Analysis Overview
SHA256
43adf87d5486202112a4bdea368abc46b5fb6f2ae2a6083b8a87e18723b2feee
Threat Level: Known bad
The file dugga_848274.seb was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
RisePro
UAC bypass
Modifies WinLogon for persistence
Possible privilege escalation attempt
Modifies RDP port number used by Windows
Sets service image path in registry
Uses Session Manager for persistence
Downloads MZ/PE file
Disables Task Manager via registry modification
Drops file in Drivers directory
Registers COM server for autorun
Loads dropped DLL
Checks BIOS information in registry
Executes dropped EXE
Modifies file permissions
UPX packed file
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Enumerates connected drives
Writes to the Master Boot Record (MBR)
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Sets desktop wallpaper using registry
Drops file in Windows directory
Drops file in Program Files directory
Enumerates physical storage devices
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
System policy modification
Modifies registry class
Checks processor information in registry
Modifies Control Panel
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies system certificate store
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Kills process with taskkill
Modifies Internet Explorer settings
Suspicious behavior: LoadsDriver
Script User-Agent
Suspicious use of AdjustPrivilegeToken
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
NTFS ADS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-05-22 10:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-22 10:00
Reported
2024-05-22 10:10
Platform
win10v2004-20240508-en
Max time kernel
381s
Max time network
373s
Command Line
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe" | C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected] | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\2503326475_del = "cmd /c del \"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_HMBlocker.zip\\[email protected]\"" | C:\Windows\SysWOW64\reg.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | camo.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608458824501147" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings | C:\Windows\SysWOW64\calc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dugga_848274.gz
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c00ab58,0x7ffd5c00ab68,0x7ffd5c00ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3176 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3880 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4280 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4100 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3332 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4132 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2512 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4140 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_TaskILL.zip\[email protected]"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5476 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5512 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1648 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5484 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,4573717716105061327,12199013731880707246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x2d4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4668 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 --field-trial-handle=1960,i,18370083249340699780,9584230133747732812,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c454718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,7835989567165614811,3205048538529310186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]"
C:\Windows\SysWOW64\shutdown.exe
"C:\Windows\System32\shutdown.exe" /r /t 6 /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]\"" /f
C:\Windows\system32\mountvol.exe
mountvol c:\ /d
C:\Windows\SysWOW64\reg.exe
REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\AppData\Local\Temp\Temp1_HMBlocker.zip\[email protected]\"" /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | camo.githubusercontent.com | udp |
| US | 185.199.108.133:443 | camo.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.213.10:443 | content-autofill.googleapis.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 72.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | softonic.com | udp |
| US | 199.232.213.91:80 | softonic.com | tcp |
| US | 199.232.213.91:80 | softonic.com | tcp |
| US | 199.232.213.91:443 | softonic.com | tcp |
| US | 8.8.8.8:53 | www.softonic.com | udp |
| US | 151.101.1.91:443 | www.softonic.com | tcp |
| US | 8.8.8.8:53 | en.softonic.com | udp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 8.8.8.8:53 | sdk.privacy-center.org | udp |
| US | 8.8.8.8:53 | assets.sftcdn.net | udp |
| US | 151.101.1.91:443 | assets.sftcdn.net | tcp |
| US | 151.101.1.91:443 | assets.sftcdn.net | tcp |
| US | 151.101.1.91:443 | assets.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| BE | 104.68.82.93:443 | images.sftcdn.net | tcp |
| GB | 13.224.222.87:443 | sdk.privacy-center.org | tcp |
| US | 8.8.8.8:53 | 91.213.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.82.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.222.224.13.in-addr.arpa | udp |
| US | 151.101.1.91:443 | assets.sftcdn.net | udp |
| US | 151.101.1.91:443 | assets.sftcdn.net | udp |
| US | 8.8.8.8:53 | b-code.liadm.com | udp |
| US | 8.8.8.8:53 | static.site24x7rum.eu | udp |
| GB | 18.165.227.55:443 | b-code.liadm.com | tcp |
| GB | 143.204.68.119:443 | static.site24x7rum.eu | tcp |
| US | 8.8.8.8:53 | ampcid.google.com | udp |
| GB | 216.58.212.206:443 | ampcid.google.com | tcp |
| US | 8.8.8.8:53 | notix.io | udp |
| NL | 139.45.197.227:443 | notix.io | tcp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.68.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.227.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.197.45.139.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
Files
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 16d58c9ce5d77d11bff3d734174a6003 |
| SHA1 | b329ba6d77568ef2518d54336eee326b3280ca17 |
| SHA256 | fcd89a0e0c7f5f02d6564961b2a81eaf076a48846fe489bef9668b982d25c73a |
| SHA512 | 5cd633b550da38920b369b1fd5707a55d0951a017c7a30b89cfa0b9ce213b762fbfc81f664e817a37058dff016175f20e51f715b5d70abd521bf001c32ed2723 |
\??\pipe\crashpad_3044_QWEYFLYRWIYSBKMU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e804801b-3919-4209-889b-7e62899fc894.tmp
| MD5 | 657b71d0df46856d7762eb900aaecd5f |
| SHA1 | 71c959d15882310c05c6dfda38402486c7b2aaad |
| SHA256 | 83f9334b3f2b500333cfb0f801cebef533bc88a15da6788f2a4e7273f8ad244e |
| SHA512 | 8747f31a11016d15a6ab2862e40b2bc91da749f2995daea27914e19a8ea90bf7061fb6bf05d8eaac2f1c40c9af6597f76d1fd22c552f709f1f60c722f2a8af06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3fd6beef7f13c06e404e55b18bb8726c |
| SHA1 | 2df62bb2ed6e996a770756d7e328794021fa4c92 |
| SHA256 | 690b8fa3ba5a64b6e9e3bcabf0bdc277a1de26ee4838387fd069b0cbdbd8a2ff |
| SHA512 | a6f6e52b8b3d1685a13ef6ec9f7f1881f9480e4d84955af79218330914ef69a60f70b4666d99aa60c332292a9eb90815525a6ca5d8e1334d859390b4ef147702 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 426f3ef1a7576ef02527650790b13037 |
| SHA1 | 7d31db1a564ecc6309ed6d392e11a267b6f1f5af |
| SHA256 | 9bf6159af5a5414833732f1efa2ce79113433dd8faa783137913649704410a4c |
| SHA512 | acfc73f8945121087280412594840ed48582078ef81afa84785c716d4d33d6de4d74c6a1d9b5aeb5f97d7cd43f62e773233e82d545b59dc1a09cf3a9982a8bda |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 24c8fe738e9e814bb6e2d43cb6c0dd5c |
| SHA1 | df21acdf4580e8f962dd6b21f8d5bdff3be0c9ea |
| SHA256 | 1ae612b20e6b8083acd47e8cb96ccc6dee39644121f403ea59d1d0d85276f6ce |
| SHA512 | 2d347bf7336ef01657415fb8e36be48b969382fa1a1694bc4c6f75b5e3ef154705d32858cc6cd9ea04a776733c94ace42a8bad93ddff114ea3a9798681d6fd13 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d142e059803564de1e73bd691843b891 |
| SHA1 | 6605214f2a63beeb045eb7f482eb2aa840792cd9 |
| SHA256 | 725a0e1f44c2f16f8780ea917e2b0fbf3d68a3fe8dc4551d4662fc5fc7a03c35 |
| SHA512 | f5db7a55384e652a3d8dd9d79d38125fa2f6ad8389139034062d67390bd7facc05c151f2255491fa64ad719a8fb5877310129f2157723460e2fe4dd98750c0a3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 121081c001122af32247afcd125ee20c |
| SHA1 | fe43a35a2ea1d255b9c586fed264e8dc3cf314b1 |
| SHA256 | 0467987dc90c69840a91e1ec530db53080f8ee33c8a75e903178ffda9a5cfbbe |
| SHA512 | 59fd9bd54da5182e01870da42d9ec2a50bd2dd42e60580bfa40fb7bbee2a3147e1176b8d8768ffee4dc543ef4735f295b89377bc223957d1bed9db8ea0b06921 |
C:\Users\Admin\Downloads\Spark.zip.crdownload
| MD5 | 860168a14356be3e65650b8a3cf6c3a0 |
| SHA1 | ea99e29e119d88caf9d38fb6aac04a97e9c5ac63 |
| SHA256 | 1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9 |
| SHA512 | 0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d7e64faaf6ae061cb12302559159059e |
| SHA1 | 5f902c6f9b9b3546e09f45b4942d95be46d3db3f |
| SHA256 | a73826ab6714ba674a1d3dc64f160471256ba9f48fc885c42b9ae0c9b272ef2a |
| SHA512 | 180d4f1828a4fb3e86d38f8a4cc19419d2351805cb5e82fc15ea6aed36f262cf9965cb8b760a3695156388a445206336d9e3e1af6b37bda238ec42f30c445add |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 351ebe641806a2e15032ccadbb4ac441 |
| SHA1 | 225539fd203557f270551137a4213f43c71251d5 |
| SHA256 | 781f9d10ceb896b075aae2d1783442c259f6e1bd26e3ee171a4fabe2065f9c7d |
| SHA512 | f6d0075fe6079da4e048ec9a83209985b42261468bc60e03c867c3ddce299b8578bb8a3b3be8b7e5a6d897a914a35845d6b112560ae1f681bc1a83cfb9afe0a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bdb31a529f87cc337ae1da686457efd9 |
| SHA1 | 76a0fca3f048746b89ada23b1cfcbe2640053d3d |
| SHA256 | 7b337b062d2d30908f63ccb9649428fc9fe677c8a130bb6f19ec04b9941d94db |
| SHA512 | 168643cb144b6ea78683270d789456c29a07b035e3294c3fef78539804ee336b8a8e551bb5441bad5fb7f962a5e51423682a296e0ba857fca1fdc6f9d2994e52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f6ad2b68480cd4b8fcb13f9d0c4b7e6b |
| SHA1 | 205fa92dd67986ba34e1401a3269f7c8895d3334 |
| SHA256 | 9edec4081f85088eb7d7f610799c6c83453fa798d79738677542bea1ee6cc715 |
| SHA512 | 557ba03789478f84474ab6dad77e0927a9fe0573f91d25e1390baf6901d860be8f21f9a9ef8373e9320318ec731a551d1562ac761f7fd0464ac2ee626b260b59 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cfbf.TMP
| MD5 | 91f4ba81ff20245048d37af7ba505c8a |
| SHA1 | cf136e87fcd073ee700096f22626ecfbe9f0ebfe |
| SHA256 | c4b3bc2ee025b81a84bee4973adc95c9543ed83626881abb7b16806851caea5b |
| SHA512 | 8072462a78fede3c85d19a915aa50d6861c7740810a249270b884edb54b1b33debbccd0a8532fd01ac72b462ae166c6f9273b5f11613a655dc456bf662869292 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 522bd5aa6ca8e5f2d4f68376f6c82664 |
| SHA1 | 533d9b39588e426a1edd4cafcbee12ff68a6a85b |
| SHA256 | 73e3137fa44527b50748a22b145d2e6c12346b0e464aad967bc4e756a989bbf8 |
| SHA512 | 09a9c8a7626c1df68915c8cb6d064dc81982ad5327e2b3fa38ce45fdfd0cd8eb2cb00f20d92a09ea65a7d4c94b1940f2be2c9ec85086992dc5fa4e2283996fc5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 31fce91f2aff63d9fdf13616442ca73d |
| SHA1 | c93bf5c6397933f13e289ec2dd817354d3e8fb7c |
| SHA256 | ec8077999650c55e513c4bb1722df2f5a563e5771b067cedb5eb9935191ee11a |
| SHA512 | 94a859c3b2e1a88e5ceabd2ac67841623dd47dbcdb761e2a6d3f0ebc92079fdf442fe28127bbbd77a1797e681911c5bd386024350bc5528ef734bdcc7f8eba0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 142f48dceb4da7ab41334076f3195468 |
| SHA1 | 317cf903cc061201acb56ecc1af159b3e5ec2db0 |
| SHA256 | 2cc7e7508c1fe4aaa4bc8574ad896b695c493aff93cb4698541898d1a4bdf53b |
| SHA512 | 98e94267ba93bf7feea80f8a105293b3414fe71a971e0def4e3a4ad205986d290ed124966546eaae79aeeacb7d464505c86a8ad65e54d37e4eb29e8c80526b81 |
C:\Users\Admin\Downloads\TaskILL.zip
| MD5 | f3f982622520af32cc86d3a22f352af0 |
| SHA1 | 99b7c8a8afa3cfc7292893d7b2253a581249d9d4 |
| SHA256 | 653b5c625dc6f24dcab5aaf33e77fd3c994f4783884c21d0a71b5c1fefbeb4e1 |
| SHA512 | 27482f0293b88c1a31dd1132401b4df19d3636f1a31f2b607ccf9a28dde0165381d65d9d0c492ab6c300bd1da0aac9e8df8c7cb3394cea35c90ce1a544a0576e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 21e6cd65fe64e83bed7857ef4654c7ba |
| SHA1 | ea0b0f6dc28a173b76ce566ef4030b512b7cdf3b |
| SHA256 | 17d3e22563f44e294c211c5ccc1482056c4f63cd05cfdf0eac02777235c28b54 |
| SHA512 | c42e1d26812d41b65bb9a5e8288fa9352d6dc8a1113bae7a19cf9ce177ff8a7b4b6d0f2023e6052bcf689fc4977c40bfbb3c06f90c20da63741120f29a8691dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 214560aba8e95c5e13c747161a4cb6e4 |
| SHA1 | f9835d3bb662ac2aa51b7f06237c4124d5e6fac9 |
| SHA256 | 2cdee6be384f5471c838c94904af1ceb50a7c1b815b148ec1cdc3700ca642689 |
| SHA512 | e8d64cd5303f27f1e3ba08ead2c7b80efc02293af1f4c3176dbaacd640b949e6c536af80d80ed561cd3e91f8d192c005187b7d133b426bbafc03a66b95162827 |
memory/3404-414-0x0000000000B70000-0x0000000000B7E000-memory.dmp
C:\Users\Admin\Downloads\MEMZ.zip
| MD5 | 69977a5d1c648976d47b69ea3aa8fcaa |
| SHA1 | 4630cc15000c0d3149350b9ecda6cfc8f402938a |
| SHA256 | 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc |
| SHA512 | ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b6d3ba634f6d470a3c8cc65568f8fa51 |
| SHA1 | 428150a0907ccb60404d15fe1ac60ac336a4f7f9 |
| SHA256 | 9df517ea241e0bc0b433812d8c327d8f283a7dda94653e1d4c60b15a9e665cac |
| SHA512 | def0b2c0f72dec88fff989287c3b8d83773dc6e67fc4e2b9e6ffe405be32731807dc01ace6bad656841241c80bcd25813b9011783ecd6293cbcc05b0f6af3ed9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 217e2fcd3409c0808c840ffdfc7a1f7c |
| SHA1 | a479119be818d2ae2f968a6d29f21a35e502ec8d |
| SHA256 | 600fff7a789d822bca016f880d101923171e9cc047a7ef08a337c28b07581170 |
| SHA512 | a47fe6d02089f0912f294193a0442f7a1ef307b0356a3dab1245b749506523c15d2b65374229afb1feec02cab0a64f48b693b3a265dc718a5e5e808ff13e7ab0 |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\Downloads\ColorBug.zip
| MD5 | 34071c621da9508f92696709d71bb30a |
| SHA1 | 5817a14b8da5da5aecd59f5016c2b02fbbe2f631 |
| SHA256 | ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd |
| SHA512 | eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 42efcaac1587d955da5cce5680e555a1 |
| SHA1 | 476b704e46fff93cb64c7d2babf31bed7f70ec39 |
| SHA256 | 4ece43f6818d2054a707b51d95ac0b4f0244bc27b77662b79a864db2d1379389 |
| SHA512 | f83c7a4441b5fe6baa77ca81586958b09160fabfbe2484aa3929eae18359f5f19ccbc254d6ae7eb8e61f1f981e2ff8bed9b9d6e031cd0a837ebb400c8f490aa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 612a6c4247ef652299b376221c984213 |
| SHA1 | d306f3b16bde39708aa862aee372345feb559750 |
| SHA256 | 9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a |
| SHA512 | 34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 56641592f6e69f5f5fb06f2319384490 |
| SHA1 | 6a86be42e2c6d26b7830ad9f4e2627995fd91069 |
| SHA256 | 02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455 |
| SHA512 | c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | edee0847486b8b00f8db441f2c6e9604 |
| SHA1 | bed3af3c81ea13ebc33c2948618df3b69b199ddb |
| SHA256 | 9f01705e3f084bfee203b15db4096a24fc435fd1ff48a37b4f56f43a277ec937 |
| SHA512 | c25f7193303671f330fe1a77a6f671182d8fb5d3a567ca381b88e7b9568fbb3687f1c462e6dd453d29409df51e697e4126a32dcd1823d333ca46e8601716621f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cebdd813acda0ae56d2e3035f5fc584c |
| SHA1 | d44e07b92cf6148876df6c2c32010f7ca2819df7 |
| SHA256 | ab5499960dbfb99ed7983cc5d3d867efe091ced394bb9a8a0a03c9ec1375954b |
| SHA512 | a32d91a04ef112d5ff247c53356b2e37d7df32277055ff7cfe4b7812d2afde65d16e4cbc995b6ac7b58177ef64162f4e88bf459b48de7c6025850b2b57d48a4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | f998b8f6765b4c57936ada0bb2eb4a5a |
| SHA1 | 13fb29dc0968838653b8414a125c124023c001df |
| SHA256 | 374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef |
| SHA512 | d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716 |
memory/3576-515-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c3878e089714bb39b5b871e75173724b |
| SHA1 | ed5a8590b2a302edcf9d36a4fa0e1b43c65f5976 |
| SHA256 | 57871c82ec2a0d96d6b7c5971e68148e90d00d56e9dfcc56b4889a7aed1c7d53 |
| SHA512 | 8f6d6a40770fda6ffca5dc54221e3e495ac563b5ea964e9bb0eac8bb2df98af30a69ff63bb6af27269f3ef612871908766054b2d5cbd68a72e6b8f1624548b45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1ff1b75bb67c6479af81026a005a8baa |
| SHA1 | cf8c57537ed89fd59eea4d27402d3ca954cb3bf7 |
| SHA256 | 1c780f1c5d22d7465b2d787a17bc191496e3b07c9b3188e190902828f244699f |
| SHA512 | 92bd0e1f7dab65cae37c0ebdb79a619471d507321ef8f30883090c965d9754f40a389377b211a483b47ff374be49f3c4e033a79a762024122cbde23164de1c5d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6563a88c7db0d7e6917115df248a4845 |
| SHA1 | 05e37103f1cf1ede2ae34f8744e6106c5e5f2870 |
| SHA256 | b02399ca4450b605e05adf214f3db8c8d25cf70e699aa994ae4402aeef21ae60 |
| SHA512 | 1332b78bed91bd2e548925daf1ed8cb30ff5fa088d654d4b6b6d3f3a7b7e6328c76fcff91a6a134c5ca3a1188a9ec87391851492229feffe9793f0a0b7474078 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 898fb2b9f8d3915fa7e22d2c5e4458c6 |
| SHA1 | 8389d8b2fca65791dd67c093af27568667912834 |
