c1247d1704e4b89c93d013a615918b6ac228b6be3e05c5e78118b8abd52ef5ea81026eea0707e20df0 |
memory/6348-4447-0x0000000000750000-0x000000000077A000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | 144bbdef05458549e1acd2d7845305d5 |
| SHA1 | 1a48eb340ee9290392435dfb6ace0b99eb775091 |
| SHA256 | eb9726ca8d1b9bf4f738cf225077d10c21111bde71adbc9badda97f684cb7132 |
| SHA512 | c4eb3215e16724e18d4168b0609542059991357e8fb5dd013d15e7b8c64b2280cde9bc0a3b452bf331271f1f22358196f38e172c85f3e8eb98ff8d626e5daf92 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | e1a758e645cc92b9486ff673d625a46f |
| SHA1 | 2c75186ba80de2577c08f5a02d2f98902fdd91a3 |
| SHA256 | b36de5bdcfd06c2700180afe8dacdb789054ece2c0fe824f29e9bdf8c83115a5 |
| SHA512 | 10016ce596f34f15b3dce5f61b6059ceb3bf92368b302de47ec2d836bb5d91a4ea93510ebd34de4c788ad6931a349f446c98d2b64dbeb665cf89066f97726807 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | 33c4e93c1d108e71bb9d5fa25e268498 |
| SHA1 | 089a4593ffa3c70c0fc0154424a254e2a7d0434b |
| SHA256 | 12c6ba93cb9ef049034c1b6a7f67134166242f5535d731b6742cb77c612397de |
| SHA512 | 97d14ebd0d7963b53451d463ec9fac52d10b26a1141a81b1a25cdd5c930d02f1711400c8ed2c7fe90a6a176bf5ff792de7a363fdd9529a805fa35bd93d4c7530 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | 5dbc551d34c6c25417af72ee3aa65af0 |
| SHA1 | 38e7223b46d8e65cdbad1711e703a3b56618da79 |
| SHA256 | 6f47875f4133adc8bfc53e8900d1553de077f46d1464800c8d6bb57ffa7006fc |
| SHA512 | 2bef05c5a194d0132fa91c4be59fe623f4b4a3e5837203092bf77a256c12a3a69a6465bbf8f53b2fd4536ceb8b7cb033bb2fb0a0692ab6692c52d57f140d1b84 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 58f7778767277e41b8d1183056f735b5 |
| SHA1 | a7cc92a96b93769090617df5e5223c9e5feb1d2a |
| SHA256 | 9a90cf7bff416b8521089507387e1d67967f8456305a803215cc058e8dba1da7 |
| SHA512 | 2b56daf02dc9929e71659d537659343964c1671bc99f63f08604e77bf5ecf541788fe92f89fe76385bd499d447e5dbedb95701ecbc879a31918f85dd8dee501a |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
memory/6348-4500-0x000000001B3C0000-0x000000001B3D0000-memory.dmp
memory/6348-4501-0x000000001D000000-0x000000001D1C2000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | eaf4993d98105b6d89cf8c31d57d0402 |
| SHA1 | 44988ab13100caee15d16005272c92589faa8b96 |
| SHA256 | ad4c676996572c21719c173f9ab4d59ecf2795826fdb0feaa8a0316d42b66672 |
| SHA512 | 8ab3f98d99c300b5bcb4a71db132c7a9d703adfd11e8c0f0555553d8266d9f2f219f562200b343be48c555637bd7c93c3defb83f383faa5081137b8c74c69604 |
memory/6348-4512-0x000000001D700000-0x000000001DC28000-memory.dmp
C:\Windows\System32\drivers\mbamswissarmy.sys
| MD5 | 4b2cc2d3ebf42659ea5e6e63584e1b76 |
| SHA1 | 0042da8151f2e10a31ecceb60795eb428316e820 |
| SHA256 | 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c |
| SHA512 | 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 82ebcf4ea60a926544f60463226c2168 |
| SHA1 | 90ba3be68662ca4a6ac78ad47035ae1d0e30440e |
| SHA256 | 4ccfd4aa94caebcab225bce0d677ec382cf3ff5dbb0c734cb94987f47b84e7b0 |
| SHA512 | 8df123eb81ea7371bc01efc2bc18300f3c0e4000dc754e6d7dc22eb513ec0dcb0a526e99044ccb512e8f058c03ecb042fdd23f521730c3bd755b60c6ab13892a |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 67149ea227de9d6978db6d7bfe7698bf |
| SHA1 | d0b04ee8cb0c1c331ac0e657a1ed19c47ad6f5b2 |
| SHA256 | 85638c45817e82a2d7541aa1b071dca0b67c4990f857e7785247dc74b9f6dbb2 |
| SHA512 | 3526d6c6420f2f46d96efd0964c22acc226242f0fd2165cc733e36db787e23a8cba7681cc055c6259bd96411cd3ce954f1aee0365904ed90fbe5e64492a3bbae |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 7c3da254f4d5d06ee61b9419c8b1cd62 |
| SHA1 | 03ef4bce169b1c025ede714ca47cf7e80f757417 |
| SHA256 | 2576c61f7588b265dd1d2077f9d32d1406ede56a6a3acf3c293ad843578e149a |
| SHA512 | 966136c629184bf14ab342a2724199c14420b78d05cd78cb254e0a06cb9767fd91ae9a6090a05faba258fc31977b71703ac4c9803ca88f59e2c8c98c25018cb0 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | fcddb8736540ee827dc5df0b1ae0b7a6 |
| SHA1 | 16ec6d090d6943be41e4f2187acde1f30944b058 |
| SHA256 | 6f71b41793b96ac979f44a0382f8ef64a68c41014a6d8f0fa8f830db3c781970 |
| SHA512 | a00e6f8d9a117820df13bf51fc8d3697f6dce80b5594ce29575a94aa1303376d7cc95a42f4987fd9dcd3af3ebd86611ea46f4d6a7f74e374019b34655a5ea8db |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | f810a165015bf80534e4ba4734f0b56f |
| SHA1 | 3fa3b2131f6e263f9205c5658d9f03458e089053 |
| SHA256 | b2a5142cf9b37031710e65f14422eaac8675230382299cc7ffa6878e90566bf7 |
| SHA512 | 26a14e9fa3f20a2a0c15f9ae80326d40894c14ad2436e144ca799310fdf193c0540acd213fd238b8bc26da6f9d7d50508908ffe98ebf15cb3c0657e1dc04c474 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 15ed70be0589d09c2470aa6e76dbc0bc |
| SHA1 | 8625860322175e59676c4945e876b7865dd71221 |
| SHA256 | 2b221b5bb7a351d545cb8a1757f5937ecbdfa776eb2b373bebdfeb841b0ecc52 |
| SHA512 | 8e38bdbba68a134be35c7fdf463f412c617488fbfe267d62accb0a2df76aed825ff49412770abf53bdc5f953924f1b121a2ebbe5e85d91418db8c0c48af41753 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | af1f5461c4cd28e6f6708974343cb427 |
| SHA1 | 29bc326468338ae129d60bf9fc3bcc147d9bbe00 |
| SHA256 | ac6993534f123fe6c5634a19530914e9d3927a84c4868b969a2afb6e5e288119 |
| SHA512 | f153eefcbb161599c7bc9a1fb06ff3afbcd9eb71b83929362a5cdfc56fed673a838068ebe72866fb4cdbc8b26f3c67eec1afef273d99a55a5b37551833ff27da |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | b17cf3e60c3a5e3947e7af7953fe5169 |
| SHA1 | 496d3bb11aa598d3ca7d3279b09f0beeb9b143f2 |
| SHA256 | 39787fdcd77fc32f674c3c82ffeab0863c0393fb2adc5479bceb204a906acbce |
| SHA512 | fb18fe04bf119174e414bba46221c8714f56862c7cb153ddfa249c52e8dd3fe99381e66536d6e99a349e9395f8cfeb688321d7d7eea20c08cfb391bfc7078868 |
memory/6348-4635-0x00007FFED4800000-0x00007FFED52C2000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 262ccb223392f18adb4b4c846905c4da |