| SHA256 | f33463d0d751b29b300563dbfdfb28ca66e86c1628eba621573cb951fa46600d |
| SHA512 | c410758a10b0b4f01d42ee3ceb4cbcce7a23935ebd0b8943d6f0160ff358c7d47acead69be4b944259a092d633f950c9fea777f0544388a69e12512303094c33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5546f2ebb2d44744f3e1bab3c0ae503d |
| SHA1 | e619fe8bdb3b82f71c2dd2be4d503552cfda0ab3 |
| SHA256 | ac3fb51fd6346c903d26b4e78e7c0cccfd446f893cd0f2f077be8de45141d6f5 |
| SHA512 | d5e7670ce6736ac5af672d8ef14bb6d01a389bbc4fee9e5140bf69cc036e351f8b570e1a5ceb059079f9b7fb73edc9fbcc2f61fb8cf7ae1fd3042a1dfe40d58b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fc70239da878d17b221c97241f117fc9 |
| SHA1 | 5299609614335fc3b1b8716e7c1ed9ae03414752 |
| SHA256 | b2dde1e026057194f51b43119e7a0feb204f8f5fe9f34903267f2be97246bdc2 |
| SHA512 | 1af463b0bbd0e05d6185cdb370357caf241fa88c303e03610498493fe588e0c13e3923949ae05b2f000fd04ccabafbfe2f3606ebef455eeb97a06ba0490fbedd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 40557db174e567e0b99ea565df079668 |
| SHA1 | ffeee96aa2e4cf0ef39a7af550383912a34dd284 |
| SHA256 | 33ed274ff79d3529e874f60475ee546503e26d7855a193dca68e3f616bb6c54f |
| SHA512 | 7bbb4d29b67497bf8729024cc65e56d1a274b0593b2180c44b5b9aa4be9d8bdeea784541f179aa1388ec1d58e1d6a030d4786d38c31a8777fb6374030c1c4d62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0f7fffbb6386e0e8d0aa5a21320b2b1d |
| SHA1 | e0ce84edbc64753097d6cbc2621f107122595211 |
| SHA256 | 4dc6c7918d12e46c2f3d189061c78e2c0a659eb34b8a71ab11709329e722e6a8 |
| SHA512 | 6b2eb9564f53d39d45b198796a793585223cce8431cd0416343a04dec353f1ca05201b6fb15c48c54f7b10ed947b47d9dc92a8b24957d548ec1273eee4221f88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7964016a437d0422d343198a6fe451b6 |
| SHA1 | 9c7e957db2629c6c1177c4076579ab9125dcb7fc |
| SHA256 | 387abac3608a956528c884f5c7bbf205c521708e9e34786b469aed8fa05170d7 |
| SHA512 | b9afaa9546013bb5ecb248eec355d622b5455b92419cf49ccfed1e921e08854a6e782008ae71e44afa84226257df91a7affd34cd0639a6c3831f8b86fa396d68 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fd9244c861b6254cd6081705fdd75055 |
| SHA1 | d4b4372efa8e4d058928b60b6260314b5f54de5c |
| SHA256 | f8f475c1b671c94eca5692fd21b13edd78ef5a3e9545e9d0c335206a223af330 |
| SHA512 | 033ce1f6c2c4f704cd5aaadfb3a8c40817744ec6ea4013f77cfc6313d68c2fa1a8ee26dadea368d98ff9e4bcf93cd94909c099882acd79876bfe2ae5c46155bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d3e850829eb01f969aa68f9532c89f03 |
| SHA1 | 79a34afbbf5be6c7e62752275c76946445216ffa |
| SHA256 | 3a6c07f0aa6c782925f807ca51b1bf5c185e49a4294d5457f3eb7d61040d397e |
| SHA512 | 90566ce45385e2b530305c6b64442d862981c8da85c2e5036c18527195dd3523f0429cd293a52b9153e4730147ffe0e9160ee16d726f97df142644c6f741f0b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 99e0e159980b32faa15bcfd9d1f3c794 |
| SHA1 | a5271cb4795e82938fbc183dc8d5f83b9dc6fe6d |
| SHA256 | 59f683eae389f18de124d4762d1981c52395ccc1ad0d82d91930d0109873b5fe |
| SHA512 | a54b168db025e11a1f792ac088e701ccd4c68f8551def6ab2e93e4e17c5dd962026cfba16e079209381983d348c63a64c39f1847fff6e6d37b649ca5e4fc1ab1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d8f6f35c2054a00f68916fc38de4ae58 |
| SHA1 | 31f850f5ab4e0f30033e60090970995fd4aae830 |
| SHA256 | 22dca4d04801313f5ae0c833e134cf9c8db83acd7200d369263e784947cd94c3 |
| SHA512 | 39bac1f641aae3a7dec3f826db38c56a1af093d6121c1ab9b6456ec772ec201945dc3d9dc9df8b9e73b34b500d3026a5e14ea34d26bcbd2fad40741f5dd73b1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 882f9efad0f31ad3114f4d008e82a0a1 |
| SHA1 | 37b5697dafe8cf9f430f5ee8d10252b8b6b0876a |
| SHA256 | 033a77f02b0c7ad88b6c3c298f24a66627569bef56ed3c4acb31cba610d2c385 |
| SHA512 | 9bcea66e35878c3dd8f5fa2e3a04da8047c38b0d52d76a632a5a965acf70d4ea5616b6a2bfb3bc5b9518d9760e1d19a4b54feb19ce51f5da40c5092924b15352 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9893b31a397c51f7f5909ef32f1fca50 |
| SHA1 | 6b1cf2cadb0abe7fc1ded02b35f5046ab87a4e4e |
| SHA256 | e6c07ce5c5e362a331810f91963f435f4c51de189c1761380747cf7150ceb9e1 |
| SHA512 | a273167766b68c65b305d6b0a246f3d41ef06619a2fc93d9c6d5fd6772cfe2c9593a27ff04f5d01fa31f9d904b85306b37496daa0c3d580206f9a21dd7d1b7af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 55288a9a34191336c6e97ef348a66a37 |
| SHA1 | 42647358326cb874a080df809382b8ad8a7f01f2 |
| SHA256 | f4e91c557006a2d7402aadfe1d33361c4f820dbe3702f4f734cd337bc1758200 |
| SHA512 | 8af84be88db21a85cb647940656503571c6b6a3203a11ce95ac7c5630a134cbf8443d90c74d281c395f245d015107e345d26d6688a9abe73f4eeba855494a0ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | f84f6797a922f5b3d40e061872ada980 |
| SHA1 | 3214909f4492bcf6956c6baf79f546aadd8280f2 |
| SHA256 | 4663ea79c7dcdf8fec167455f85ee956f8c0db00865b781b8af2cf97b24e289e |
| SHA512 | 5ce379aedc49185c40d18eb6dbf80f9a249e66c1439d84109864cbf86a5f670a5a47c2016919111add718b009a86c553b8fcc7ddaa761455090e3587d53584a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 1e1e5578b77dfe4c0d7d010e313fc06a |
| SHA1 | 5d699c988fb2fa21bcdf0b77905ec5f97253aabe |
| SHA256 | 96b87c76eaf0a940e51d58c34a7eee4c449bc1436dabf9b9a5526295215cf57e |
| SHA512 | 5dbd851846a836031420627e0409bb9a68399d53085436c74efda070b32503b82521d2ad4ee66d30a09d9140fd31adf8d8dab3dc34e3c2fa057fcc915752228b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | e57f4e7c508e9f6940d29abe52e58aac |
| SHA1 | 56fe830453c0a1fe61439146744bb5d74dbd4bb9 |
| SHA256 | d3d0d45e0e15b258f3a8caf6f7201bf68aea96058438c004113f2e7fbec0f6aa |
| SHA512 | fd33ede0ff6613d4bb5333f9767c8428aaa1ec8442b6be36c03e6d9fd76eef5a8b34b25e94fc0584481f814bbca43baee6df5bc193d0b8e2c04c3eeb743b2aa6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | 29adc32b6d707168d80cab223aadaf04 |
| SHA1 | 0a86c0c3fb785a066b722196ad5742cd0f26a34a |
| SHA256 | 2abceaae4b0fddd3f533b7da0ddb3a221415f77c5208a8ec793f355f6650d558 |
| SHA512 | bf656d32bb593af07a43324e3ebff78a0c775d484d63dcdd042e98b49e96b6be83bb219b1f2012bcdcec7bdbbea8f22f6979a7d3c56fe1e1aaf58684d984cbd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 3f35c1e4098e04de771fb3a26801de9a |
| SHA1 | e524d0946cc2b9985c707df3e76fdef0dbd05c88 |
| SHA256 | d3dbda529f3e863110a9aba161e03c2bdcb6cf1818adfcbefbd7e3de1d626434 |
| SHA512 | 31326a54ec93d0ca1b2981794655d60478c17e374ca057c4693b187eff936ec3f564b86dbfba04e59a1cc9786fbe1eef22d1aa6ddc7fe1396b58f0bd46df295c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 9c1090278857d48412eb86f7984f96c0 |
| SHA1 | 87081dea92eefefbc5bf345ea05644cd03fbd340 |
| SHA256 | be64a30fa00cb60eb8aae04a428ff4a58e9147d952cec490ec56d755697ed30d |
| SHA512 | 0b3662c4f96e0ba25abea80a959b96d586c3a3093d6dab484474033d27a22141fbdcbfe6499aa16b4b9d5c13541ed7a23f024f0881b36e65573e230fbafd6aaf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e5d8a214731323907ac6b9658e000efc |
| SHA1 | 99384e17dc54577b17928713d007bbc7bfce4994 |
| SHA256 | f39234235fb9c72cfe79000eb39071cfac713368d901008e09fe68e2108ad7d2 |
| SHA512 | 0dc172f6da45de9b0d2af85830b66378beba92132d62efd865843d8ee28b8d38f26682975dc4358b396734e55f92580cb1663dd0c10f04ece6573a7ec4b5b138 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cc7c0ef0-73d1-41f6-8993-578a86a7e966.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 87cc840c75fa736204e5135934bb8eb7 |
| SHA1 | 945a7505f8548e9067bb35983f60433c26cccf01 |
| SHA256 | f5048b0350aa19151a3daf709d55964ea62a0f1412ac51fc458e93e22f9d2e44 |
| SHA512 | 870bff7a0e177ad150a1366af7f09406b779b9eaf6fc6c3a620325f0e9ec31846363a3a55de1d3b2f26621c4622459aaeab3bf71c55c6cee913972132945167f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13360846052673487
| MD5 | 08f784ee79994067b88c2947964739e4 |
| SHA1 | b4af98d0b68b7518504701ae39c7fbe59daeaeb5 |
| SHA256 | 6a19ea30eb12a5a3fcbdb7816e99cfa6b5e6d79a6263ecef735d9f88fe008792 |
| SHA512 | 3ced04ab6679a4960352ff68b602c1d71dc2593de8266afeffcae5533bb4e4459009eb5eef7b190d76da25896f3c313792e4472d5c5df090e22cd20ff685ec03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | b582325841c21ae88b32c49072d20ddb |
| SHA1 | 227a47b1949554ce45a5a9e16425b5de09b16549 |
| SHA256 | f7981522e590f63d9757bc2dd47fbcf79d22e64ba077fa8fbce827d65f568693 |
| SHA512 | 22cef0004f9a02c6ac4d175da3fb5683b02094d89ab8feb2819bb95bb458f1c28d145f06f8ba73c1bdb6e45b7917a73af4c3d452a0e82359ab57980100589457 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 234f5cbed9afd1e85745b6835014ca0f |
| SHA1 | e33639e5e2a0b199df12e0e94715ea3b6c32b2d7 |
| SHA256 | a2779aa7ba95645122acbfbd018c4e9970fc7abbda951bfeb75199742cf6c0db |
| SHA512 | 9038aa6b649362f3ed86fc6cecc421019657f08e96c0b100efbe58dec890870896b3b72991b4e02b0813b4dfbe40a3335b76db3d1670af067d64aec42ffc4390 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | f8b99d9873ab7e695b8f26cd8fc32b81 |
| SHA1 | 7b1d83d80d23dccde85fb8a2b7694967f43716b4 |
| SHA256 | c908a17c728227a1a007294d871e1b1fd5cbbe854e5b21af09a8a37cf93da48f |
| SHA512 | 442dd8f7f37f16ea5cb97c6b9b99b5434bc8e6746c64fc09d2cb5e6446ae1001d13b121756efe4ea92297e5be1c85eabbfc0a0064471ceeb35d94c3d2f80eb35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 3d95223eaa50f1e83ec53acb7919f286 |
| SHA1 | 2efa4edd7c56774e51407faef25cdcb568a16434 |
| SHA256 | 7b480c92b78be12f7df8c2e58ac1400d3048a4309385822d960bee2916eb678c |
| SHA512 | bc2297e34b65a814d6e767c94118e650fb5e46b742d53fb8118a60717530e4d4ba464e7eb3ed49669f74fe12527de4bb4bb0f1f745043a952b66ddfac539d024 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 376ecacf0b8953760ff7de47dee5d70c |
| SHA1 | ba1c7c5fd84c5e0994cf3ef38ab7000553cac673 |
| SHA256 | b0a778844aa1bf98ab2b1a18afbc9848206b9a624acd496c8318b3d22b6fe221 |
| SHA512 | ed7d8286162992e8470a4b4e19d6240751f6e20bd9f6cae235c10f976407485c141f5d39da9eda76615492fc277b0cde447f597f3a1a6dbfc7dc58eb754627df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb78e9a3b6c61363264fa608e2f0ca5b |
| SHA1 | f7b5ba8afc0c81557a6852b5b395bcbccc71d244 |
| SHA256 | bace39b2daa53d528a7544fb8d95fa5b2c00265b266b583ad09c7c7470c9ca77 |
| SHA512 | 4d58dd5f2684d83c78700677ad765e1da224defc53751471e4ca69a0f499ac6897c256863f9fd4b26a73c856c5680de6696aa0cfa13db2af9df66af3a95168ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | cb5ea9858a0b5a5ed0759f702ee11550 |
| SHA1 | 96cde82263ae3f3668a638635d868fe9a8ea08ef |
| SHA256 | 485e4ae123e2387ec948ce2969140a0c6f74b24b4a3f011430b44a5cea4c8ded |
| SHA512 | 57f33685ee9d25f4051504f4d0964d992b270013eac956f76a34d4e20b03f77f9c19aede39b048aeddfa44cb2908b682e6d4eddff8ef5c1790c3dee7363598de |
C:\Users\Admin\Downloads\HMBlocker.zip
| MD5 | 5968e8a8caa61b46ba347f8c521c1f2e |
| SHA1 | 88f9a7ce6e77d191c9a57ecf238ef5e9e9ba6c7c |
| SHA256 | a181f8925c8c66614be38de89e6dc38cf85715379a10de8d9f9d70b04891ca35 |
| SHA512 | 6b0659ff7a5548cd1b752a72a70b147d1c9676dce14148430961a7b5204d4e3a42de5530d423ebb879f8e5c72785a45e5b20bd40cbf93cfaefe981534e96cbe3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f512b2e97455bfce33e40796e7bbb612 |
| SHA1 | b2f934296c7213137c87cbbbfcec300eb4fb31dd |
| SHA256 | 10ac10960e285742e01f91a412bf24d88759d15b8a578b43d6f3904bb6f7246a |
| SHA512 | eaf47d6c36fef0392c4e0a984325a61024666bf13256900d57c0590678e7f70220e41fc7140adb8e339c0a15c1b7f6dd39113443d4b6e71d8430dea3addf9bd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e73f0c6b7be68da64f815991efe6fca5 |
| SHA1 | cab41d3995a916e18ca61a993fabd78c6fae29d6 |
| SHA256 | e8aeb69fa1dcfdc111b707ff2d488948e3e37a75d1c045125b84dfcb2f37d3e0 |
| SHA512 | c28c28f48050175065f3fd25d29e7542711ee1cedbf388fe96a621be8d7de14a27b23fdbfa038f00bfbb3036ab6244aea1ece39ef030b5f8490dbd5a34d1b2d4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 73e4568e7fc58c167e350ac8caf476d9 |
| SHA1 | 79528d86223cadff0b43a49a5926a113dcda9e02 |
| SHA256 | 4a60e49cd0dc841e9898b8002425138baf9e96e4e025998a32fb4525bf22f01d |
| SHA512 | a4881e75b5c15b610c18b6481b5b45a8523a0efc05baae847595edb7caf2cb0c15561de0d1950a19529c3f2dc12d343da8f95a289f64d14ee036203de2dcba41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f58694d3f1ea71cc01ffedd7a0e3f806 |
| SHA1 | c8b5ca6b71523bfa8c43da6c049f71c8cafec13a |
| SHA256 | e756b43122b2e41e3d6489b180accadc11c4f3c0d6e52c8ce436ff5a28d87c83 |
| SHA512 | 4192461f90f7c16033ff32c9f2022fc6660493823dba96d0d719ab93f116a5dec7931c5852a46fa66257eb85ba9855b92d1113768fb9c15cc142613cac3e678d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ee8c42b31d4b4b7dee1908c2ec179ef0 |
| SHA1 | cc8701ecc35b34c07b46a52d386d9bbaf2758079 |
| SHA256 | 2e5092a8d9330e8a7ca7faf99188648215675d6e8a2d2b7b2e1f60e6c13e8289 |
| SHA512 | 99d0f3a758627bb0d919dca252021c435a54e9522cc5d8fcb368b915f7388e205445b9c24d9dd1578dde17c9fbe68ba5dcc5893169b385515f1d904718aac223 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e7814cdfb0865b3da1a96166c7922d1f |
| SHA1 | 6f9e9b564a59d41a35696cbd0a6812a27b8031dc |
| SHA256 | 1ed7422b5e6a44c89a6fc0bcac965236782a833c3e0db151d0f39c657f9258af |
| SHA512 | a3c97197e172c37fb58c0e23d66b07121c87afcf70894a8cc572a00db97105f13adae283b84747237fac91bfe68ff2225c8631584268f1cdeca6190c8b7c6cd0 |
memory/5200-1066-0x0000000000400000-0x0000000000420000-memory.dmp
memory/5200-1065-0x0000000000580000-0x0000000000581000-memory.dmp
memory/5200-1064-0x0000000000580000-0x0000000000581000-memory.dmp
memory/5200-1063-0x0000000000580000-0x0000000000581000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-22 10:00
Reported
2024-05-22 10:14
Platform
win11-20240426-en
Max time kernel
620s
Max time network
636s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" | C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\gdifuncs.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\gdifuncs.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Uses Session Manager for persistence
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\BootExecute = 6100750074006f0063006800650063006b0020006100750074006f00630068006b0020002a0000006900630061007200750073005f0072007600720074002e0065007800650000000000 | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\avg_antivirus_free_setup (1).exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw.757855d90487b2ef\avg_antivirus_free_online_setup.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe | N/A |
| N/A | N/A | C:\Users\Public\Documents\aswOfferTool.exe | N/A |
| N/A | N/A | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\aswOfferTool.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\mbr.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\avg_antivirus_free_setup (1).exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw.757855d90487b2ef\avg_antivirus_free_online_setup.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\icarus_rvrt.exe | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Windows\system32\icarus_rvrt.exe | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" | C:\Windows\system32\reg.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\AVG\Antivirus\gui_resources\default_av\mainWindow.html.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\libevent.txt.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\x86\aswPropertyAv.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\unrar.txt.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Inf\x64\avgArPot.sys.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\nghttp2.txt.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\locales\de.pak.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\snapshot_blob.bin.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-synch-l1-2-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\locales\es.pak.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\locales\pl.pak.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\aswAv.dll.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\libwautils.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\process_monitor.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-sysinfo-l1-1-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-math-l1-1-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Inf\x64\avgKbd.sys.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\JsonCpp.txt.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-datetime-l1-1-0.dll.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\sched.exe.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\event_manager_er.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-environment-l1-1-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-processthreads-l1-1-0.dll.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-filesystem-l1-1-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140_atomic_wait.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\AvDump.exe.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\x86\asOutExt.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\LZMA.txt.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\yara.txt.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\aswDld.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\AvConsent.exe.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\RescueDisk\aswRegLib.dll.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\RescueDisk\aswPECommander.exe.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\Detours.txt.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\RescueDisk\aswPEShell.exe.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\lexbor.txt.