| SHA1 | 63403407fbe1712a4bfad0a74efabeba297325ca |
| SHA256 | 5d2004603e3b392693a1e74926a36a2ab3573c6790b00ddb14564c8affbd4f4f |
| SHA512 | 68b2684b9f0a2e5e33b76e43ac4b25b8e7d3dc3d678fc3c90d70ec5ee65ebdd884d838950fb4bc5145ff927e25796d2e6e97ee6bf365ed4f66ac7f7ba8f63b33 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | da56e68ddf28a4a52191d5dbee6a7d73 |
| SHA1 | 134d63ff41a41fa10472b438365f584c3e8c86e1 |
| SHA256 | 1758433597997d4770805521766b00cbf6365e6df56d214e1c1cfd0f849b1d66 |
| SHA512 | fa4e605f169d2948e3c8533981330039e04f96a52ed9ff20b168fffdcc4d449bb7bd2af0fffa9a85c1776d23161b12be33d7981cfcdaa4ab0dfc2d705cc2715c |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 36feb898fec82101d6fcdaf3facceedb |
| SHA1 | 22c260adea5788b177a8b2d1a6bd332926c1e281 |
| SHA256 | 6ae10e7cb424a8c6e8f013a849ce30d1bd25b644f5bbd81a5c2468c852341f87 |
| SHA512 | ba88ded5073a0894dd24427f6caf8fdf8cccdfe5a8b4322a0b2d1e14bc60deea47a2885c33ebdd3e2b7fc2ae627045fed095c8b1732acb417e1c62be2eadc0b4 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 6ad7f56021a5cf98246a6be02b110413 |
| SHA1 | 98a52d58984a7bb8755f6d75c7521453235fbeda |
| SHA256 | 5d600fc0dd07b599da4cc87f92854bfc5ef77640812728a696306001a6352d54 |
| SHA512 | 427399d70f480936d935dc613b02b0e0755d6d0ecd9baa3ea55f8fecb45f9179566b116d75b5f05455debe9d03e10950dcc16618d2bdae76e1bb20ffca7f2f7b |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 9c09b942e9ee07964f9e66779e6004b1 |
| SHA1 | c7a2a92954ecd85de3af3f94e61cbc8927a25d67 |
| SHA256 | d365e72fa80ca7f09a41e8cf5f9f8bc24f7ad9805ff70a66fd446e1cc30a0ef9 |
| SHA512 | c1418547059454ab63ababeecf5e5c6478c94e7da97ca80a9285e3c73dd05288c95c56bc28e0a14dbe762ec4b8a02ea43f17b48837ab64dfe03390f0cb052dc6 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.sys
| MD5 | b98ec70c4d212eb019e7927bbb1b3dc4 |
| SHA1 | cfc84115ca08a3df95c394567ed5c3d923c299d7 |
| SHA256 | 2f8d40a5af572c889458deb3ea6ffae01c8fe7f6395c12018bc27cd4ad2882ae |
| SHA512 | 3aefaff33c665b2aa92c32411b242248d4a196f6d42c0a673769cf17083993e32502f39c3573754a0a35294753bd20cc47ecd48c7f5dcc11c6d701e7a5f7b3d5 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 7166631d18e9c222b7a5eda0237e9153 |
| SHA1 | 2e567df99df3b5f889269a5f2c02258e390e6909 |
| SHA256 | 696980f76ebdbdd4d38f8b9654bf80cac313ba4e36cf0ada2258c03242fee052 |
| SHA512 | b96c357a041b588ca77823a9ee33e79327cef8186da36a4ce7b0fab7b5a47343e8b0e396c7b5f9b16aff281ade287692536df1d8ff8dd4de561193d0c8fad6c5 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | ea475fe4eaa9ab74dd04695f3fc6c046 |
| SHA1 | add58b32c6e004771c6e120fe3e25e5a7fb14cc8 |
| SHA256 | 905ca59446f74b2b82a5f188249a2f0497291083b6f349270ae7f8f4cfaf3e72 |
| SHA512 | a9c20a94dcac93578551fe1e4e9addff39841910d091ae49a28ed60330e31273b7af4fc56ccfcedb52ad289779b2ffb147432022e7e67fa5526d9bc21eb16fb0 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | 1cd8abdaea3bcd30214f01046ecd450d |
| SHA1 | abc8fef03a274dcb9f15c17396e9f0af85a0b0fd |
| SHA256 | cf981ad0b084c330fbfc00f9e559404c6731d407a9f004ce68b50ecd7abe7425 |
| SHA512 | a04f2beafbe2311a5eec84f8ecff16db1dda864d420643184b0164aca9958b679205c3ab23bb71095d710f45dc4c3c51ff8b267c36a1ffc768126b48556f5f86 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | f75fba670e4be0d2741343ac6df56e00 |
| SHA1 | e76e50b4c8e46b51a18954493e8bfff69bf8e4ef |
| SHA256 | 92976a267384baccff87557deb080f3c503a655861ebc50d9e5f5008de37b259 |
| SHA512 | e4ef6f7d8fd10b45fa1eee840dc67dba91afeee0847c39b6203e87800de560eaaa73ab85fe5e210aa5b0989c3b04149d29b3fd0d13ca24d3ae7c6398960e4e52 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | c8c4843f847dc02fe1b44df6cb686b69 |
| SHA1 | cad9e1d23164d5391edc644524cda26b3e2d3691 |
| SHA256 | 281769872359cbf4f2aee03175432c9e534b45535b64d4d32d379cfdab6d9755 |
| SHA512 | 7ceeaeb2477f36b5d1395f7e9f21f6afd3f2712a90a4c0e4655a79bd0837b0528d2e5f5f4e12bfc13b2661726b08c1c5e54afce022912675fbd28702bb590cc6 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 34b2a9bfaf0154295ed4b63ff0552e6f |
| SHA1 | 58c9d6272c00e1bef7070e049bf6e4c73e2c88c7 |
| SHA256 | 3fa3b0f16b9c737238a91e36db4ef45e4468c30dbbc52c5e65a7b88c0824841f |
| SHA512 | a3576bfdb0119bf7dbddc36ab351dd5bdff885716d5b6478d99e0abc88ad96a669376293a2ddb43f9559b6787b1237597eacf055c72419d027262fef2212335e |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | efe46323766e651d219ce3bc04ed426c |
| SHA1 | 74695ff64d160b5fc8dade9a594c713907b6a0c5 |
| SHA256 | 218b0b4d373ee01e749610345b295220caa331d1fc6336597fdb35f55abfe36b |
| SHA512 | 148a9e41e6d3d46bf9c6e410fd2c5d3c7256509ec238958fa88a5416973c04f628142b6f19de408620a9db171d0a11232389e59b9dbc39ac1de27e86d255507a |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | d6d31d19f8e2c6514184c7f0e60574c8 |
| SHA1 | 21c958647ef9b1f45959ee6bd2135446a6cd3617 |
| SHA256 | 1a4cb1d8b729fda3a268d2f06b5f67ab9d5a529d9c4eb06319997c1bbc12192d |
| SHA512 | d03ca5670468fc76b59eed2f60e5dd47a67662fd963d18517800e01de53167a06982442575925beb89b8b2fac5531ee5f32f74f5d3b0d4c6ad6697c066d6e944 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | a34be37989e20c036b0bede5bd032a54 |
| SHA1 | 5d3100644090781408e349230837763b65eda9d7 |
| SHA256 | 0ef5b45af88065a6e378d81492dfb7843240cd3a65532838f24ca1b17f8ce380 |
| SHA512 | a0e9bf9ca8a9ce9b4822834863867a4e7c81615fa7bd5db61486fbc20bda4c3bba7501ba5484437a2382a9d797b2eb081e43d127d0e53d1d3f28c77d9259fde5 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 262ca4bdc1898c424cd56c162b175de3 |
| SHA1 | 82debc51438407607d6f49254b7a8bfa5b7b59a8 |
| SHA256 | b53ac9d03f5cd8487171f61a9bab7286be5b93519c274b5f4d8bc7f873fd2170 |
| SHA512 | 7ae89b6f4ce21d57d231abc9732ab3d402c998c70327ac435358c27cc846cc3c57a06f7d99b586ae0b8e5717a3d3d2e62daa75ef551020c848678fe9d156698d |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 723c540e9ac551da7f9b9b85c6de716f |