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\shepherdsync.dll.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\avg.local_vc142.crt.manifest.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\dll_loader.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-util-l1-1-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\shred.exe.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-da.json.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\c-ares.txt.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\AVGSvc.exe.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-file-l1-1-0.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\locales\vi.pak.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\gui_resources\default_av\antiRansomware.js.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\RescueDisk\aswPEAntivirus.exe.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-console-l1-2-0.dll.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\api-ms-win-core-errorhandling-l1-1-0.dll.ipending.37f1f72d | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\Licenses\intel_asm.txt.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-tr.json.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\gui_resources\default_av\notify.ogg.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\avg.local_vc142.crt\msvcp140.dll.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\locales\da.pak.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| File created | C:\Program Files\AVG\Antivirus\locales\it.pak.ipending.37f1f72d.lzma | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus_ui.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus_ui.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\gdifuncs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\gdifuncs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\gdifuncs.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608462470408562" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367" | C:\Windows\Temp\asw.757855d90487b2ef\avg_antivirus_free_online_setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367" | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "a7227b6d-f88c-4405-9564-e20758ca3390" | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367" | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "a7227b6d-f88c-4405-9564-e20758ca3390" | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "a7227b6d-f88c-4405-9564-e20758ca3390" | C:\Windows\Temp\asw.757855d90487b2ef\avg_antivirus_free_online_setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\56C7A9DA-4B11-406A-8B1A-EFF157C294D6 = "a7227b6d-f88c-4405-9564-e20758ca3390" | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw.757855d90487b2ef\avg_antivirus_free_online_setup.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\5E1D6A55-0134-486E-A166-38C2E4919BB1 = "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAuH98WfopSUer/dcBl87iTQQAAAACAAAAAAAQZgAAAAEAACAAAACbq6Rox2eunNzusJ8bMGcPLIQkPUBP0ZZhgQNLQjB7UQAAAAAOgAAAAAIAACAAAADogqvDXLrJ8Q2OGsTqw8P6C364tXUJkDSNVgaG3eQoyDAAAABoFBcz+GkVtqzoplEj+135n9YdGFj1OI23KpwXzf2ohlpfeKsWvagrtBs7xB7KNGdAAAAA2CbAjXlSgg1CXcZbZIQj1+J4vqbl2Y4unR4YGudoRSqr3iEwbXbsBQmZVtPqG/D8PWeztzEx4l/LjE8ALKop0Q==" | C:\Windows\Temp\asw.757855d90487b2ef\avg_antivirus_free_online_setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\C06AEB9D-8774-46E7-8160-8321BCD14D9F\7CCD586D-2ABC-42FF-A23B-3731F4F183D9 = "4DEC930631D6A523D3820D3CE1249367" | C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\avg_antivirus_free_setup (1).exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\gdifuncs.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\dugga_848274.gz
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe301bab58,0x7ffe301bab68,0x7ffe301bab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3092 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3160 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4324 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4416 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4756 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3448 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1244 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5084 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5176 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2752 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe
"C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\E1D3.tmp\E1D4.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\mbr.exe
"C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\mbr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\tools.cmd" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\jeffpopup.exe
"C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\jeffpopup.exe"
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\bobcreep.exe
"C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\bobcreep.exe"
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\gdifuncs.exe
"C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\gdifuncs.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x0000000000000480
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4888 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=2428 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5516 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5632 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5208 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5688 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4592 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5628 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4484 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5744 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5596 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5984 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5728 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5152 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2420 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4892 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5672 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6152 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6136 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6288 --field-trial-handle=1824,i,5222123460610165267,278177392302954283,131072 /prefetch:8
C:\Users\Admin\Downloads\avg_antivirus_free_setup (1).exe
"C:\Users\Admin\Downloads\avg_antivirus_free_setup (1).exe"
C:\Windows\Temp\asw.757855d90487b2ef\avg_antivirus_free_online_setup.exe
"C:\Windows\Temp\asw.757855d90487b2ef\avg_antivirus_free_online_setup.exe" /cookie:mmm_bav_012_999_i8e_m:dlid_FREEGSR /ga_clientid:5bcda137-f8db-46b2-8644-9e5440a89751 /edat_dir:C:\Windows\Temp\asw.757855d90487b2ef
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus.exe
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus.exe /icarus-info-path:C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\icarus-info.xml /install /cookie:mmm_bav_012_999_i8e_m:dlid_FREEGSR /edat_dir:C:\Windows\Temp\asw.757855d90487b2ef /track-guid:5bcda137-f8db-46b2-8644-9e5440a89751 /sssid:2156
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus_ui.exe
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\common\icarus_ui.exe /cookie:mmm_bav_012_999_i8e_m:dlid_FREEGSR /edat_dir:C:\Windows\Temp\asw.757855d90487b2ef /track-guid:5bcda137-f8db-46b2-8644-9e5440a89751 /sssid:2156 /er_master:master_ep_01d75fdb-67af-4df2-9a15-02054b983a92 /er_ui:ui_ep_e045d86b-53e4-4d6a-9f50-3229a8fb9613
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus.exe /cookie:mmm_bav_012_999_i8e_m:dlid_FREEGSR /edat_dir:C:\Windows\Temp\asw.757855d90487b2ef /track-guid:5bcda137-f8db-46b2-8644-9e5440a89751 /sssid:2156 /er_master:master_ep_01d75fdb-67af-4df2-9a15-02054b983a92 /er_ui:ui_ep_e045d86b-53e4-4d6a-9f50-3229a8fb9613 /er_slave:avg-av_slave_ep_a5b65b6f-e981-42f2-aac7-04f24f37341a /slave:avg-av
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe /cookie:mmm_bav_012_999_i8e_m:dlid_FREEGSR /edat_dir:C:\Windows\Temp\asw.757855d90487b2ef /track-guid:5bcda137-f8db-46b2-8644-9e5440a89751 /sssid:2156 /er_master:master_ep_01d75fdb-67af-4df2-9a15-02054b983a92 /er_ui:ui_ep_e045d86b-53e4-4d6a-9f50-3229a8fb9613 /er_slave:avg-av-vps_slave_ep_59121d13-b325-4110-8ff1-289a779c1a70 /slave:avg-av-vps
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\aswOfferTool.exe
"C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\aswOfferTool.exe" -checkChromeReactivation -elevated -bc=AWFC
C:\Users\Public\Documents\aswOfferTool.exe
"C:\Users\Public\Documents\aswOfferTool.exe" -checkChromeReactivation -bc=AWFC
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\aswOfferTool.exe
"C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\aswOfferTool.exe" -checkChrome -elevated
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 104.21.21.210:443 | x.synapse.to | tcp |
| US | 104.21.21.210:443 | x.synapse.to | tcp |
| US | 104.21.21.210:443 | x.synapse.to | udp |
| US | 104.26.12.204:443 | api.iconify.design | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.180.3:443 | id.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | www.avg.com | udp |
| BE | 104.68.90.189:443 | www.avg.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | static2.avg.com | udp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 6.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 189.90.68.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 23.55.96.141:443 | s.go-mpulse.net | tcp |
| SE | 104.73.92.234:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | widget.trustpilot.com | udp |
| GB | 54.192.137.49:443 | widget.trustpilot.com | tcp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | www.nortonlifelock.com | udp |
| BE | 23.55.96.68:443 | www.nortonlifelock.com | tcp |
| IE | 34.250.112.230:443 | dpm.demdex.net | tcp |
| GB | 172.217.169.74:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.92.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.137.192.54.in-addr.arpa | udp |
| IE | 54.72.172.22:443 | symantec.demdex.net | tcp |
| IE | 52.209.221.170:443 | cm.everesttech.net | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 8.8.8.8:53 | mstatic.avg.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c.go-mpulse.net | udp |
| NL | 20.50.2.58:443 | mstatic.avg.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| GB | 13.224.245.89:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | oms.avg.com | udp |
| IE | 66.235.152.225:443 | oms.avg.com | tcp |
| US | 8.8.8.8:53 | 68.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.112.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.172.72.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.221.209.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.2.50.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.245.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| IE | 66.235.152.225:443 | oms.avg.com | tcp |
| GB | 18.245.253.79:443 | script.hotjar.com | tcp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | tcp |
| BE | 23.55.96.141:443 | c.go-mpulse.net | tcp |
| US | 8.8.8.8:53 | 79.253.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zn8ksx2qgjavxayw6-gendigital.siteintercept.qualtrics.com | udp |
| US | 8.8.8.8:53 | x5s5cj3iirnl2zsnyura-f-cf4dbad64-clientnsv4-s.akamaihd.net | udp |
| US | 104.17.209.240:443 | zn8ksx2qgjavxayw6-gendigital.siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | siteintercept.qualtrics.com | udp |
| US | 8.8.8.8:53 | privacyportal-de.onetrust.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | www.upsellit.com | udp |
| US | 8.8.8.8:53 | analytics.ff.avast.com | udp |
| US | 34.117.39.58:443 | www.upsellit.com | tcp |
| US | 204.79.197.237:443 | bat.bing.com | tcp |
| US | 104.18.32.137:443 | privacyportal-de.onetrust.com | tcp |
| US | 8.8.8.8:53 | 684dd326.akstat.io | udp |
| US | 34.117.223.223:443 | analytics.ff.avast.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 240.209.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.39.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.223.117.34.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.133.125.74.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 34.117.223.223:443 | analytics.ff.avast.com | udp |
| BE | 104.68.90.189:443 | static2.avg.com | tcp |
| BE | 23.55.96.141:443 | 684dd326.akstat.io | udp |
| GB | 172.217.16.226:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 4711400.fls.doubleclick.net | udp |
| GB | 216.58.204.70:443 | 4711400.fls.doubleclick.net | tcp |
| BE | 23.55.96.141:443 | 684dd326.akstat.io | udp |
| GB | 216.58.204.70:443 | 4711400.fls.doubleclick.net | udp |
| US | 8.8.8.8:53 | x5s5cj3iirnl2zsnyuva-f-b6c7df0a5-clientnsv4-s.akamaihd.net | udp |
| US | 8.8.8.8:53 | 70.204.58.216.in-addr.arpa | udp |
| DE | 184.30.215.79:443 | bits.avcdn.net | tcp |
| DE | 184.30.215.79:443 | bits.avcdn.net | tcp |
| US | 8.8.8.8:53 | 79.215.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | v7event.stats.avast.com | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 34.117.223.223:80 | v7event.stats.avast.com | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | 22.93.73.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.avcdn.net | udp |
| US | 34.160.176.28:443 | shepherd.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.avcdn.net | udp |
| US | 34.160.176.28:443 | shepherd.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | 28.176.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | ipm.avcdn.net | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 34.111.24.1:443 | ipm.avcdn.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 172.217.169.67:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 172.217.169.67:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | s-install.avcdn.net | udp |
| SE | 104.73.93.22:443 | s-install.avcdn.net | tcp |
| SE | 104.73.93.22:443 | s-install.avcdn.net | tcp |
| US | 8.8.8.8:53 | 1.24.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | shepherd.avcdn.net | udp |
| US | 34.160.176.28:443 | shepherd.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| US | 8.8.8.8:53 | analytics.avcdn.net | udp |
| US | 34.117.223.223:443 | analytics.avcdn.net | tcp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| US | 8.8.8.8:53 | honzik.avcdn.net | udp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
| SE | 104.73.93.22:443 | honzik.avcdn.net | tcp |
Files
\??\pipe\crashpad_5084_ZGVQPQTCAWAODKCN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d16e1d1e49805330bb462fe036e6236d |
| SHA1 | 91d39c9d8b972e190b7af032abfff07558b1c159 |
| SHA256 | 731bfd7e43abaec9be8c746adecb4941ee6043139d331760d61f45ca54e92849 |
| SHA512 | a04f1ab45472ce36e0e42e627c2f3873d7a436201fb23b72e7e4b84016786ff6c4f676117cbb23c0d226c42f5114d0d394e3e8ce36d4758cfffac737323e8293 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b625dcccd6b6a97cd588e5d44dbcce94 |
| SHA1 | cb23da8bec9068a30ed33e35d2c55d1b81102d66 |
| SHA256 | fbbb3bbd0676bcdcae7ae6a75d0a35208b2ba20ca293a30e859de6cb406d49a3 |
| SHA512 | acb75864699ff780d68b1961dd68b0da5d6bb015bedb8ba73cd2573fa3887f26fa8321750a261e05e66df76a085143999ba009a80beba87ac695a5baf9244388 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f58281b79ce24e9907f6625166860b37 |
| SHA1 | 5817c0bdf1ce2d76d4f1b4b9d00dbf1c783838a9 |
| SHA256 | 797a2202e3d2e47dd440d90db6fa2225638f28aa13a3fe4660f6efd7227d0a3d |
| SHA512 | 24961b05d43a7c4e73c438f0e13dc6e9fa985516b288cc01548a0865a3d096dfc558ce7dad329963ad543701d70da87eb4ecf86803a7d5a3074e4e472e4c2b75 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 36d8d794dacdf0797d024d5ae74f1fd0 |
| SHA1 | 92ed0d84e439b3bee8db8203745ef71c6255f29d |
| SHA256 | 4acd634e65ab1b554d231702d0f6b31dc250c47e7c0544a6708383b54745a855 |
| SHA512 | 76925de5139d6c6f4cfaada2db3720687613f78e357459a1cb753ad24fb4087c1d1b8b91e22f3e537ef5b2ea39827d3428e22b4dd566ab3b750ac9142814fa86 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a0234a184f4addac1be7e61c59a8ab1c |
| SHA1 | 44c2232bdf1e3bd13ac46a55aeac39812347e434 |
| SHA256 | eafd9eb8a3fc5efcbc9ae93a0e0d946b7ab467d4326b15c735455c5d180e3fa2 |
| SHA512 | 660d34641f4c738e33307dfc9e99e6af999abd509bb0ec47656be8379e38cf1144c151883bcd955d95b5c866fcb4a6350128ef0651dde7b71f5b6809b0d9f413 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7a2b55a1d9ddf170ff6baffa527a152 |
| SHA1 | e6b70218842fead2ff4367623b9703588a120cae |
| SHA256 | d412256eacb13d9b230a3133508678735347e85f7dd29a26f91a041cf44815d1 |
| SHA512 | 4eb57625be65fa926d91355968800e1445267ebcabedd7c134bede77bf78ac8b0e1678b5fade19194800815e5ddaa8b30b0300571a04019ce7de9ddb32fa9116 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | f2cb04d67007864e88f14c7e8f36a3e0 |
| SHA1 | 02841e29525ae9522f8da905a11317f0da657e00 |
| SHA256 | 26f1e1bcb01790cb0618583ccb0d846c8e7e38782029c46b677b1e174d575274 |
| SHA512 | b2cfca672813a2b2a09764a19cdfbbded75d56df0286d8ec0f2f415949944f27b28464890da4e455feed2e887febeec0e1c2335eeb8dcacf2740ee45d7ec6a99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5dec57.TMP
| MD5 | 60a3fcfba7f349618ccbe9d2afd39dfd |
| SHA1 | 2285c02cffdecc4fb248b2817b5d01d46f9fb67d |
| SHA256 | b06b58dd073c62f37202683fa4787bfb5de8145e63373ac489ba7069c8766fac |
| SHA512 | 4011c6ed73bc0700a8b9118327cc08cd347b6b7eab1891faeb34cab7b3dae5f2d1f7913392bbae4a22580b2c9bd8dbca461644af390ae7248172c6c640c60785 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9889c4f110a0f385af5851701967706d |
| SHA1 | aef99d1162815ded9854350a20996c5639b8fbb0 |
| SHA256 | c2a08f1c3ca417bc2f0d141ddc5b6c450714c335b159494a93b4fa4c02ce116a |
| SHA512 | 9f34b90400182afe74138d24e5de12619543541f435bef2200e25286425484242849c0053c162e2527fa52003730b6428f4e35a60d47d346867877518d52eb29 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 402817aec240c1485268c5ee63774f82 |
| SHA1 | f50499fc9fe2885e53ccf61f609a8d6e710ba379 |
| SHA256 | 5bc6f11afe2ca881f556d77411ee504cfc0dcfed73717457d1ea0b765ac9a409 |
| SHA512 | 9e4444b787428ce1d71288c14607297673553452234427f462a6813032f6479235b9f22a773e453cc189cde26d6e372cf5ce04d751ece1e4c3d6b22d12e8d966 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
| MD5 | 0ed8278b11742681d994e5f5b44b8d3d |
| SHA1 | 28711624d01da8dbd0aa4aad8629d5b0f703441e |
| SHA256 | 354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2 |
| SHA512 | d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
| MD5 | 5f8c1415796b9a6b72c2c53d49ff819f |
| SHA1 | 9a9b6a668f46466f62dc578a1230d039ae5a19eb |
| SHA256 | 4fad02175f651199334d0f79784df595bb055fd1eea3307097387af0d70ee24f |
| SHA512 | 88f210a9a96ce722e767c7f51cc2d18e16f3303e7512ba1cfbd8b98414ff82082b186e0d156581caffb6cb27c26cf921f8320908027db1b2fb38f5f91052f3c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 0d36973dc39911193f92ef055cb61822 |
| SHA1 | 8bb54d1d16d0fea66cac1311f9e2ec54fdeab03f |
| SHA256 | 3a1190a65811654b7f47626b385fef09d6085cc277f596394ff0364560034bfc |
| SHA512 | 034d34bb1761cbbd2602bf488df7ff4b45779df86605896a000181477b6c501c0c969a004d6295ec342752fbfa887a7ea8b0f2f55691133edef9aa46553206e1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | c18e6b95fb6f03a92ea8a23840002190 |
| SHA1 | 23b6043ce807d727bfccd18c22c418f579501568 |
| SHA256 | 16a81423f5dfc38402b52468b563381b04eb7ee5f89a1b434352a3f9a27a197f |
| SHA512 | 49c1eb05a2a4b440760b44b3b1894467a65f374d676109357221ddc343533a88804186ad96d8651375c589263f35478f82300a6b8d4db48e6d770df612faf959 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
| MD5 | 509dc4b02eb8ee84785158902b34aaf0 |
| SHA1 | 8f71d6b7aa6ee0171f14d35198f694586dbf3b10 |
| SHA256 | 93abedc956d4291a401a8a619424fbace07da3e5d10fc4b93c5f455594276ce7 |
| SHA512 | c981d96d4f1bb9031df2e0706b77c610572cabe5fcb89afdae42d1542059e6b7fa72588bb1fdb76f4cf27deefc836506aa4c22761c093bb573a61c469c9aa4d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
| MD5 | a3b3c1eac99981548d956c0bb83ed8e8 |
| SHA1 | dae3c0e32442851a372e26bc4e88ae20c3ea1a5b |
| SHA256 | c75622dbd2e6c6cd9cc5ecf3cce49bac92c6e298930150b88feab62b18b28fa2 |
| SHA512 | 0a1a8d9e2ca51da671ce1ab38f6bda5a97b1f81c075c48a07cb8cb4e9b089dd239a075ef13d8c3bacd68852a76906d234f576d1b6f7837c9b75edbe48beb546d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
| MD5 | d1d82e0cad752a259f13667e6422149d |
| SHA1 | 298f1d8f85572581ff29af1d5257b33e949172ed |
| SHA256 | e91981fde574de84404529ce4beaeed5e5e150c358ab11e155f0c6dda44261b5 |
| SHA512 | 44958b0579e79d16f54c818090a6e2e167d1989a8821cd8b09bb94aae00e91203b44b63e214d44b312ec7b3e76075463a10013f4f8dcc93a5a9fd3ffd7917a73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 682f6f2bf0be3f5a65249e44f11d2ccf |
| SHA1 | 97750d7313fc4b4727f9b9ff2ef7a5360bd0f7c7 |
| SHA256 | ee959c422cbfaf4b66b329d7db74c7b3ba14cb1fe198e44aad306cb5a2411254 |
| SHA512 | 953a7bbb4bcfcf3b608539f2ddf0a3170717db81792cb4e5e57c1e3ca4e17395b4278fce6a88d2081b5e31cc1ba7450f3926780b21c6a7a5f696b987c3490e7f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2c84cec9f1fd745a508c12e2761ff90c |
| SHA1 | 157b4ccc370267c3505a49fa3c5975d45d3a4380 |
| SHA256 | e80db12eb471dc8b04da5a579b4b07923b503a5b0e715d9acf24c7f08bb07fa6 |
| SHA512 | 1f9eff40dade5a99ad21c39408a5d512ed79c33ddfbe260cfe5678ec52282e67799b07e2b63eaaa438813303bf8b836b47e5c7e44366bf3e183a0e605f90c67a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f6100a3e12bedf056cdeabe1b3fc0ce9 |
| SHA1 | 5149595d377611f3f04dc5ab407c14d568d796a8 |
| SHA256 | 26c1613a05349354205d185252e92d46fd3ab30e25124eaeb2a12ede08117702 |
| SHA512 | ffc36fc9e480ad4eea88673874ba6e2048551ed723d1f46e68dce7ff5421f8d925ad65b021066ef4ae68b856bb8c124eef1de4b9b6cc289d53901249cde54609 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e8803f458bb700978f893771b40f3ebd |
| SHA1 | ffb2db3c95227d1336faa7aea5d81480f2b03c6e |
| SHA256 | 7364a44563d4c87a39826f1dcb4feedabafc300642719fb74a57f4aaf970ab96 |
| SHA512 | fad5f369c294fe5f54ee01038e39782040ba78d0d83033e331c44fbf2ae5d9b0aa95644a0e9c02aebf1c34331b9f3292f4e25f63940cf17c3b92607e4753440c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d8d13e3f3a23b04eadcd823b60110fd7 |
| SHA1 | 02c9664869923dfd8f739ca0149936f4b4958779 |
| SHA256 | f90a30040bd84193cdd36da6fb45e7f6a1743d65ee7aaec84f48b4287c0ff511 |
| SHA512 | c16f5aa99ac81c6d52fbfdac073385dd52717ecd7fa19768edff01842d2060e55767dcfef2bd962ae1747fa61ea39ed08c61064d2dbfe96259cec69e4e515710 |
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe
| MD5 | 8f5a2b3154aba26acf5440fd3034326c |
| SHA1 | b4d508ee783dc1f1a2cf9147cc1e5729470e773b |
| SHA256 | fc7e799742a1c64361a8a9c3fecdf44f9db85f0bf57f4fb5712519d12ba4c5ac |
| SHA512 | 01c052c71a2f97daf76c91765e3ee6ec46ca7cb67b162c2fc668ef5ee35399622496c95568dedffbaf72524f70f6afcfe90f567fbb653a93d800664b046cd5f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4d8e64b9b13eb827aab12ec7a2a0f2fa |
| SHA1 | 3710e733231bb2d7b3591be07717bdb3d427ed0c |
| SHA256 | 2f76e9f0c7db60308747af271bf4b6e714e97724489cfcf0d9188fe981b438d0 |
| SHA512 | 39ca951701cea3dc2bff0e9bfdd1a915c00446747c4edfae0caf5398f2e2ff2f14b5d02eae9944f5e0ce2e99a10c3de65778c69b459ba969a9b293312dc02bb8 |
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\E1D3.tmp\E1D4.vbs
| MD5 | a0679dce64fcf875f4208b823d4b85c0 |
| SHA1 | 85abe3673db82bfe5b2c207dc98648e32afffea0 |
| SHA256 | 85a07013575a6a890c7b1d26adaa52f17616c4cca673617aa1fc0992aa29dda1 |
| SHA512 | 1e2740a09acc5b0d679acfd740feb3556638f1b6029078668bbb7e067b356fcecf23c5b317b02888822cc180c0eb5cb7e2caf63d92a74515ebc5a1031d80f3a6 |
C:\Users\Admin\Desktop\YOUDIED 5.txt
| MD5 | 05d30a59150a996af1258cdc6f388684 |
| SHA1 | c773b24888976c889284365dd0b584f003141f38 |
| SHA256 | c5e98b515636d1d7b2cd13326b70968b322469dbbe8c76fc7a84e236c1b579c9 |
| SHA512 | 2144cd74536bc663d6031d7c718db64fd246346750304a8ceef5b58cd135d6ea061c43c9150334ee292c7367ff4991b118080152b8ebc9c5630b6c5186872a3a |
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\mbr.exe
| MD5 | 74be3afd732dc010c8266326cc32127b |
| SHA1 | a91802c200f10c09ff9a0679c274bbe55ecb7b41 |
| SHA256 | 03fe34795ad0f91fc8eb8c9ebe8094541e4fb4d7095095f8b48f345c2a6d0f0c |
| SHA512 | 68fa03d640680e37614feccb56f4d41180724cb7c08ba25f9bea3830a44c03d635664d8e0255ab2d05d3613498f4a4dd4398b7971a2cb1c9ae3be93f944946e5 |
memory/4236-829-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\tools.cmd
| MD5 | 288bebe9f904e6fabe4de67bd7897445 |
| SHA1 | 0587ce2d936600a9eb142c6197fe12a0c3e8472f |
| SHA256 | cf965fcc5a7ca4d9245c706c88b4d5013fb84be27b0ec262facccfadf14bdca2 |
| SHA512 | 7db8e7c1318bcab7cef2c02484a82f347a630443a644b546a5cc339a5a848d1a3e915255f9c357de6ee26817a55d1091d80e2a8e97f66afa5686b3d11ee56c3c |
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\bg.bmp
| MD5 | a605dbeda4f89c1569dd46221c5e85b5 |
| SHA1 | 5f28ce1e1788a083552b9ac760e57d278467a1f9 |
| SHA256 | 77897f44096311ddb6d569c2a595eca3967c645f24c274318a51e5346816eb8e |
| SHA512 | e4afa652f0133d51480f1d249c828600d02f024aa2cccfb58a0830a9d0c6ee56906736e6d87554ed25c4e69252536cb7379b60b2867b647966269c965b538610 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 87f80ec82a3faffb9b049beed2fcc1ee |
| SHA1 | e36036938077c246184cce922028d3cb7fc626eb |
| SHA256 | f0677f22fce35fc2cda84ab86456e46ffc44b5faa849c11cbc434728dbb2240c |
| SHA512 | c51c3059621bbbce6d8fdb4930f3130b900bff93c33d85a3b8d0427eca7644a03f3a68b88107d864ba3451907e5355c824255cfce0b8a92396d3e80871b3f850 |
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\gdifuncs.exe
| MD5 | c47c6a5111193af2c9337634b773d2d3 |
| SHA1 | 036604921b67bbad60c7823482e5e6cb268ded14 |
| SHA256 | 7c4f20624dd062a6c71d845d05c6328d5a903ca96398e2902506591b231ed585 |
| SHA512 | 56698b7b2edc0f94d0f7172c853cbe67ac682d132df768659ebca0c169091acb36ffd0a6874c26e2fb35117061c91c9eca4312532ba778312e3d63cc77ce1262 |
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\mainbgtheme.wav
| MD5 | 1b185a156cfc1ddeff939bf62672516b |
| SHA1 | fd8b803400036f42c8d20ae491e2f1f040a1aed5 |
| SHA256 | e147a3c7a333cbc90e1bf9c08955d191ce83f33542297121635c1d79ecfdfa36 |
| SHA512 | 41b33930e3efe628dae39083ef616baaf6ceb46056a94ab21b4b67eec490b0442a4211eaab79fce1f75f40ecdc853d269c82b5c5389081102f11e0f2f6503ae7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | afb8e4382076586b42084333af17cc11 |
| SHA1 | 8c491e7b48d58cf957bf0a4efe3a08674c6d4e15 |
| SHA256 | 40475021b6290867234b7a053ec23c346fd48dd3716f423b41b0598dcbf57d3d |
| SHA512 | 8e24abb784cf7fb70bc883ff7febe73b7d41f7c85b98f91ea36839e79a15e0be60ebf465202b00063e8154381aaa0bdaea503ed7b0c44aa0609ca56efc14c67c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6792e38104b85e20d7c7a7e0f2d88ead |
| SHA1 | c638eb0d0c4b3804ee5042faf80a47c38a9f756c |
| SHA256 | cb16559e4e8340b08fbf00732b37d6c00828dacdfc90309ffc6d30b536ed898e |
| SHA512 | 5976b6d7f768416a82045b51c8d799e94a7df121cc3c1e02824accc434c539bc20db5082cb90ade278e325bec1ad0a4d8556f26e8aadfe87e6b895cfebb867fa |
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\jeffpopup.exe
| MD5 | 4151b988c9d5c550ccb6c3b49bf551d4 |
| SHA1 | 10ff979be4a5bbacaf208bdbb8236b940208eed1 |
| SHA256 | 5ec45cc1a109f556d0cd44ba48d3bf11af556ee66dd8b78c94d3ef0e93735e8e |
| SHA512 | c73947b534741c29340550066cd1a6b7cbb4387f3be8303f2d1d0cb21c6f430e0415c27daabc82d32570f421934db78dc840403de18aef09d5a4f0cbe4350e4d |
C:\Users\Admin\AppData\Local\Temp\E1D2.tmp\bobcreep.exe
| MD5 | 219cd85d93a4ed65a481f353a3de5376 |
| SHA1 | a38ab77caf5417765d5595b2fcd859c6354bf079 |
| SHA256 | 00c9fdc8b877c7fb8365709155ab28cb3dac282ae7ec9fc9d47a78b408e0d13f |
| SHA512 | 367644e3bc3310207b5863b09688269c38a55540b8c87e71d66771c954d37d561ed09f3ee11b36c4c8f4a48b618b2e8debae3d93ff684d15305f93a3ade6b3d9 |
memory/3404-885-0x0000000000640000-0x0000000000B42000-memory.dmp
memory/3404-886-0x0000000005AC0000-0x0000000006066000-memory.dmp
memory/3404-887-0x00000000055F0000-0x0000000005682000-memory.dmp
memory/3404-888-0x0000000005AA0000-0x0000000005AAA000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a90b4199d44c26fbd471154762a7e75e |
| SHA1 | e5e1aec03f73ea3be95f7b595b75560857869e10 |
| SHA256 | 9ed52eb95d2861321330f426a291d93c5bba72eb17f80ce8407740835073766f |
| SHA512 | 0042f4d9bac607e43d02d0687a8a9398c672a9cc6ae467245027860e5954bd9248ec3cd1987a46c59f412110a482836b30e7bb7b302e7c9e99ed67c935fd6526 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 25143a30814e2bb97d09dfae8433a1a5 |
| SHA1 | 36b0f01200b2492ad1b9fc63400d4bdcbe5dc204 |
| SHA256 | 110d5ca5fb9b257f80e2fc8c2914cb546c0fb0502b107354c9fc104af720c81b |
| SHA512 | 46f69902b7807e80ecaadef0f6391265f48ff0857d89bf262e049020f9ff8421da1e532f924b30d1ef00a0a70455f97abe57e27d077610ad787bfd888696aad2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 824a57f350a6f274e533930b6cdccef5 |
| SHA1 | 0123478b6a7fe77c94d6fefa38f8e20db03bf811 |
| SHA256 | 863779323e410787360421ec5437f5a30508345b8217af9e00524db37726917d |
| SHA512 | 0b89084a1a5529427c5ebad550a736cea1820abb6853df9886bc63275ef235f7cac6e426b21e00fa6f05d0ed935c51fe2699bbb30bc51d0b794b92d704635212 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 053ec3ad581b6307b91960696e1b3ff6 |
| SHA1 | c691ca01bb7a52ae8f2d20e1cd322285c8d8fdcf |
| SHA256 | 5ab988f3b25b0a7301dd6b2bddf3b7f090c428834e7c55a8e66dff79d466afa8 |
| SHA512 | 9701578a57926e11127b520490c715377bdf4c8dad274991b00d684a5034f9d41fac1f306b17d88fa3d64c48d3609f80959d3ea7a86a4412721a6641a75d7687 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 746548dbe5d6ff0b5b2b3828cdded7b8 |
| SHA1 | 7048cbfc2d347a2b9bcca480bbf2d1578d13834d |
| SHA256 | 73385c834e83591f5191dcd141e697ebdb38dca7534e036d61b7574aca260464 |
| SHA512 | 531c8fcf628813dc6cf73c6e8954ae5868f0908fa16efefa6531bc71d3c78fd45395a161a2e22758ca8a27cce9ed6868423eaf8c0066cf66592cece8583a1c80 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b322feca8fb1acef89ec00dc87423f90 |
| SHA1 | 7f6988472c122a6d91e25eac28b63ae50604136c |
| SHA256 | f2d3c1427f87dbe9ee371e096186399790f0be04cb8cd0e2df4188e3da2b3d85 |
| SHA512 | da9e545b05a4db109985ec45d0928fd24360e10e9b6f0ccd32bdd48cc6cd0013953a0c98973d1c0349a5fd41a8881392ee9032c2122c22ec63650d9b7d14f9e4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055
| MD5 | 73179d4cf0d6a322cb4518a476aafbb4 |
| SHA1 | c9cbab5513471b363b81325e53e80135b0c81129 |
| SHA256 | f1ebc74d3f448b1ec3c40334cdcea33dad96ce1472a92420cfdc9a9dcd32f0dc |
| SHA512 | a44e5a94864aad09da90390b37fd5f11fd3d051608b302b9e9afb8fb7bd802c816a74ad9ff3327583b28b4b4639720bc178f9d2c7f0690ec14abcd27043e9230 |
C:\Users\Admin\Downloads\avg_antivirus_free_setup (1).exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c8b70e64cae85b76be4702d3e32140af |
| SHA1 | ea4608c5b8cca90b3c1df2263995a2e9e31a9ff7 |
| SHA256 | d8e98975a2e54252d2063d5934b57fe5a8e54f9df4215b255b36dcaa50c397a3 |
| SHA512 | dd206c71d9c9b5a5dd8ade76254dfdf56df7846d7a8a5d8f6eaec7245bb5b546e225fbc854d2c6493d022e2e2bb7aa9ea95e37e7eaa6b201c8ae40a86b4d3376 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5dff11b4e8ebccb73147a05ab058ca1a |
| SHA1 | 85f69ceea7a15c0642ec228966c4071dd8c87a54 |
| SHA256 | be9924275dbeecd7f601a5db2903b1880c40c8968f93550d9fd4a78a2ef6f663 |
| SHA512 | acf7db4c4f865a8336aeb91b600c8d64d555239047eebe72a9f7652c40dc0af4a02ad67416a30287cb5e8e2978b73623ca6b495813458fa6fdf9618012245c9b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1a2d20f1e3c8782ec2f9def0cbf582b0 |
| SHA1 | badd5901c4254e94fb3b0925a48a82adfd916923 |
| SHA256 | ab399872132a0bbe2b759b8fa6229de7aaec9f61717650ea7ae4f2514c325cda |
| SHA512 | d27f7307cbe73d4fcd1d1f895c6b622f8b663b31878b1b9e7268f511cfd2c9dd4dea3ab81495a647e0cf1966fd252a1d4b24edc084a6d50e76322e5ce66bb11d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 46a3447f8ee27aacf1fc2fe76d5b58b1 |
| SHA1 | 7bf64afc022fc9447b18dc582c306b27b516455d |
| SHA256 | 1c206e7845425d2c8bf26c29553d15f30b458978ebcaeec961a0be501e215afb |
| SHA512 | 22ff608b7e83f79f613eaf4078756b8283f0f28299e63ae59d3c78b05d831d94145ab9e6787a835ee34684af7ff1660f4d38f763800b13973886bf80475f5e5f |
C:\Windows\Temp\asw.757855d90487b2ef\avg_antivirus_free_online_setup.exe
| MD5 | 4ebfd5b14965fb15861a08884975a7cf |
| SHA1 | 6dea349f6afb95e3554e917f878693efd7e2a5e6 |
| SHA256 | c8c9a933462f6495a39cf80c51b3972a720d3bd301d1a0cc4472479f981a8a7e |
| SHA512 | f61bddd116d9c86523c9a3fde06604a3aacbe6de77522cd1f6198dacc0f1bbd4fe46af54a27e89c30666beb222580a4bea2c7d97a42830a84841083d8c1bec6f |
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\dump_process.exe
| MD5 | c22d80d43019235520344972efec9ff2 |
| SHA1 | 1a2b4b2a52d820f9233ca0201be9ee7f6d82adbc |
| SHA256 | 5841a3df4784e008b8f2c567f15bb28cdb4cb4ca35c750f1108dfb1ccb6011f0 |
| SHA512 | f1cadbc3077379a6d7e36b8cf3bc830f44b5e668d4a6c0ce6b62bde292498c4f41c6588c5eba2599aa67524acfd125b7f23c419ae2b4a8e4afea7708aad83edc |
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\icarus.exe
| MD5 | 97856ab19be2842f985c899ccde7e312 |
| SHA1 | 4b33ff3baeba3b61ee040b1d00ebff0531cc21ef |
| SHA256 | 2569a72d3a55ea7ad690d708907245c221664c5c88cadbc19e1967135fa40514 |
| SHA512 | b2f57fd7c482977ebf52b49e50e57f60f1bf87be5bbf54c0dcfb3038c0f46b89c70f10161fab7585d01b90c4fdc00b86932444f32528fed04b514c6746bff29f |
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av-vps\bug_report.exe
| MD5 | 0c0f0ca2bb49dfa3743e9d4156007c70 |
| SHA1 | 042fdfba346a89a83f0c782117038a82b29a28d1 |
| SHA256 | 0e1865702916ae47aafc54c6199e3a73acb735ae888f9a8dd7bc4656268ef9ea |
| SHA512 | e15f826ce67d4d5224cdcefc3194a5a9144e152ad16136f5774d2ca29484fc11e778e2e9d114af80ad2a99907bd4999e6eef95c7b7dbbe6a7829d67c1b6bbc92 |
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\icarus_ui.exe
| MD5 | 7ebae16a6ea514e55f7160c3539261cc |
| SHA1 | ae74b3af4926b6932aea68a32c7c8727d53a94e7 |
| SHA256 | f27f92f003505dbca839513d233198211860de0ef487973a5ce0761d8e8ebfb9 |
| SHA512 | f7c7c084517785f21ae0bd82509ddc31e985edbe9e07f275414806afa3f696037340ea0e6091221a5d81250adf170ca0fa4345915d000eaba6034a9db0f61369 |
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\setupui.cont
| MD5 | 50c6f100664620a3163b2166d436bd32 |
| SHA1 | 096dd3b1d3a56d7f52751a7da69d6a59700bc283 |
| SHA256 | 61edc543e208ddd4545fe3f62e02893d09185379a9c4a77a8e29ad4463f7088a |
| SHA512 | bb0d61ab76749a7e657d66a42b34910d3dfab13d88e1f0273ff6675edb3d460400bcf6e7d17440b58bcc9357abb974177d5fbf314056e6fe293a567290657c78 |
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\product-def.xml
| MD5 | d29cc35aeedc83b04874604da70e0f7c |