| SHA1 | ee91cc42be3c03a351870ddf1a51354a229bd09c |
| SHA256 | f2f27fa6e02cbe4132da2aaacb9be314bd5a114ae4044044ac555e439fed90c2 |
| SHA512 | e2473fb5d211972eb8d441dec69c4e9cc4fc5cf2e12a49b8ea54c7cb12444c84f72ed34cfa8819eef0a629aa6651b6fb2676b383da2219a2319014601a81e10d |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 11bfe652ed5c122614d7be93fcd912b6 |
| SHA1 | 78b4add06cfb5b4f96d3478e750fc2c10c39c17b |
| SHA256 | e5cfdc12c30a3b264d3779abb616899d8b1720149134f9405419b44d8c971917 |
| SHA512 | c0adf37f64a88971fcd9ccbe8886f08a6db1967f03c994947418593e30a10e03d25a282d473041e2a2d59f8f595f5ed3b18e5d29900b7bd6bfd859b40312e126 |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | 635d55a932f22eba2e3b2d22eac6887f |
| SHA1 | e3a795b6aecb9fdca1df4801c7974243f7f9ce81 |
| SHA256 | 1ef5b7b8efc1b0c92b3268125749420c9379d4ba37a0a2002336d411641c9469 |
| SHA512 | 31a0011297b6df8e8bc5f27fa9633e6a3e40e9b82ba65d2e2be65b5f6d9464ace7232ee608ec7deda8b50f14a1e8a80ad0697a299d285fa427709bd52fe4927b |
C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log
| MD5 | a58034c27dd65f7c1150955d8fc30bb6 |
| SHA1 | e465457a4ac6002c5256cce5248237f3b41a36c4 |
| SHA256 | 129f8418fb6d9186b3fa26dd0f62bf7a7dc7f2de99084398fbc2ca1ccb841f04 |
| SHA512 | 3779a384e30f7ed32471c2093e68e17df5fc98965090034d8b972b6453f543dd23c010e4046f0d2bbfc6210be898dce775b7a65e302c010d3d32d4b658eadc7b |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.inf
| MD5 | 711bd19edced87c3777b0b6a5a32bbf8 |
| SHA1 | 9ddf9ff2ee2018c6e7830936c325e699728f7d4b |
| SHA256 | 84c4f8147bfcf02981da93b52fe4204251657305a1839bf3a19f61be4d13d37b |
| SHA512 | e0cef3fc1377785f934f6b3f68409505cb54ca7bdd3df501d6d6e5671323a4d219a177f6fa3c58ba76675f1c297b64e5fb5612eddc73aa40ed87cc6e1b18cc63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9cb4ec34083bc230670fbf1c17cfd73e |
| SHA1 | d40926fc29d3634171d27367e094bc55b4da6304 |
| SHA256 | 6fcfbad33d886e972ad0f06764b2d6ba8023990e04c5cc4ac29e8fff3caadadf |
| SHA512 | ef0422a71ccff1c8ec1563173814a8eb7563401cc49dee332ff30e8946c868056a33accb41f00953af53a65e74df5d1467b5489e54bdb30a06be5f92bc3bf69e |
memory/7144-5602-0x00007FFED3D40000-0x00007FFED423E000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.cat
| MD5 | 502fd7720b5d16fb4466eb705015b807 |
| SHA1 | 00ee5f87b5b322d14d1119846f8700f9c1696901 |
| SHA256 | b4336baf58e50be497286785e5721eacd113c44b212ff5f7ce9d3b909bf6d392 |
| SHA512 | e6b414d58fe5757cc673654fe5faf953a7626ae992f4a5a0214310c72eb36ddf29f1ea58d72d51bf612a88fffda26290618dca0c44e516ed87256cba9c06888c |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | d10ac8170376ec7b73ce8d4ed31a3d3a |
| SHA1 | 0eb95bc6c56895b2b9972a90979f53adddbc13aa |
| SHA256 | dcf58f0dad8582fc190ff7f9877ae609c7d362b02be4b155216a65a49346ffd8 |
| SHA512 | a9d81032f5e7cf79812ec11d40253da3fa0a9a338183eabcbb67e5a84318a4a4e607e875d03f89d433350b1e77edf756ab8ed7aed6311a1c7911f210a22ccaf3 |