| SHA1 | 2d900b1705c5aca05801fb33cb53c15633e5c89e |
| SHA256 | 88554406caa420774a4798054a9ec22cbf7e4680cc7dda086ed54dd368adbcde |
| SHA512 | 59ea174fbfcb8b92fce26be35393d5844cfa3b0b770a1d880b9fd1e4ea7878166814494d1a22d74b485fd7a3ba132e0883e0526c0412df7cac56c40cf1507089 |
C:\Users\Admin\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0
| MD5 | 90fa198d758ac63920ea323737671c7b |
| SHA1 | f7596d8deb8ae2075330351da6c0a4d5ec22703d |
| SHA256 | 6c613849e4e81fb39f45022d05b96d1826aef95e39f889e8b772c952f9cf63d2 |
| SHA512 | 4bd43bb5b7fe1a2ed790f519601da7c86e655007077642d0106660656f1884c5dfeb0836208b512344edc020e5f45e076de2f38eafbf2d417b69ecbe5ccd566e |
C:\Users\Admin\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3
| MD5 | 168f03c5c241049561d93853fa2304dc |
| SHA1 | ee086aa5bc60436a75015003cb2dd27ae57620ff |
| SHA256 | 374d172fa5910a136fd3adba14744e6f740efc9dd62e34f870ea5698e349f60e |
| SHA512 | 169897b850ad3fa154452c34b87813f31723914110bf41e711c614e18b9850d036a2083cf908286a406d45db1c4a51f3b320792672b3287cfca08e756b5ee179 |
C:\Users\Public\Documents\aswOfferTool.exe
| MD5 | 4ba75fbdc944ce051b0caa31b354fe3a |
| SHA1 | a20f3e601f311c9fff4de672eae5bb033ed6dc6f |
| SHA256 | 80b6f07ece1e64e25c8f9ce2f4074a6af344b1900bbe823ea5b295476a209136 |
| SHA512 | e51cd73f155d75b682245d226cb4d9276719070ddd0df5e1779f9e92a89e232f828f33d55cdb2df99d70a7aa21b161fbf9c4978c3a74212716f99b7dcd03319a |
C:\Windows\Temp\asw-99da8c2f-6fa4-4ec6-b748-03a1031b3f44\avg-av\gcapi.dll
| MD5 | 3ead47f44293e18d66fb32259904197a |
| SHA1 | e61e88bd81c05d4678aeb2d62c75dee35a25d16b |
| SHA256 | e0d08b9da7e502ad8c75f8be52e9a08a6bcd0c5f98d360704173be33777e4905 |
| SHA512 | 927a134bdaec1c7c13d11e4044b30f7c45bbb23d5caf1756c2beada6507a69df0a2e6252ec28a913861e4924d1c766704f1036d7fc39c6ddb22e5eb81f3007f0 |
C:\ProgramData\AVG\Icarus\avg-av\icarus.ini
| MD5 | c043a3beb23cc43cb3e9acae2ad9d8b4 |
| SHA1 | f8a300a14643d9d2ef708839d882fa8fae274f73 |
| SHA256 | 3df024f72a0bcdd90a7c140591e224492481eb7f32a940bfb9af1cdb6472af9e |
| SHA512 | e5baa81e296b7f06360ed20d9484a137ca49c0505d2c94947b978b09b277f13184e540098e21daad0a72d8ddd831a57d6ac0e67c0aa860d87a051b55c3c9fff2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6d31373efede03fcfc77f04cb15b9a22 |
| SHA1 | 5d94102e341d358c95e3207f62c6f212cf8f7167 |
| SHA256 | ebb08485cf10e753e6dece7c10a62ed0b9da499144c93db48097e842d5b819b7 |
| SHA512 | 42bfc57dede29882ab44b0b791f0a7798611ca64e478fd05b95781440bf2972e018696aee5e44b47481e240793dda780b29847c0cbc53ad1487859d389351c98 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\locale-it.json.ipending.37f1f72d
| MD5 | 095fb2a9d0a5443f99343bb82e95bd1c |
| SHA1 | feb46c285c8e4718418c58836a7cf8c6b2ef668d |
| SHA256 | f691df6423400102e4ae64aeb1d27d397d0bd7270d0d55324013559f8c7e5c20 |
| SHA512 | 143a089b59b1c7e74b08e9d428ef6e0fa56a53037a113ba8d8517fef451fab441b763c97321b35d280d7e722b5c071f4c42523db1a906b9826b4b0ffcaf5d6f2 |
C:\Windows\System32\icarus_rvrt.exe
| MD5 | 97f5d0caaa1988c95bf38385d2cf260e |
| SHA1 | 255099f6e976837a0c3eb43a57599789a6330e85 |
| SHA256 | 73ee549578ded906711189edcef0eedbc9db7ccbd30cf7776bd1f7dd9e034339 |
| SHA512 | ad099c25868c12246ed3d4ee54cef4df49d5276a5696ca72efa64869367e262a57c8ff1fb947ad2f70caef1d618849dbab2ec6161c25758d9f96733a7534b18f |
C:\Program Files\AVG\Antivirus\setup\config.def
| MD5 | 4bd76d327aaa89ff112d9a7bc99e34bb |
| SHA1 | 777c225d3b02c9d2a0c73453f27de2d7bfde30a6 |
| SHA256 | 3c09cae25f464320bb5fc7853aa89d9538cf23c9de7763f2622516d2ebf9d1a6 |
| SHA512 | 82fcfc869f59082525cd67b6f157f00016b841e1479e2b4eef4e461dc60602ea6244153343078c5e5e5cf28d32fd34ceb68c8c845501ebb9836c735941781538 |
C:\Program Files\AVG\Antivirus\su_controller.dll
| MD5 | e0550e8ceaa60952606309d5041bfc1c |
| SHA1 | 98a23dd5190613bb9049a138f73f27f127daec05 |
| SHA256 | ec3c4f93b603beddc8d6df1b9767f3b1cf3cdd93758f6ffc19c349f1a092b9e3 |
| SHA512 | 46039df6c3250daf153dd12ce58d57b143c88a638cbf10d0be3cb5dacac7e62bc92938d17c25bf35b8c44366e7861fae2916673f3734d14ba2d9691264990d61 |
C:\Program Files\AVG\Antivirus\hns_tools.dll
| MD5 | dc34498757ddf476fe8b2586cd606498 |
| SHA1 | 4de4db8d662c5f8ce5c3027b72b64cc28f635232 |
| SHA256 | 760eb47899b460916d8da460e667d75266c3a874c2429617422bfc43bd06155d |
| SHA512 | 2ac8b56b1f8a1f3472d2015b1d1287229593b2f7a04f3e2226962999fc80df1871a7bcf8e8ee6dc053ca0903f457a5c086949b2cd2dab17463eb1facd3e05f07 |
C:\Program Files\AVG\Antivirus\1033\Boot.dll
| MD5 | 494dc9a6435dcb306a630bbb2a54bd84 |
| SHA1 | d8ae320aa23e4084d841cb7a8635b9624b946f39 |
| SHA256 | 93e7663c4f5c263e337bb3077e856e2050e5873f7fce2202fcbf996c283282f4 |
| SHA512 | 7389d1fbd032e36c27b7bb53103d0a0b77a009d97832d8ee8e12b568beed3f5dfded9ceb8ac7b54a78db3aa66e5c701a07d64ea9e336fabb9eaf895944e5c9a3 |
C:\Program Files\AVG\Antivirus\Licenses\bzip2.txt
| MD5 | 9087d9182e280d5a124e844fcf52af82 |
| SHA1 | 058d1d953744a7ace99b86c97238a3083dde120b |
| SHA256 | 5eca2c8028dee3a4728012bc60a763f69205325d0eb75b344cb7e10a788faa96 |
| SHA512 | 18758d28733aa9db4257db7a18176a8459265021f6cc60e48ee6bbca422411d798bc597a683afefce0045c2b025e65577f6ed085fa8c9acb10b3e23464da6dfb |
C:\Program Files\AVG\Antivirus\VisthAux.exe
| MD5 | c5b68c057b1a812662a9592c119c110a |
| SHA1 | b10ec39bd63a8e4ac079b7b573a1033323b9f48a |
| SHA256 | 997c881bb1e329002fe9405b40c822215db565a53b6eddbcbde038cac078e126 |
| SHA512 | 7743c9011139210420d850d1b93c9e2ab5fb1b28b35be581af8cd93cc22d3ad903bc8150a345814280a54c61bfad9c5b1a7bc706991c8fcb5aa3b7f7cc9bcf74 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\libs.js
| MD5 | 10d887f5a585e2f1f4d62260c97fe341 |
| SHA1 | 3b5f32bd91d07d822089015c73d915fc73030da6 |
| SHA256 | 1c2a7c5a2aa5d95b318849cd01581218809b0a833124fb00f908228969a51773 |
| SHA512 | 4d4e5b94eb6d976324327c32d88d2f9a18992892242de897e5367ba169b22dcd72ef00041dd364b19268769f829b4289ca82cbbb752c1907ec7ff08cb58f604a |
C:\Program Files\AVG\Antivirus\setup\config.def
| MD5 | e0dc51fb78fae78376a2e5ece3fc0acc |
| SHA1 | cf18a7f3f900e7246c7153edb261b7fbb5caa2d2 |
| SHA256 | dcb8d5b6a678ad95e8d8491e0733b0167f45a88635ba4c5ba86fb9c0226ecda1 |
| SHA512 | 8fa74b6b9cc0194b22dc444a32edd93007344e4786760b8c151b9420b901108fdbe182384ca11fef658deafe636871435efc73a1c0cadae9a08461b0558a5b92 |
C:\ProgramData\AVG\Icarus\avg-av-vps\icarus.ini
| MD5 | 3c28e285db12f32a88606f5c0a8c424a |
| SHA1 | 3112cba6bb525549022aa28bcf55952e168e4f93 |
| SHA256 | 226bf72377b3d4a1046984c2ec7ddc12d073c43d48e37448cd5d4d5d5d2aabc7 |
| SHA512 | 35d923ee1093f3c3090e9baa48464d8866c22d116ac92f0823ef7e98c6409330b06140c1d2b1fb51572ce187f23bb3e9fdca49528b1f0678f4aac413a0df5b7a |
C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-multibyte-l1-1-0.dll
| MD5 | 7442e7059f712705d4b97699bf56de35 |
| SHA1 | f924088428eda3b76030091cf59ad38afb590118 |
| SHA256 | f822289ea5a9b0ccf9777a72bc8b73ce68b596fcca811e0cff0adc4031056b20 |
| SHA512 | dec6228063bbab561ae0c02cbcbab3d08c15f261758405d8a709707a180a09af9c462b0b382b700177f285a1ce3bf7e71e093f9031d15f932120fbfd396aa851 |
C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 592a65b922d4cd052bae1957be801a4f |
| SHA1 | 8371486ce1b38e692c0abc4a2a9e0c3e1945bb89 |
| SHA256 | d78e74087d151454365adf6239967c8ecebe85b1c6c6d3f59e70f0980028b1e7 |
| SHA512 | 0837209e518d5db76ceb8128dd49cf03b8f0d11526630ad20c716ade1e02df1b39a8440d20ee20b488c6d6180c155d00a9cbbd311fc50f4803a8b95d4a545726 |
C:\Program Files\AVG\Antivirus\locales\it.pak
| MD5 | ab258570cfdde79a3595b9deeb6cff01 |
| SHA1 | 4563fc47d20d0a2ad81e7bd9298a5aecd11ddcda |
| SHA256 | 5fef05d02e5c971e8d3f6b5584720ebeed7c7e6e5214320f09ca6f7d84ffa993 |
| SHA512 | 8a7ef6aff2682a96511e2130de62989e5e3a9ae35b8db66173f7ee0102b1e5f5e0ee7ce2a6f06588ba6e4c577c6d5d5767d0a23f1fa1bce3c2d4b08f7bcc90cd |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\threat.ogg
| MD5 | 7490b7798417364db18a28945a941db6 |
| SHA1 | ee2468aead06205e8aaf986ba9d428627fb4a713 |
| SHA256 | 3dd397ac6148d654f8e4469234d8c71ef9a9192eb21ae6da4b9aa214b70f8127 |
| SHA512 | 3362170f92fec1e24d05de0f72fa39c120ff9f48e67ad03981e9ba1eddcaed366228159ee622af3726646c4d74a7bd88d36f4515af47213f9e0e6207c89a8bd5 |
C:\Program Files\AVG\Antivirus\ashUpd.exe
| MD5 | a205cb7f4885ebe8a20e7700b913af94 |
| SHA1 | e45673b70bc3c4b73181220ff5d4d097ab099666 |
| SHA256 | 552e94df4cf9223723b0b7ded3d32ca9ae589dc9b3a465785c927bbd1c050fef |
| SHA512 | 6949e286aa7715dd6b3a2e3fdc7aec6ee79f53f3119704715beb8c7aa52e47cd2bbe98e1d1afaf7ee09ccf4c50b4c6eea462b69b3a77d902a54624a653000396 |
C:\Program Files\AVG\Antivirus\aswDld.dll
| MD5 | 4f7964453ba9b1e3ed435c04f7585f5f |
| SHA1 | 246974ea20f6ede8af3b14e4ce13319859623004 |
| SHA256 | a86397b63f0675ee1fdd43fc8c22f95d90797f348fcc674403183b1c6503a4fc |
| SHA512 | 83d83be962b1f60a4343d0d6f50c07346f43880a22e1f91d8a54abf6fb6841e143f9e528d64629ac7c6184a5e59f4a0959556abdb8c30958be3a614425f587a7 |
C:\Program Files\AVG\Antivirus\CommChannel.dll
| MD5 | 287d41d65786202ffaf2529fa90b66f2 |
| SHA1 | b9ed6c7ab30d3465f6de565ab593b1b9b95af7e8 |
| SHA256 | ee3f3e175049736e6ebadb85c7a1dafddad94cb3e44195571d67f5935e146677 |
| SHA512 | e4b1d675bb6bcb2218db1cc5a7fdf803efdac37a61996179d8efd76d01ac0ba01378ca0e91be8fd386f51945096737c5b8beacb7d20519296972bb25e2ad436b |
C:\Program Files\AVG\Antivirus\aswAux.dll
| MD5 | c63f511f3cbadd0099d5c1fd134083f2 |
| SHA1 | ea1d7e7f15362fbf39193f198a902ea528c62224 |
| SHA256 | 4d5b93a7a66327bcd531758b5c3b60c6a2396211ad12a6e1641cc3aff47636aa |
| SHA512 | bcc47f6574eb0d6ed699eacf7786753ac951155585125cb64f34962702dd437cf771eb0b28381a3a003a63eca14974fe40b8040abd8be8ab3b008d9623cb82f9 |
C:\Program Files\AVG\Antivirus\locales\hr.pak
| MD5 | 5ab62a807b85bf1b75c741abba0e9f98 |
| SHA1 | 641b2360699dfc465a86c0e10b51b4739bc3c770 |
| SHA256 | b967887c6313fca79a82168645c1febe43c949f01e0eff3bb8413a04b590e16e |
| SHA512 | d53895053eb4aa230bf9285e1cf0fd46704a9658065f35a265496610c951d09c2436071f421217d3dbe54423624d216d357471763bbec069d3d0d938557fa291 |
C:\Program Files\AVG\Antivirus\streamback.dll
| MD5 | 64da9bbffe87921766565c0610afc18c |
| SHA1 | 58f8dd43d90f99226192f3b9c258c32c3b9cbb11 |
| SHA256 | 59cae6b57b592d851553269a4a58d0bd39222d89fe33bc2a8c5f319a1650a294 |
| SHA512 | 70e7fad45f67cc9a1e500cef5aa4304031d12a70d73804cec3072272724ce4e5bcf1340cc2565de6c9bbca3147703e127e52a4cdb9ce3f0d9074ffa5f458da62 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\update.js
| MD5 | 5f12c2430de4fd80d92be30b0d752ea0 |
| SHA1 | 1eba2e51038c3bf35eaf36b6f5847d32dd723325 |
| SHA256 | ea048ff6c5afcc8d4e0a1aecbc2b60e48b673fa0eed23e45be09874d9597b89b |
| SHA512 | 53e36c3372a4c198202ea569bb8520f1e333c53935ba83554a3f1bc5b78d1160e6e2879860ac4073a1a3f44b016a3bc6df58a8d04833a7bbd7971e96ea2fe6e4 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\updatefile.json
| MD5 | 2e0ec2ec7b094d674cdabdfe5518162f |
| SHA1 | 536ce68d8485948566e2a973df0ea43b697ee0bd |
| SHA256 | 237cad7fd4e6918a5b5a06d589753a424b29b6dd5a5516b8066cb5f5c546c464 |
| SHA512 | e9437b0036f5cb9f1f8db04a04c34381da550bddd8f57930caba59b194b0bde53068c2921f42762be091f9a7072b985e0f50c477731af893f8bbb4c249a286ce |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\virusChest.js
| MD5 | 1eaf60ead0a216e56951b0f826da186d |
| SHA1 | 65b72552d8feaceacf39d80503d9e7925469410b |
| SHA256 | 8f3b84015a28d53511a41b39fff9c497cc75d0357dfec54263b5dc563324084f |
| SHA512 | 05b24d0124bf0c01531a9c34f1d31a67244052cfeac92fdec2f74dcc288b866f96856c39a70998252589a6d0c463a177cd7f4197e2d91deddca7dbb939aceed2 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\webCam.js
| MD5 | 3d4fcb7bdff28206c7a2278212481a25 |
| SHA1 | f46cb734826e0dd128f68ecdca4e6b2d712fbf5e |
| SHA256 | 576e32f9ed316352f6472052c59dfcebb52115382dc8a064004290f9e3d8084f |
| SHA512 | 78b923d6288c6327998b4c56b21dfb285b5b45c1bb82e030ad6930ebd046df22226a8cd2a6029a2215b748fea0c935f1522e3237dd661e8629d3eba87774966f |
C:\Program Files\AVG\Antivirus\x86\asOutExt.dll
| MD5 | c37e3280cf14a736f5df2884169de226 |
| SHA1 | a01a321dc07e6598df008f5c0ec3203c91a6adf5 |
| SHA256 | b6dd1d19851797e8c95badcd9ec761fe86686e6e2514650db8366e4f001a0da7 |
| SHA512 | 464e3869f4e8648e00891fc2ae61a52c2b7ff2f8c2dc7235e00ad7d81a876e55ad73ddb2532d8b25b0d1b08e05c03380885b6eb8615d5f527f2162dbd38f9e16 |
C:\Program Files\AVG\Antivirus\asOutExt.dll
| MD5 | cf39f1a6f21d3ff65839cb1d8bdf20a3 |
| SHA1 | 877ea3686dd48046ca0b2517a0abf70f98950641 |
| SHA256 | 30f4095ac251eb5d2eb84bacfae356b7867b90d7d2d1a8cc022558d67ba69ac1 |
| SHA512 | 6b80c7d8e3ea70d717a2f96655ffe9b75834d1e43a622ea6ed2c6d888b321049cc00adb09415f618e1c9ca7dea790905d4f2b64d1d1a5d78a3138bc4d00e2833 |
C:\Program Files\AVG\Antivirus\aswCmnBS.dll
| MD5 | f525c66133935f417b93fa815cd97ccb |
| SHA1 | ada84914bbf1ed61ef3970d835fee4a4672bbbb8 |
| SHA256 | d50e4a3756b2b6b94c6758dcee88d4eaf274bad7179b411a24d410562146e22b |
| SHA512 | a5eb046f72dce97059447821f2696f82587e1a3d049620d1594198189856448510db1b009d26b7986dc9be28c462e90eb61f4229e05fdde3526b08f81026be0f |
C:\Program Files\AVG\Antivirus\Licenses\zlib.txt
| MD5 | 8041053262bc492837749777c930a791 |
| SHA1 | e8cbe20136c6d1627d40932dc4398d2053be5228 |
| SHA256 | d988d5362ea432d8c8ad9f05af876ba9409eb1ebad8c34b899fc9cc8c7ea5311 |
| SHA512 | 0f321a821b1ab36a5e60a5d5e94dc26564a2cb03347b54279b5530f7b50ab3105d537637f338553dfc4ef800d28be103ab0ca50f77da3b4627fb6d7c558bd3ea |
C:\ProgramData\AVG\Antivirus\HtmlData\Blocked.htm
| MD5 | 94aa8569ec9b33e05f3088b136dda05a |
| SHA1 | 2e7779731351517e2e6df18b313e5df28079160b |
| SHA256 | 179fcd4c70b0e5958c56387c7849e4b49e695a284b75471a15a8e6c8637eeefd |
| SHA512 | 52cc30da7dc6e6ae7266bf171e4e9c9e16c0d8bf72abda793a0f03e2889eda6171044ed65960fd2c40251b135015a0fa62132c76cf16065ef6fa47476b6d8ff2 |
C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_codecvt_ids.dll
| MD5 | 0c94dee60cf90c0950680ab6aa2c2b91 |
| SHA1 | d7051e98366d14a440111ffcd5b28379f8c67806 |
| SHA256 | ed53b64f64fc8371f8ef39b4366449aa764eaae971de628aa2b09b3a6847216b |
| SHA512 | 0cc66c7f194ddc4c0bdc9cff0709c75455a35b6c5ba78ab5d3e7093ab9388336755850f3567a93c96cc66d7376126a45ec8e0cce370518346647d1b18dbe67d9 |
C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140_2.dll
| MD5 | 1b73cbc1a51c5c2e61072729535e3148 |
| SHA1 | 52f3494af0555caeaae477173dbd7a8c171997ee |
| SHA256 | 4279fe19e9d88988a93f5d334518b204a8956543f84467168d5c63d490337593 |
| SHA512 | 9898d2952dc3cadfafdacd6d281d8e1614f6a8ca88448e52d393fc540e543f810d434e8eb74a640232f83c4ee2a07e8b37184f59adcfc9c8551cd0e061cb4460 |
C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\msvcp140.dll
| MD5 | 0d3e750f8b8882470a74db90de94f814 |
| SHA1 | cb07462263379d3f5dd89e2b62ac31a2f7538821 |
| SHA256 | 5b858fe4a054adb9461cfd12a5f3b8a9622a2eae88bca8dbd7d84a9f972a20b3 |
| SHA512 | b5ac0039428d844db36327ce6637d207ab02ad4cd89e0eac361d61393d396d6e2fff76d1007985889ec88d20e9c62ad29363b984b77d791feba588c1ec64f084 |
C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | b52238936bdf50ab985435a176281f68 |
| SHA1 | 7bd2be0808c538b6f15f20a9a1228cf4a20adbdd |
| SHA256 | 3a23171aac49453f931d69cd55f6ec742243f5835386d9e6b18efad96c2be450 |
| SHA512 | 36999e6cd50e26b1620fe24ba2dc11a40b25d1d77cc7a0337c7a3f65b16383fdb224e179392a215e6dae846e8bda6acb3e027445fd334e26e34278a397452f6e |
C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-string-l1-1-0.dll
| MD5 | 841e4ff9bb531b52218392db1d7cfbe4 |
| SHA1 | 5607c2a987436195f1e241a0b29e8fb1f734102f |
| SHA256 | 4da31e582dc47d46132cc73ad34d5b87dddd2338495ceb2772f7e103a9a32ebc |
| SHA512 | 93232073d95870043994c752318f9b319db508fff452e4aa0b8e42e66d13623803be4537e1798dd05177b7427175d989c8e49a379fd932297e161d461bae268b |
C:\Program Files\AVG\Antivirus\x86\avg.local_vc142.crt\api-ms-win-crt-process-l1-1-0.dll
| MD5 | 0444624f30e8030d84bb169fc2410444 |
| SHA1 | 05c1cd844368ae2c113585b477f91507430d72a0 |
| SHA256 | 0b87358da7882fed313facee92bb8f4e45299c63ca557fdfba1478b364575fc5 |
| SHA512 | 648a79fd30a73582907c7ca008be5ef78e6e72aa22478448721c4c5bad45a45bf76570d24e061dfae5e535666e79154f5f9f66a08746313620a17582e3998304 |
C:\ProgramData\AVG\Antivirus\HtmlData\image001.png
| MD5 | c69e876c8bc4f3bca56ba333eaae7a71 |
| SHA1 | d00ac516dadf10b6a9fbaa8b6fd7f7800511d36e |
| SHA256 | d1e88cc6880e3667b06b2d006f5fb8516f28467dd1153453c1bf954571fc4f00 |
| SHA512 | 3453ec35e83ed63f2e88326c1a3f4ee23a6b979d272243131c37bb06ce8d2467585e311a3c01198f3384d852ee9fe525434f8a6eb58b7698c0c8c56b7a8f3b40 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\tuneup.js
| MD5 | 3483d1ee8c5a46b575046a4eb9e121c8 |
| SHA1 | 356735604a5feadd410d027483ba663c97dfd873 |
| SHA256 | 67f014fee0661a6ebc998f9be93dc2948c32655254c806c2424246b8741c0f29 |
| SHA512 | 22ddb0ed0d7abedf25bf3fec40a8413772b0cb5f097265419ceee4f2377b4b29cfcb9c362659a312798194d84e6a91a57d5c0a7cd5711751ad6051d8080eac6f |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\svgInline.svg
| MD5 | 6329aa27afeab4539a57a52f04ac793f |
| SHA1 | e219216856eca739f6065d051f41b48c54453c10 |
| SHA256 | 2743e6154e938dacf15b76fac19a9c95e7a7a819c3f8eb4a9c90f4a3d482b446 |
| SHA512 | 614f72d106cdc5c5ffbf5c35da5c30d74288c4ca0392d42c8edf7c9cb076f21022ae1514ad92198fd9bbcd2e878084c949832c8c4d39ed8472d4cb21a698d7c4 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\svelteComponents.js
| MD5 | 2e3e060d8aa9909810b97339326126ac |
| SHA1 | f2ad0c8b3d0d74b5b09398cd87211189d622f0e2 |
| SHA256 | 327639129dcd9cfcc410c7947240e6804ab42bf820f8a49f6247cd0f35487c75 |
| SHA512 | c737ac0d6a787e887c4f1e02d50d37998c7ad54f63891da81a123dac7953e989085b5a63694a066e422ae7d79ce50ab4e955aff3a0cfa0dfe016578929293ebb |
C:\Program Files\AVG\Antivirus\locales\te.pak
| MD5 | facf3ab50cf9fd9a08f951a3cf3d42b1 |
| SHA1 | 44f9874dc0bf80907ba5f1189350ef741f168cbb |
| SHA256 | 3e19980886a66ca92ea762b86ab44fac8e71fb16fbf4dd13864840923c9bfd19 |
| SHA512 | 1a32a1f82d92f2db9556a50b05329415d995a3038fad7e21e82526b976e75bf171367eefad6dfab2ebf388862c5f0154de2c7772f6ac617577e61ea1a99bc7f6 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\smartScan.js
| MD5 | 4abfa0a7b8515476519e4515e4e2ac0a |
| SHA1 | 77be0d74c716f05336ed224a412a6a5cf72a39c0 |
| SHA256 | cbce45cf951c0ffaaa533376729f7c1dae749d6316cf80ded7dc6df535b022e7 |
| SHA512 | 2618dc9a488216fe3a4b3d0eee362072323ba46e5ca413fd99c7107dcdb67b76bf92cd4192a45d6f8f6971940fa488997c2903283189cc5bf4061e01c1f86db8 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\settings.js
| MD5 | 81281c0198d315bedc6a16b3e44bec58 |
| SHA1 | da2b371460ce0cd028e2b2cd7a750c0ba03ba1cc |
| SHA256 | cce58d9a9746dd052b120cdaa040d526f4aa1333a9b8cfd28f13372882ec212e |
| SHA512 | d520c4f55888bf8f30e958ecc23f79f8148d7b6f62037c095def350fcd62b824fc624d59ab98f555f0a8083f7acea02cbee34dfec389f88bbed57f57a0d33c27 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\secureDns.js
| MD5 | 5dd976f65b2fd01d6371db092395b677 |
| SHA1 | 3b5ca26682823056c25e4342c0b1d45f34e039ab |
| SHA256 | 2f63631832796da626676f6e3a5252a62bf6cec54c22c66299e0b40414c6dc2f |
| SHA512 | a9632b0c36f47386eab6f47ddf411c95edf0bfcc0ba96e05531061f3060e06798b65fe1b05c91040695c6baf86dc595d30fc874861271ef6c44fe80327f434d5 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\scans.js
| MD5 | 88148b44b3e7db83756492489c3e4178 |
| SHA1 | 4d3d41e0c26075238286db05e534e927dda582d1 |
| SHA256 | 47a5b894c884b55aa9a9e0d7061488888577d018e50c5b3a0522264637d98e3c |
| SHA512 | 64121194b5d535c0579260aa40231981a000d3e34fd25336c3dd8f24c8124d0a7ff53111bc3a55e7346eab79fc9309be7d0916b12329818859c6a726f6429794 |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\ras.js
| MD5 | 15b749017633984797238f7d34f641bc |
| SHA1 | 5dfec90f38cd0bb946cea25621fe101a59aa8632 |
| SHA256 | 8c9342e3356ed68e0baf6bd4312f0ba0b94d1e9d8fa38c91eecdeda8fefad602 |
| SHA512 | d767ed61fcf065f5d475cede245a2270d5c08350a8a7ac3c47d7d8ed4070bd9a04a7ab675f193b4504d8c6f479caf968ce1c8214845f224d102bff787d11994c |
C:\Program Files\AVG\Antivirus\gui_resources\default_av\tray.js
| MD5 | 358e8a0de7c60821a81f88aad43ed560 |
| SHA1 | 76c67baef63e91183c18c06d9a5b7583d33fd5d4 |
| SHA256 | 2375ae9c4e21153905f73a8f0b267a622f59e625c43a76a36aed84e26f297d8d |
| SHA512 | 0564c63a14efce0620b22b28fef4fa9b4a623679da1c9f8222c6693cf0085bd7c81864d4d737d61a80799a41f41475fb143e8766976da2e1c902fc3a1fdec84c |
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-22 10:00
Reported
2024-05-22 10:21
Platform
win10v2004-20240508-en
Max time kernel
786s
Max time network
976s
Command Line
Signatures
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2608 created 3544 | N/A | C:\Users\Admin\Downloads\MBSetup.exe | C:\Windows\Explorer.EXE |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\farflt.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\icacls.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\189E.tmp\mbr.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{f18b6d99-c83e-8c4d-be21-797ba405bec8}\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{f18b6d99-c83e-8c4d-be21-797ba405bec8}\SET41BC.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{f18b6d99-c83e-8c4d-be21-797ba405bec8} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{f18b6d99-c83e-8c4d-be21-797ba405bec8}\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_32a9ad23c1ecc42d\c_net.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{f18b6d99-c83e-8c4d-be21-797ba405bec8}\SET418C.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{f18b6d99-c83e-8c4d-be21-797ba405bec8}\SET41CD.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\wnetvsc.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\netavpna.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" | C:\Windows\system32\reg.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore_amd64_amd64_6.0.2824.12007.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemData.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Windows.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Design.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Requests.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemDrawing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Thread.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.cat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tracing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationNative_cor3.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.DependencyModel.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sentrynativesdk.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.EntityFrameworkCore.Abstractions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.AccessControl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Claims.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Xaml.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemCore.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.IO.Packaging.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Logging.Abstractions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Accessibility.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Windows.Forms.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbamelam.inf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.tmf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Serilog.Enrichers.Thread.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Core.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Contracts.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Process.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.Windows.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Xaml.Behaviors.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebHeaderCollection.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Classic.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbam.manifest.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\.version | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\MY | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608464951433616" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1BDE8B0-F598-4334-9991-ECC7442EEAA6}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC34538A-37CB-44B4-9264-533E9347BB40}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9442AA1-AEB8-4FB4-B998-BFBC37BA8A99}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{31BF2366-C6DB-49F1-96A5-8026B9DF4152}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED06E075-D1FD-4635-BA17-2F6D6BB0DFD6}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7EF16D72-5906-4045-86BC-16826F6212FE} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DA5636E-CD8F-4F2D-9351-4270985E1EB3} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94E6A9DF-4AAB-48E7-8A94-65CA2481D1F6} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3FCAA7C-EA26-43E6-A312-CDB85491DDD8}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{EEC295FA-EC51-4055-BC47-022FC0FC122F}\1.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CE18DD5-2BD7-4844-B9AD-DF6A995750A1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{36F3C7D7-BCB1-4359-AB71-0CB816FE3D38} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6A66A096-E54B-4F72-8654-ED7715B07B43}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{81541635-736E-4460-81AA-86118F313CD5}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ECDAC35E-72BB-4856-97E1-226BA47C62C5}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{956AEAEB-8EA2-4BE1-AAD0-3BE4C986A1CC}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\ = "IMWACControllerV13" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A0EB1521-C843-47D5-88D2-5449A2F5F40B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.MWACController.1\CLSID\ = "{8F1C46F8-E697-4175-B240-CDE682A4BA2D}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.PoliciesController\CurVer | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EF7DFB76-BA49-4191-8B62-0AC3571C56D7}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}\1.0\ = "CloudControllerCOMLib" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}\1.0\0\win64\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F967173-2B83-4B7F-A633-074B06FD0C64}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}\1.0\ = "ScanControllerCOMLib" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A0F9375-1809-45ED-AFE0-92852B971139}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{44ACF635-5275-4730-95E5-03E4D192D8C8}\ = "ILicenseControllerV8" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{964AD404-A1EF-4EDA-B8FA-1D8003B29B10}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CC4D9C86-78F2-435F-8355-5328509E04F1}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EDF63EDA-B622-44E2-8053-8877E33BB49A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A2C9E279-3E50-44F0-8C3B-606A303BA1D1}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\ = "_IMBAMServiceControllerEvents" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF39921A-6060-472F-A358-1CE8D2F8779C}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE6A4256-97CD-4DBB-9D4A-3054B0BB0F8B}\ = "ICloudControllerV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A34647B-D9A8-40D9-B563-F9461E98030E}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7196E77C-8EA5-4824-92C9-BAE8671149FA}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{960F2BB5-E954-45C5-97DF-A770D9D8C24B} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08927360-710B-483B-BEEC-17E51FF84AF9}\ = "_IRTPControllerEventsV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDCB7916-7DE8-44C8-BAF6-F1BBB3268456}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C842243-BDAD-4A93-B282-93E3FCBC1CA4}\ = "ILogController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\ = "IScanner" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{53260A87-5F77-4449-95F1-77A210A2A6D8}\ = "IMWACControllerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCB473CB-B8B5-44A7-A3E0-D83AF05350DF}\TypeLib\ = "{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1047E9-9ADC-4F8A-8594-036375F53103}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A7FB145-B72D-466E-A3AC-21599BBE9E8C}\ = "ILicenseControllerV5" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C842243-BDAD-4A93-B282-93E3FCBC1CA4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8153C0A7-AC17-452A-9388-358F782478D4}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9669A3D-81E8-46F6-A51E-815A0863D612}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MBAMExt.MBAMShlExt.1\CLSID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99E6F3FE-333C-462C-8C39-BC27DCA4A80E} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\189E.tmp\jeffpopup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\189E.tmp\bobcreep.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffea6c7ab58,0x7ffea6c7ab68,0x7ffea6c7ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3632 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3960 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4512 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4884 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4004 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4456 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3540 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3620 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3540 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5108 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5156 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "0000000000000164" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=1652 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4460 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3308 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5372 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5024 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4500 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3584 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3384 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3348 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1148 --field-trial-handle=2032,i,9768265099634102380,13020781289669730071,131072 /prefetch:8
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe
"C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\189E.tmp\189F.tmp\18A0.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\189E.tmp\mbr.exe
"C:\Users\Admin\AppData\Local\Temp\189E.tmp\mbr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\189E.tmp\tools.cmd" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
C:\Users\Admin\AppData\Local\Temp\189E.tmp\jeffpopup.exe
"C:\Users\Admin\AppData\Local\Temp\189E.tmp\jeffpopup.exe"
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Users\Admin\AppData\Local\Temp\189E.tmp\bobcreep.exe
"C:\Users\Admin\AppData\Local\Temp\189E.tmp\bobcreep.exe"
C:\Users\Admin\AppData\Local\Temp\189E.tmp\gdifuncs.exe
"C:\Users\Admin\AppData\Local\Temp\189E.tmp\gdifuncs.exe"
C:\Users\Admin\AppData\LocalLow\IGDump\ylxoxtusfzjwbpcnxhcfyjwyrmjlsdzn\ig.exe
ig.exe timer 4000 qrusmhnpfiwrshejwrwovlfncfswddqz.ext
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0 0x4d0
C:\Users\Admin\AppData\LocalLow\IGDump\ucfgokzzblkdxqcicmfbncitxfmartkt\ig.exe
ig.exe timer 4000 wxjebibcftgvedafaupzdwzxrevaidad.ext
C:\windows\SysWOW64\takeown.exe
"C:\windows\system32\takeown.exe" /f C:\windows\system32\LogonUI.exe
C:\windows\SysWOW64\icacls.exe
"C:\windows\system32\icacls.exe" C:\\windows\\system32\\LogonUI.exe /granted "Admin":F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd Windows\system32&takeown /f LogonUI.exe&icacls LogonUI.exe /granted "%username%":F&cd..&cd winbase_base_procid_none&cd secureloc0x65© "ui65.exe" "C:\windows\system32\LogonUI.exe" /Y&echo WinLTDRStartwinpos > "c:\windows\WinAttr.gci"&timeout 2&taskkill /f /im "tobi0a0c.exe"&exit
C:\Windows\SysWOW64\takeown.exe
takeown /f LogonUI.exe
C:\Windows\SysWOW64\icacls.exe
icacls LogonUI.exe /granted "Admin":F
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "tobi0a0c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| GB | 143.244.38.136:443 | plausible.io | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 18.205.178.162:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.178.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.178.205.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.178.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | api.demandbase.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| GB | 99.84.9.70:443 | api.demandbase.com | tcp |
| US | 8.8.8.8:53 | 70.9.84.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www-api.malwarebytes.com | udp |
| GB | 54.192.137.128:443 | www-api.malwarebytes.com | tcp |
| GB | 54.192.137.128:443 | www-api.malwarebytes.com | tcp |
| GB | 54.192.137.128:443 | www-api.malwarebytes.com | tcp |
| GB | 54.192.137.128:443 | www-api.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 128.137.192.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 35.160.206.228:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 228.206.160.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 3.219.207.227:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 227.207.219.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.46.156.108.in-addr.arpa | udp |
| US | 3.219.207.227:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 3.219.207.227:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.38:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 38.46.156.108.in-addr.arpa | udp |
| US | 3.219.207.227:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 3.219.207.227:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.38:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 23.21.154.125:443 | holocron.mwbsys.com | tcp |
| US | 23.21.154.125:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 125.154.21.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 54.221.200.50:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 50.200.221.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 23.55.97.181:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 54.208.193.252:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 252.193.208.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| US | 216.239.36.117:443 | beacons2.gvt2.com | tcp |
| US | 216.239.36.117:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | 117.36.239.216.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| GB | 142.250.179.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 54.221.200.50:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 3.87.85.210:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| US | 8.8.8.8:53 | 210.85.87.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.46.156.108.in-addr.arpa | udp |
| US | 216.239.36.117:443 | beacons2.gvt2.com | udp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| GB | 108.156.46.32:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | 32.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| US | 8.8.8.8:53 | beacons4.gvt2.com | udp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 8.8.8.8:53 | 116.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 50.112.144.64:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 64.144.112.50.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4880_PJGVAKABUJWHJYEG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 31c997d0c6a517179701decd2991f9ea |
| SHA1 | e31289762386b0b178ad100f4bd30212a822472a |
| SHA256 | b319cb2da4cdc2f0b9fb5c8bc6a43b3af7a30f856dce2006b3b23d43c2d3bcd4 |
| SHA512 | 46a47576a7ed8faff1abfd5223a248926695aa7137ac79256f711e4d4b025026c6c02925e040aaa9397e4b6c5e343aafe286bd20845c5003c64dbef5d2bb2a6e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 36433a3fa9f48fc22773a5c124ca3b88 |
| SHA1 | 121c9833e5be76668720fcfa22a51669c9f5ce06 |
| SHA256 | cf559e0537f8486ab77d70837c12b5ce2ca7ffc029284a4bb967ed5d01d89c58 |
| SHA512 | 1dd4043a9ab1d545f6b205433ebd822cba6252cc004052a4956c81d32a8a136e24f3ec02db537d32b2b3291e5b9e9a8c1910da4a4d7d7faa6a14211622bd5445 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | fb0552ef26f3edee5cdb72e007bbb504 |
| SHA1 | 6438a6800e4b2b9b7242181fccbba9c6e0f59555 |
| SHA256 | 1664cafcfe5d50627b52c580bea586b5aa693c0b5c615a94bee20fcd16e0f881 |
| SHA512 | f5b59c13d4ff1ca40313e3c182bbb29ddbce45b5592ab785691027b6aeac0c8d0231b0c720dd75a412e9d45830ebc431374439e98433dcfa139a73cfef1f3404 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 871501e9aa7e0714ab94237d5fc1c58e |
| SHA1 | 26cee6fe6455e948725e3db9b76b18ce8d4c1225 |
| SHA256 | 82157566be8c8166aae20086addb61f143fdb816c8d681b9a5dfb4caf4f3f0bf |
| SHA512 | b9080870fba38511bb2e34fb8b0a44c7158c621784b6983585bba28bf3ac41b13252ad27e8bbeb1d63702b2e6d9510d7d1722e67f1c853cb10209b3f69a6ab9c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 809bf8c08958f05e99f27f0b7062e742 |
| SHA1 | 5c4cf4f9260762ab05b040512e7a3a7202e060e4 |
| SHA256 | f90837b03da1298e3145784d9c298d195e69e72c9ce9fd0294269f8ecc50ad52 |
| SHA512 | 158b4da8a437b2f07288b050888fbcda5a0cc2996e804c3419ce57e5d7fe7abded352b4f93f92fc75a412d06d5089449de511f1f872da1ca07857e326cc04f90 |
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | 6107ffe4a1a1ee9eb2453ca669791ac9 |
| SHA1 | 8f69617ffd69adab260500ec25d5ae50cc49b882 |
| SHA256 | 3c68baabc345c58d95825e548a395d305775b7f0313ec42997c17870ea6a458f |
| SHA512 | 305ed565d5b61271e3deac9ab254ce2d70c031f4713c9b37212ea56ff061b8ce0afb5002c02a5252991c506d217f3f6aad439c192384646432f2ae71c252fb56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 323e7e6c91c7f9acee620313913696de |
| SHA1 | 4bf40b17446950b8912c263cfac97b7ccbfcee12 |
| SHA256 | 720e6a10b2bf51ba757af98c34753f098ddfda9ca8e1edcee7087cae92f2b96e |
| SHA512 | 58755233be08617a947f482f2b1f699273f5852e179389f93de9904663dfbcb744b3da3bb2a266079fe99edc0d4c1463b1eafffe271d41305788439c86e72a1b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ddfb62a9ab54692efcaf516271261aff |
| SHA1 | 0055320b544bd729ab647c0c26c5de5aea7c50e0 |
| SHA256 | 531f2e9fcde62f4dd1f3ec802148d2d3e00bcbe4930c2b6476f9d34a99311e61 |
| SHA512 | 62312028e5634cf872817859d42caace5a13957821e31cd61651b4366984a9421f05443ed65d191e5f09afcf9c4b9b2eff7b8dc94afa998e6e7a99501b7efe7e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe60d4c9.TMP
| MD5 | 184eb9a6c4665afdccb047dc5b69c15e |
| SHA1 | c3590bc6f332ff979438e07eb7912d1050e5f4be |
| SHA256 | 16dd32ef3dce4c147aa1e9dfda89b351db1ede035af920107075bfa07347ed7e |
| SHA512 | 98c9f6c2d32533bdddeef5cf3a307075ac5ab1643e025678f222d902709e62bac23d0401f37b2cd9b8be08b56f5a659da31f276dc8c9b901934a39df809001ac |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 318ce7db463624b3ad10cab26a16658f |
| SHA1 | 2c717efb2cc21d3ff4a40bba76a15bd58efb4d00 |
| SHA256 | 3575836ec3ca0a7f758fcba1fcf8db543d9d8d8cc243d1006773da45b7178a0a |
| SHA512 | 809ad27c084dd267ecf4b6b805df17a684e4cb17c916ecff19109288b1f90a7cc332a16774bb24ba57ea96b002de10748041d6ffeef4aa49c7e0532c8047af5e |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | a545b29abb9db951e9e2508a1bbc8d2a |
| SHA1 | 061494912b29c965638263b7321a54b9e0399417 |
| SHA256 | 7607ca2abc8f5dfe7a100ccf73d885375ec599b0648ebd964ffb8bff39c821df |
| SHA512 | e7e33f5e49570ea74d427e12c049a7f0f89f7e4d3c7c511f59170cfb166bb5dd49ebfaa5a968dfdc15758f3177d7d39beebce26e593629aa0eac630748b403f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 738f961521ea6670241aa08861531846 |
| SHA1 | 13b3ce0a052e28e836ca32c1c56c4852349e9216 |
| SHA256 | e845c1abc19f975e9c15866c9d67454db2948891dbdd098e12ede08f4127b63a |
| SHA512 | be1b98542079b1ce95c32850c353c3cb5259233c6f37b4de6ccda972b20a4fb3684e70d66a2a93e9168d77d2c5f2a5073ea488d16739f88755ae07167704dba8 |
C:\Windows\Temp\MBInstallTemp36d6a888182411efa165daa7d34b912a\7z.dll
| MD5 | a144e24209683e3cba6e29dab5764162 |
| SHA1 | ab2112cce717bec8f5667721a072d790484095ec |
| SHA256 | b2ff9dbf90cbd0c45cd7d95ce4892377ec7e92970e05f2e56b0ce93861190348 |
| SHA512 | 2c823981b53b7eb7c1b726468d3b28c234c7e555aab35e759e88d38658566d267a20867f1cb18d96c830e7d53643629a9fa313eecee8b553703086fbb64cc984 |
C:\Windows\Temp\MBInstallTemp36d6a888182411efa165daa7d34b912a\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp36d6a888182411efa165daa7d34b912a\servicepkg\MBAMService.exe
| MD5 | 8c89563b4351b2c39d94c81ec37ace7b |
| SHA1 | 4c238dcd62b99226b3ac1a67c7b7c2cc2ad1edf4 |
| SHA256 | d17e0a77d02d5875318c14af09ee900bc4bafb87a96b2f84dfc9ef7656884228 |
| SHA512 | 8f1421c8a553acc7d4541cf6d319ab97abf2803a2c0c83ac7ac8d1dc9335eeb0bd911e79a0bedc14e65f1eb523efb76f9cfea0dd71a79e43c9501c954546ef2a |
C:\Windows\Temp\MBInstallTemp36d6a888182411efa165daa7d34b912a\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp36d6a888182411efa165daa7d34b912a\dbclspkg\MBAMCoreV5.dll
| MD5 | 65dae541c8dbc3e18f1bc9150ffad616 |
| SHA1 | f9c98b9eee98e94240c425a4548aae1b5d943ea6 |
| SHA256 | 75249cc6d5ddbb92a76f6750165380eb3b6182cdd4733d8a18003b7dfc88b558 |
| SHA512 | 4f2755add2fa384d617e7bd6d5d2c793503b54a284eb04be78682a0b6cfa7e6369995ae6625bd085ba2887b5034760323dfc61c2b28ea6db91b9d17a8394e988 |
C:\Windows\Temp\MBInstallTemp36d6a888182411efa165daa7d34b912a\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp36d6a888182411efa165daa7d34b912a\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp36d6a888182411efa165daa7d34b912a\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | 35c919c92586d90651a5183e962c4a5a |
| SHA1 | 48653cfa8c7a378f7226b3cc55052af55091f5c0 |
| SHA256 | 69cbe3b65794fd3ddb7e49ce394a6ce5ec8d8512d4a5932f24417c4c7b61e1fb |
| SHA512 | ea1159f582119a37dc4f3408028a00886bb4760cc5c3b51da53f186cec81ac2aba35ccf24bb2d35aee6effcf787f548583bb41977827c3ef0987a9daabb2e9c8 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 589a48dafeb9c78b9d8094ee4ac4b055 |
| SHA1 | 0629e032dacc0335ba1e3061bf10eab93f3d624d |
| SHA256 | c39ff9286ce4346089bbeae39afa198c032ff473b480760408ffaba11f63b08a |
| SHA512 | 2fc385198d654f2e6b4928a7292c5ee14e703b987711395a2a10afd05bb1cb09f79a212158e2869c94c83685efdc3fe9a60906407dfa5abe8dd38e0b45225659 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 82c5c82505ba170ea001e54c5ec13ce7 |
| SHA1 | e375b9606af7812c6eb726c9e2c9f7fd4a0c780c |
| SHA256 | 28fcc662b4fb073d2578c681d1ff994b6d400b6c4fb26213c7d7b4101fa00b25 |
| SHA512 | 73b0290b0e9f4dbbfcc3cbf7b113fd1522b1ae0863b9298867182b0cf67ee43ba199dddc94d56a5d4ae190783fa5867e0162d7c3a82f17d421a5206a2d80bbac |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | 17412178172b24c5e570f6f13c42f4c0 |
| SHA1 | f0aac01bdd57f034d9cda7dbec9dd97c0dcb81eb |
| SHA256 | 2f2bb8b0a74e9049f4ee9dd039d81bc853fa8db3f311a799032f002b9cc1de41 |
| SHA512 | 3b9808f22e3455505da42b26d3c0c0d56cbac41fd0d2076c3363273d9e77064047d8fc7b969612a5f5c78e0588f510ddd5b2173be224b1b5eedc5e51e9e5a92e |
C:\Windows\Temp\MBInstallTemp36d6a888182411efa165daa7d34b912a\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 027bf4c7728c53b50d9977204521cb1c |
| SHA1 | 16bb9e024fcceb099c3a999c0e0a4d9c63e4d6af |
| SHA256 | 727aaef9bba52ac6b892b1284ff767eb6cd37532bcf948b4b3f85562e710857f |
| SHA512 | 088e9d3bab2008a93dc680adef910c3a628d3190e85bc3b101bf8bafcd802d2089acb9f7c56c199ffbcd3948a5b36405469f22d0e3ca7599fea3c3f4645e2534 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
| MD5 | 2bbf63f1dab335f5caf431dbd4f38494 |
| SHA1 | 90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0 |
| SHA256 | f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364 |
| SHA512 | ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 2888d7dbb9d6124bf77c341a22def77b |
| SHA1 | eefbbe0ad4b323f5bbfc0b2479c0e68cf1ee09fb |
| SHA256 | 373ca64ba73595e12c725479f98db9053db17a94e66eebabe63933d7c6fb3af3 |
| SHA512 | e2e3ef88110ebcc4ecd494a6f6215427ad47c8f7acf53dc88082c5743bcc2a301bf868c07e76b0182edf4ee6c526b164d525064d8f8082e8b7f6e6b2684ac872 |
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
| MD5 | f782f049b0e8c13b21f8e10e705bd7e5 |
| SHA1 | 5c11f955e3983c50ea46b5d432c97c9148ac8e9f |
| SHA256 | 16c450a310edbea07f578f31368f168ec338011cd117406898593e86ebb83dae |
| SHA512 | eed29c42b14ff26a030f53d61d6dc8e3971e478dc7646b26189f14f16699b6bedc170c4bcc37efe2e8f3048bde37480033b49eaf1a4712b88464f5da0efc18f2 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
| MD5 | 80202b21a6f3df9d0d54f20a381df93c |
| SHA1 | 6915dcc75d0b84e5db40656d6382cb217a1996c2 |
| SHA256 | 4217a62ea3df3bd98e40d205b4fb5f9673c340c366551adb771ff3e34e7bdcfc |
| SHA512 | 8d691deae1f7c5243d045940f7f728a874e72550859b291119c9b951bd95232980dc2a1b3c19154c723c42e0aa93747a046f747bbc305941594477a39c2925f1 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | b6df51f17a68a00239fd38b8088ea0fa |
| SHA1 | f59fbce9bae56915fee37c27d5390d5bba84e808 |
| SHA256 | 549b99fda1f873b076d100c4077db96177e1fe9938deaf68df98feb556a65450 |
| SHA512 | ac0eeef9e27ca48f4139eff5d54c46b9e094027fc75137af96028c02a9ee188c4f11fc7d424bfc2a5ef61866f72f35da276d1cb072af84c9ab8e94f1d0329607 |
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll
| MD5 | 0ea9e23809dada42b3fee0210d8c7907 |
| SHA1 | a468e990f09610226170edb07ae0e3839abff4e5 |
| SHA256 | 60d1140904e0e8b19c1d2812fe80e3b7e2e071dd4a1b27647bc6dd94bdfa51bc |
| SHA512 | b0d5e6f7e84f1209df2adbaa238e6497980a3a44a10de8b6dc38f81d84b8376b85e3582854cf4887d2459bb3590dd555e2f6cb7cdf3f0d43a4f4093175f4f2cb |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | aeba803199cb790b46389113498ad930 |
| SHA1 | 73232cea0c117125739cfb94a5fca96b141d138a |
| SHA256 | 0a0f1551e1f841ec306ec7feb742fe8f1db678c9d535045f3f7f0e047237dadd |
| SHA512 | 32cfc29a142ad291691cf4db70eec99a675f21e63d5cc6a6ff3308684b6aac03d52d75d29d93de806f73ca20eb164cb4b3035fb8c1916df01b31ac5d5f95e566 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
| MD5 | 6867cbf4557635aca16ac6fba455e82c |
| SHA1 | 41994b5169762474d9febff66ed3ece998f691ca |
| SHA256 | 26de9b9f28927dcc71c40ba623a77a7b47bace9d749d06a1b3e229e296513846 |
| SHA512 | 24fd41344211e1c95c44a4338c33e0d6c734107757694e3b59773c574ac424cd030bf37fd08fec2824e3111a52c5288bf8dd8a8900457b8749246142d019de74 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 35e0af76180b5c1cc078e417c247aa6d |
| SHA1 | 8274e4273ec1649df477bdd9db40abd6f2b6958f |
| SHA256 | 8beec3eabb128d1746a547e9c7f102aa654bf0bce8e41f8f5efd4c2c72a7b80c |
| SHA512 | 95eb20b239c847088b24566beaa5f6a166ceb686abfe11b30b836bc0abe7b17852dd2979f3f45cd10069c540d6903e43a932b9d546a3cefe4eef4ec534265e85 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat
| MD5 | 69b2f6f914005411046e456bb25bc470 |
| SHA1 | cc0370292d9f96328d4a6d06d2d53bb60243fa7f |
| SHA256 | 26f223b20c4c8311ef4562911aa2b8294b092d2b17ace5d41bec796980f0b46c |
| SHA512 | 5f51c5ffa9cc50a9eb567feb880637049e7f866edc08dc77c2eb8ad75ba49382d405f684534e8117dd1a814bb2f8cb95b97b5941b70401b1edd875e34a28348a |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 8dc87e56c2d3f5501d1b99efdfa4f5c0 |
| SHA1 | f1e29abd55bd5ea25cd9d66b3dc4c5c4c5ca2090 |
| SHA256 | 1740f1cf53d5df91effd2e78bd369705d7fd17c848d2f63309b1fd3c697fc14b |
| SHA512 | 500ce20ba957bd5ee85983483a9e3583a608efaaad264ac1151cdaecb13b8bcba566fb6c36259e7d1e51fc75e220026af4719bd4d814e69cb176bf422abd6d31 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 1633af27cf4ef4290b07350242306290 |
| SHA1 | 4fdad194a76d08715a0cefe766b09cf38481cd10 |
| SHA256 | 63f4df4edcbe3e14b240b42d2154a0612d70bf614a34555a926704e7aa0f26ed |
| SHA512 | f815b1e8df95c9534e7539d0bf52b6ea6f1c2c0175494f4aa7b4fbb3e624f86ee69167ee5b5842362d81d9e7a21db52285c335cae8c7f8969a9d77fb05b7f4c4 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 491e443bd21dfd26fedcba2d35fb6d65 |
| SHA1 | 311c7ae2d18500736ca9a3c090c15fe0b5c60432 |
| SHA256 | 93a49b5ab29ddc49e949c37b2ae079bc0041b408e50fe23ad1d0b21c837d1a19 |
| SHA512 | 700e3864f397ae0f5104765a221a4091d85b8f5be5937173d0195a75d14d71fcfe0c6eba89e8c385e62bcd7959f0ef7a30753e15b7c7e0a1cde04355c611aab3 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 1ccbc3774857f2dea798a59cf4940cc5 |
| SHA1 | 2ea622e49829729d755016c554e9cff9cb2ed73c |
| SHA256 | 154c1df8d0c06d7e6179c842a0bb2a8405b8a3b3392dd9fed58f2570ccfdcac0 |
| SHA512 | 74e706306a96e4abbe90f2d63df30b409ee00070561e671cc621c5814329f2c063037eff8bdc1d8b0f71c66d0b6e2196de109c010914f9b11422a7b690092b00 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 1585f42dd6fb934ac31bc070e85991a9 |
| SHA1 | d6a807ed4bfd4d1e49994fe183762e279c265c8e |
| SHA256 | e064c56f4853efbe2ebadfb849063ff885515bdc80f8eb197354f3d6632f8228 |
| SHA512 | 5910233f740d368cd2991a2ae9d9ae1a8ffcc07d1a19b272ff16c3de688d5d71bf4a4cdc8d8bb71cc5ea94a14c7704f1794e733d0c699b14e10e4ed8f84b05f4 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat
| MD5 | 5787ffb9bb395315bf92d56889bace87 |
| SHA1 | 50e0c67f377e7aa11a638af331dce24e58b4ee1b |
| SHA256 | 335ff556dd5eb8ca0b7a817e53a33238729ee14328b4b12ca5b8f85c30c2b29b |
| SHA512 | abdef3d70d520aef940e4d9583de57bdb1c3e2bcaf6cdb941efc0d7bfd0e342a630d921781d61f644984b00ace951f94a824bc5fd23315897678e8bdef924c87 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb
| MD5 | 4015a8b99b38a7e5199b09077e52f9d0 |
| SHA1 | 7203c5416cec486b37eac2e1c8367874aedc348c |
| SHA256 | b75fa20e09442db84943bd2073351d36620120ec6621e81700c43cbaae1a64b2 |
| SHA512 | 4a38400e3e9ca71a8ac2622938aaf9657e53c17aef7b2ba5071d8cb9f4cb54ccf6d409d6b0554af06a50cf91cec69f42ad8f4942f60ae8d4254b95cb7830a692 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat
| MD5 | 6ca7d62c0cd9d5f1142ffc28a9427336 |
| SHA1 | 7deae95e5ae365315c97cd88de746dd2a588a62f |
| SHA256 | 8d28d933621baae5fb7e44c662930ed257222caa925ecfcc37511dd6aa99fb50 |
| SHA512 | e14dcbec46b573fce037afa4d057f3e43b7a12e193a2735d058f6e9c9573d041c5b0f7c6c4c2b194bad034b8cab1c52127448f86fa27c8c4716637aee13e1511 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb
| MD5 | a33aff49866f3fa1514c7333ffcf6642 |
| SHA1 | affc091af604588b92e37ada3bdf635f9289cf15 |
| SHA256 | f58c9bba749328291b55b92f022a702581c38291aaaf92d15d0395612cd1dcdb |
| SHA512 | 4050209bad1253589c5cfe87b91190211b786f2b25ef4c8edd2e7444ae418c6d48b2f67ffbf31ea07233f0f9bfe218dd2e90870d2a95ecb4f7e5d87c18b3ecfd |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb
| MD5 | b29ee6e7b10629dcb1c862c90261881e |
| SHA1 | 6416210728d1b00a886b818bf056e2b5bf0127d4 |
| SHA256 | b7efcd96b2e93c09050eca7a97b89db9d5cd7951cd71791338c6ea3febfacb19 |
| SHA512 | 6be0ac5f96b4e3f223a7f0788f963c4fc8e8d7dba097952993a0bb657d212141fa08384b9bca3ceff74e457968ca14994c3905a4b1f30ddfa9021bb87b4d1e03 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb
| MD5 | f578b4ccea8eab70c7ea363a15b566ec |
| SHA1 | d89fe1ecef65ee891fbc861636356a6e73611a5a |
| SHA256 | 3e5126cd8c07a6eeed26bbd58d900d0de5694c21d6263978c0beccca303ab557 |
| SHA512 | 30429b67b13a8ba07972217a1992636150a838b67b9d13dc839cefa3d385c2f723497131429e32ffeab21ac3dc1384331bca5f23b7e302eb40ab6cfbc6a77a80 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb
| MD5 | 547ca0b18a7c81ca6956596171fb1eeb |
| SHA1 | 6e7168bc68afc1f2f3e69e35f2f5b256b4d1857f |
| SHA256 | ce982e9b01f868001490b29f5ad55518693b146f12bbc96b633949c1c5699807 |
| SHA512 | 86099ef299db568a06450bb5963d45c1e609b1568e8e7070e4c925ad19aad741c23e269aae783e6603d32bec9b097ef17b1153fd31196000fa8214f89b444754 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr
| MD5 | ed2649a9ca45682b0592a0fc2970f21e |
| SHA1 | 9438b14aa6fa25197c812da7e50bbdc72c846cd1 |
| SHA256 | 4abdc5cf215336291adf47d8f1f77437125477ec100c3e2941afedaefbdff9e7 |
| SHA512 | ebe6772e0c9e2ec2d0925604889120bdc5943a7e0cd222251ddaf7e5cc4b8cb974097877a3665b87c69e56c0fe2fa5384b20ce8fcc63ffdd03351af6911e0718 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | 20d70c6e04dbf14c01ab2d756e97854f |
| SHA1 | f172c8b8c0e87d2a9ab064513dce004d16d03e0d |
| SHA256 | c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24 |
| SHA512 | 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | 1bea85f6f77b365122fd5f51b10777e3 |
| SHA1 | 2431dda3ae3310739fdbc59a1c40aadf5b0c5e2f |
| SHA256 | ebb6bfbcb66f79d34e10c57e70b26aee5f99e11207e6f103c660b4c2a005f771 |
| SHA512 | 01402e189787bb653c14400721acd55ed2ae78f94c4ce9d0c9b9fd8a49ee504136bee56deaf24291e0594dfc73489a973d54f2e19094ea21f061cad2daf35460 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | dae49bcf0ebdce6e248ec9804db75cfd |
| SHA1 | e5e5588bfe30793668b99f8d8713e0b446f6f234 |
| SHA256 | 53972953a92860ccb9a6a03878eef2c48245f5e5b49adf3fa0f1c2f6e67fc12e |
| SHA512 | 45f957cafa35fa60c0777df4b248d72b0a1045822d825c4eb59ffed98fb4222f3f3133fb7af422718169f02bb61aa2634dd743eec0a7f2401b25bc6731db8047 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | a3fe79081a59d493c01b5c1139babdc9 |
| SHA1 | 1505cb4053bcd9b55c40227ad6b62a2457cebbdf |
| SHA256 | 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860 |
| SHA512 | 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | 478df352bc79ef18c258b53f662b0885 |
| SHA1 | e80aff69534545fa437074818da66c5b06ce85a7 |
| SHA256 | 95370683adaec8d785ee7368d590cac8de0e7add72c88c24aaefcbfde9ac1826 |
| SHA512 | 1771d6d85614369c810a52c2044b4e8b6014fe4ee62c1586b28442eafdd0db50c9d514a3e0c94cca2a2450da2fca19ddca74608dea5ab0edf87a7d78b34685bb |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | 71c2939bcb601b29868a2549fc22a827 |
| SHA1 | e4065e0a62cd60915ebae2d510830f50b3a4c266 |
| SHA256 | 1a2348213858488dfb80c9ae5ed650352879a9593c776e56edea92ea1c1e146f |
| SHA512 | ba2f9a22a3be1f470dfa7ea933eee04d4fcd5c8b38b0d2d3ed38d197e5f3aa3ecf3f82fdcd11aad34bb427ea39ea394220ba1a628c6aed3d6c80289b795b1028 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | cf4cb0946d979dc16af03a74ad7df00b |
| SHA1 | 77dc553df304108e646029d759f59cb699a82c58 |
| SHA256 | f753b32b6e277f973baa59b497f5bab9c6f841d7443553658fc44685082c974e |
| SHA512 | eaa63839a93c25f226335817e3dccb8269c53011523569b96c6edac39be43057a4c2b5f274d5f9149766d42e3fad5c404a44b865c309e21eb99b93708bb1e0c6 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 6a3392bb1ba755726b2e43d9f627e268 |
| SHA1 | d448abb04d63ba00c7a3e0e5910ec9bf243e9a41 |
| SHA256 | b399cc5c488a1e823a89ec43286a05ce98bf7207368d0cbe9564334b9b7bd375 |
| SHA512 | 89f905a0c2b1612a84aaf9c21f008e1b9618e1998bc132af6795880f8f916b53eb69cb613d5f45d10e00384ce99e1500af0512d8dc6df4d57ca978b9cde738ed |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a81a63b3bc7bc3e3cc4168080b9e2f03 |
| SHA1 | 099c46e2c4985592b19a6710d28dbdcfb6a0a94c |
| SHA256 | 07b0b05229842be8e503ffd7fdb1c437e627da6c7ea48facb873c780d5732c5b |
| SHA512 | 06f09e28125b2b26e7be2bd1cb8e8f80718c2efe497781ee0ee19d062754a834bdfc73bd830bde557052e6c6cfe4e4e8a9ec345e1f399dd28192fc493fbcedff |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 75736293606848efd8c8672e83321ce5 |
| SHA1 | af50bd239e0cb944bd1f60cf1ce78f26c1f03268 |
| SHA256 | 2313adbe41355cc9df5e7428b81b83b0932b16f65daa2cf8960bd941b42690ac |
| SHA512 | 4ab0de7b23c7f7da1a9d56f22d9264790f7e3290711de3502b6d66f70fbbb529d82d08e548b7444c2a26a2ea561741ed8e7f61e5ee39d00905296d1ac198366e |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 1a0a39802009f2b7fbbf7a15d0b22f1b |
| SHA1 | 16c72cc02df568dffd6eefa97932e7119a657698 |
| SHA256 | d24cae8622a31b18fdcdecacc26b24d1972534eb54869a508d69dd24597fd9ad |
| SHA512 | f1386afcdc487cc86719f91a1c3727975a4aafa89156de65dd68df2151fa3b6b44bd2b75c3e25579d8687676d15572b0e6a6ba1a16885418f09ff71b9bad6eb8 |
C:\Windows\System32\drivers\mbamswissarmy.sys
| MD5 | 4b2cc2d3ebf42659ea5e6e63584e1b76 |
| SHA1 | 0042da8151f2e10a31ecceb60795eb428316e820 |
| SHA256 | 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c |
| SHA512 | 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 7b73550016a30e229dbe99dfe99e6ee7 |
| SHA1 | 80a4fa567f0b52d40dc0bca2a1414fde3466d785 |
| SHA256 | 07e6c962eaf8abe2c08800f648d916204bffc3f27ad1ecf8908cc3853b407200 |
| SHA512 | f59b592f1c4b45a030c5d308e63ec17019166c4300cb0517b8e33b36d77cf8b45bc6d49750ff04acff34030a2f219d37b9a33ef80ac8deefef377a1eebe771d6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 1faa5d81cdea37ab7f9f71ecf621068e |
| SHA1 | 3def1252120dfc2da086e6e2731587126c8de09f |
| SHA256 | ea698d414baaddad26f974b9c1f5c0f1ceb6651c4803f15827e6e0b5065d8a73 |
| SHA512 | 7776f32428554d3bcbb43d59b00847e2982a4cd47feb838df56ddf738fc8e5f7b7c4673592ac544f3f06a9f3db226db16ec0219e5a73edaea64a1750b21b94ec |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | d2b74c69f694c6282370fc81a11aa5f4 |
| SHA1 | bb4b49705cba25dab3c524124edb843e39285da6 |
| SHA256 | 360967e623d8c74d4ce9696b1928dee551cac3a33ce0f925a364f6f71d908090 |
| SHA512 | 605a300612b50c9364a0cc9d1ee075ce326cb8ba116c0d6bd42043363d10bcbdb6d96ee373cd50734a05695d40d69f582b3bfef98fbe172f5ea2b7cd2d6d43b8 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | dbd14a722a924b03bc038f62e2bd88f1 |
| SHA1 | 699f3a9bbe99ef60707ac21fb8c01860589eb801 |
| SHA256 | e24517eba7eb08664737cf57debaa22e20359b9a6957153a274c12b8f7cbc0f9 |
| SHA512 | 4645cf6ee42097c5f378893644d6c3b9df6f233dba13749b21ec0484d5f54a0ddb38f1131491edf8bc45aab03a8831416622a76983b804ae0855901ec21f37d7 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json.bak
| MD5 | 7c6ebb4291ee164cbe49f81b6726ebb5 |
| SHA1 | 654e2b8860070bb1059d97192d0ad1eb452b2b2c |
| SHA256 | e5081947ac65bd1d081f9a434e0ac6e106e2d3dc16494ae583203a6e982c573f |
| SHA512 | d98e281bb344c319f74bb25f47a1f2e178e08294180d251951276cb3348ce0f2e9fc6ae807f1a461e3059f81ae11f627670c6328b4951616af465389277fcd3a |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 059332640d6b09b3735822937ee9a114 |
| SHA1 | beec332b00b068393801503ce30cf7affeacd020 |
| SHA256 | 21bc08dde732876b8233c26c91913deba44c0576b57c393bb8ada1285e74f9a4 |
| SHA512 | fe9315aa4be17b6120cee4f223a8a5d2d036e54cc7cb41ac0b0e4de6e822536d6da20b0e0100d2be92a7ddaad896c437a991b41e0473d4f8b28597f3b6f3a1f2 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | bfe637c35588a2ed0f952897d1878faa |
| SHA1 | b7fbaece1a03e9157eaee0db02ab96295896131c |
| SHA256 | d8157832950ac053fd0789eb75dc9c509c3f26fd2ae285ff1a7d553a02cb7c88 |
| SHA512 | 77dd81fa7ff650f14e2b7e602420aedd3c0e05886f9ffa30bad97b893a55f9a655c14b76c88dabc57e2ec111facb3cc39e6cc6241ba8391e586498fb8bd47283 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | b8e8146637ab10c2e5b58f5dd21e4f4e |
| SHA1 | 1e91bcb4461b44b827dce2f3dcd55c2a94188309 |
| SHA256 | d3ff06f565080978e751914decb70c3c2a3026a8d1f7f4083ed2fd9a370fabbc |
| SHA512 | 926a60b4a9a68e233fd36dbf1845ebef6370b9e2ef43c24f7e4b975d0a28bcf4cd74e02a6ed600c4c4f48abb118d99d6de91b070fc550b6565e541a5ee3af472 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | b080b4316e84f8c2de3f410ecb3e599a |
| SHA1 | 28c34aea53aa9161e0af1e15d518f7e1e5e62eed |
| SHA256 | d3010a76a74400637de072506468e80bc949e77349e5a410465fb3715c8e782c |
| SHA512 | ae32ce04a492abfb4c6e576ca4d4da59a50bcf496751aa96a7b962400218b6e4d01157c0fdb86087850fff3c4a706733b77400a19322ecd63e5203da00e8222b |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 8e9efec7c671999a88de057cd1192d0b |
| SHA1 | aafabd48455e75e0dd054e9c8ccfe752e79a8cb7 |
| SHA256 | 505ac63cf2509cdb3a2d1d3c5b357f55aff2cf808d87561e504d53d054620e45 |
| SHA512 | 4befcd89f5cdc32855beca9d209e026d50c21297d37ad2024b7073d138c59a42869b3b39d6935b320faa298f6ebf9160996be6b0dc656e297f0f6c920d37d273 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 60d8a4071f8c7d8ecc0320f4699aebda |
| SHA1 | b776d7442e92ff60e68eed0cd3b01940a117d02f |
| SHA256 | bb750b9af3f3110e9a708381f1637738940ae540c8a72a07edda1a0f7305a850 |
| SHA512 | b45ae4bacec75a9dadc3c93dfddb904253bbe68bb67fe1f6cf2a2043935cf245af6e49da9a589cbe354a351185f6ffb64e5d7099f4eb2006e39712d95860fe10 |
memory/2488-3427-0x0000017952240000-0x0000017952460000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | af06c162468b26f3061250ef95f40334 |
| SHA1 | 9f0200b8eb41308b83767e21f71bc877fb19c134 |
| SHA256 | 68185e476fc749c565702b136e5d1f3056fb053ba44c8d186c70dd14f85b4e48 |
| SHA512 | 301efafe35f1958869ad28d99a8703dc011f162c849b43d5c29ff3917aafef6478298267417cbe598cb5f77a6a6a29f9ee28bdb948ea21f3e525011d8e8d91b4 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 966e435dd44158b473adb5b525f351dc |
| SHA1 | 4b147a3f181d9914771a6eb780a2b392182abf8a |
| SHA256 | 0c5801daf15efbb45080953f19b206d74b4ee881467e34944008eca6558ad8d6 |
| SHA512 | 65bea844642335d52e34f9255a7c32ee5087c73e436898a8c6ee1ae2d3dae71f63abb076404c42f58e6545959f703fe2ea567495d316a7369e1cc47e9da35a42 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | b4c6b3ad5e8c2b87039487355fae0613 |
| SHA1 | 64cd5452db9f8aeaf0c5109bda5ab4c917fcc97d |
| SHA256 | 5d06466ddca0075071f11148fa3dfdd52a5fc043456847273a4d638f3bb0d7ae |
| SHA512 | 0d9b93c60f019d7af1443d81573a3be3c8240fd261669e14906cd5873483bc854a25637d1895552f33f8f8cb5049422fc58940bed44649edafe9f28d7d3bec91 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 5457e0ad1d2cba64dc78ee42888d310e |
| SHA1 | 08c05274ea0cbe27eb45c28434212b157313f6ee |
| SHA256 | 4a1f8f89dac3b036676eb41f3c3517bc42a603159265b9777196affc0bcc2c16 |
| SHA512 | f872d9c22fce854f81227d8c7da516ece896a9ae7316f55e6fa2d3bd8ad7ed4c97306f5adcdf14f36954c1822355ed5c5e5a76673dff756b6367c09f7a2107ab |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 6f61cfab705fa7ac1a41f9e2ba43d01b |
| SHA1 | 5815bebbbe537edac2cbb301ee5e35696dc16fd6 |
| SHA256 | e5f318daa8f4b878bcf3b8a0757aa010d207b5977f2dd2eb1f2e1adb22674844 |
| SHA512 | 0db9580a8d6abf6f1ad73c593105b1d6c0ffad2c4e1c0e36c71deb95e070c8eed08adfcabf021b2279b6e2abe869229d92311c6d07ced37d1b1793389815e787 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 713fe584af31b916893cae04b5dc2f1a |
| SHA1 | c14923036f886583f7bed4dee2b5d99f8a7bf6ee |
| SHA256 | 42bc0305c54aeb4fcf6cedcaa9de48913a3e60432aa1a11e7d09aba692a96da3 |
| SHA512 | a4cb161713b489c05c5005e726f9e725112d594f660e9b88704c4ef2055287894892ca6ebe3bf5a3eba26153a70111f0efdfc0c4235c25de97c6c7b2b6e4a891 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 35c87be0552084331d7089e4d98b791c |
| SHA1 | cd6c832f38e5cf42492981f9b7afb3c0440b3245 |
| SHA256 | df842abc0fb3524af1147adb0af5daf628239c075823c4cc24a5ef3ff30ef574 |
| SHA512 | f6d00c61b92cb34346a9b41b8b26c0d24ed3f4481c2526c99a0b85487fd53e0951d84b120e25edbfbdf947dbc06f3bcdfe4e3d29333d5a84fd2560ef3afcdc08 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 278884e540714f8203a40dfdb107a2d7 |
| SHA1 | 3dcff51da3559f751bf3c02df601594dcb8c4e8b |
| SHA256 | 958fc4bec16dced4a0379aee84dd47cdad0b3b0b35d5e69a7ff2c5a51949285b |
| SHA512 | 302071309f506f9c4584610079f3ceeefd6983900deffb5d9f6c2559d6a00366c3060b27ed05a96527567b3e7af41e7c33ce5a03e53ee248d9f7813e4ce6580b |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a542bf926d728bd5e4220086f40b4e14 |
| SHA1 | 483cd8fa690b8553cc158400a1d79a163c17b6fc |
| SHA256 | c988ce90e58d95f39e27b0e574a1538065ba2140ffb8fab122d35ec1ac41e6c3 |
| SHA512 | 3f06959f5c636eb8f522f308b3896df83e56d4ba726cb3718632ed3aba0931480f7b1d1f608928d16563fbace371d7b6489514334a774c33832a2831940eccc8 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | ef356c49f9dbbfa13365a3fda7dfdaa2 |
| SHA1 | ac5286b5570b83b733f5833e92a220e2ceb0ef7c |
| SHA256 | a507ab3164163a52c2039a02a1f5b7ab55fc120b1c1aa73930184086bcc5597b |
| SHA512 | d2d88333f367d0ccefca84b4a24185dea257b30a15c28ed26b00f04ac90b3b2c4e4c5c42e4bdb97e07895c4a5f3d38786fe811d3eb04bc10a1a4b7a55795d8f5 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 97a18534dfb19fdfef3fd5d7e4b7a348 |
| SHA1 | 9d9e12df998a251114adc934d137a059b3b7bf67 |
| SHA256 | 150297b513ed7197850d4fbc637112c932b2979e92bdbc010dfc31cf055eb0d3 |
| SHA512 | 6045e08ab0fc9ac04d2fce595683636dc61d8ed68757a6be8f2daa61f2e7a32df85de9e5dd7f7a8ba03c1790afb2b91ce46031ac5d27d131cc3b946def40d395 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | add5b8a47e8d92e0fef394e7a49018a0 |
| SHA1 | 3b76ff4c1c5e1f67c69091f2c230eaac23f79ce1 |
| SHA256 | 868cc95edf71b9d51577c87643ac2e9d50b00e13901f1657d6978f441a287e36 |
| SHA512 | f9c0b9efa7f93b17542d410b7007158b25f9e33f6dd7369b2b9673fd46d1cb3aff9cffa93557c49c0944905f03586087a5c70ae7d23ed88307fe101dd802bd4e |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 7e70d120974162a04c639c4ee0244642 |
| SHA1 | b33c05976ac85536991af9756e4fe98b795a9213 |
| SHA256 | a3b2ae6f410aeecb71776a38a43b2b27b8ea916b5098f32fe53bd5ec370d7cbf |
| SHA512 | 068a02b975db3b1081e98f1fddc547abb24fc96bdfa54158a2700f8c6ff9d6621b238093fd19ff015c930d61a55e63e3b7bd771948a849c16936578f15af67d1 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | bb3ccd9a5e5809a44ceb74f2450e392e |
| SHA1 | e344a4d0585a01673c6acb59575c37e65846f405 |
| SHA256 | 4c3529eea03e8001e24f4c7a2f6756d1db469d44f2e6122ebf91c147e1710a7e |
| SHA512 | 2a49e7b342abcd5bbd7149fc052a2f9d023c3a6ce6f04d8b9c07d7814394c0fca3073b41a7d148d269e66cf4e753ae2320dbb4b55e7f6d158d14583833a8fed4 |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | eaac9032a5151ea0d7b74ae4bab32b35 |
| SHA1 | f2c1f886868f6b9f78aeda8cf95df5051239c1ef |
| SHA256 | 807379fdd7315c29bc1e96ed224285ac5ae0226bdfa5318642eaed6bb0ca3191 |
| SHA512 | 91fc6c387ee270372c401aa27aa399c5f6091dbcf1e94058c88e5edb473a7876c9de632cff5a4d6479a2a9bdcfb499c8ac6cdd3bd954b04db89685ccde0661db |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 18ad5de39c2c2386055f508903036928 |
| SHA1 | ac94d7a315d552fcf662ea906d555756d554814c |
| SHA256 | 59ccdb82107f1f6fa9e5337f10bb85bc2c3ff098abadc1e3282e3c745b6bca28 |
| SHA512 | 8e711a65c24bd22f9532bb36b2ec295ff3420ee2645e403f8405333d430ed5228ebed0acb37243ef1045761d02ba851d218bf98cd71bfed383d0376031d4ff56 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys
| MD5 | 9c4bec17ba2add58348045dbc762ab67 |
| SHA1 | b00ed0ca3634a93a23f70e79bda67c945dc915b6 |
| SHA256 | 9c3b11ba1d4e462d9470fa0b50a61fde9f00cf4adfafd8e8b19f1e8af369cdd6 |
| SHA512 | 6aab0e3d3c189c18ea6540d1736b64a518958c62e1cb0a2874826f6cfd76e3a06fdbd28ae0b81e2fc8fc20601d00d804d86fe9887ab6919dd8090a696fb52b31 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf
| MD5 | 358bb9bf66f2e514310dc22e4e3a4dc5 |
| SHA1 | 87bfc1398e6756273eee909a0dfb4ef18b38d17c |
| SHA256 | ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17 |
| SHA512 | 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat
| MD5 | cffd7ecf8765733aa7a2c36ca5f1eac0 |
| SHA1 | 549b0974cf92676a7589466a3ee29e1dd45afa6d |
| SHA256 | 89c561a58d649d5f29fe1c576ca46245780369845df32045a64739b4056d8bb3 |
| SHA512 | 47006f07c3270f358ce67c235739ebaa17b8fbd9a05da9f05a079322a003f8e6d704d3c5353e1a186df74b1bd6438526f6701a0c173563d676846c0f0f230be6 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 2bae480ee000776ee968945852b1397b |
| SHA1 | f9a63a484cbe40e8f91dedb0f0a83eb7686f1f96 |
| SHA256 | 99024dc61b3f0d13dae4c5f41e8b758ccfdda804d7a9298622659f070f9adb1d |
| SHA512 | e1c2548f536c4394a63ee351870b09921513320c88095438aac44212f59a77757c5c9cf60c9597aac2ba0d70bae450dce13d49e20ac8cabb4beb3903e676d11b |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 4f7fc68e02854703106b4fadb5277602 |
| SHA1 | e7db966fe5b26e07bf5fce44a37f1a595d855742 |
| SHA256 | cd95e558fd2e2e2180b07ed24983ac2a3f8cc015102d55fd953f8fbe1ec0e489 |
| SHA512 | 5cf19dfeedaabcaa8a2dc5167439cdb3b2be787e898e9e21086a90a25d3db715485184896a79530a92af83ea0b85124f00ed243eb3055e41350011823d1148b6 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 9af97c17fb3d7f14ffa3a4a92a456c78 |
| SHA1 | e1c6b019e1f8904ae0729ceae55c55f104f7eff3 |
| SHA256 | 692389d4325b6515247410561633467f1c4512b76e8804adcde001e6a281a321 |
| SHA512 | 55481875ea193eaf289ab0338ff588b22a83dc4053ce8004ff72cff3f7ecffbdb4b920671faf481c0d8c9f51c6914268b33464efe355ea5cdb9ab6d03135310c |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 35abb6e1e18bb14d4ce88b86333654bc |
| SHA1 | 7105a0f153b3cf824067ce28434ccf6fb41223b5 |
| SHA256 | 33028f2a571a8a3ea524ab3674dc413094e98c5adc4bf6ed7827b31c65ad4d76 |
| SHA512 | 37943769703f93d6ac3aab632cd6d1af02453a517888819925da719ac7c8afdc11949133995fe140f13ec107ca6cedc227dfaabefc0dcd297ce1faf535a904e9 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 64d0ed902b81ee94e9e20278057306db |
| SHA1 | 731ad4b852bedabc32a72086ba6fca6eb9668f68 |
| SHA256 | 38632c7e66a7bb8f857d844ce091823e05286335cfbe34e3d5b15a603a277f9f |
| SHA512 | eb07fc3132aa4841f9559b772d2100dbf9b01d7206dfa0f1775b1f75d80ebdcabc9a801cd0305607a55d6b2728d977aad31642799b9a79bf0714e09fa0f46235 |
memory/2488-4422-0x0000017952240000-0x0000017952460000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 9f3389877f6f5ab0e848d7cc50c8c61b |
| SHA1 | 97a733b3d1ca32435472e730c1bbc3e65cf7aaea |
| SHA256 | 2f5e0c2f240072f8da3f218e8badde428dbd4be907f4188f28a0f8f1b152f1f6 |
| SHA512 | a569c3aca0e4ac92eefb5f7ef3d3706305fddf1056c37bb9a1e5d1370fb6bfc98539cfb1aba52e4bad684660202414bdd22054a2650796d4c3c83f4fd66d4e4f |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | aef40e9e7ca500f8d23f53a9b7b4fd1f |
| SHA1 | 9d6c9f4c18b6d57e43f26bb2593c11264a1eaa41 |
| SHA256 | 8e66264dc7478e517b72af31ca7a308be15ce7dc9060e5f0488fb186ab1220b3 |
| SHA512 | f6857b87a244dd68ac14016bd6e25e31d45b1b00fcbe70129dccd33ab8db1d01d4c31651f5f7c08d237c76c0291a35e262fc7c25670ac11166354841272e1277 |
memory/2488-4486-0x0000017952240000-0x0000017952460000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | e22ad8a37dbea143896fb50fe87215da |
| SHA1 | a59161873486c5596b65057780e2994dd6529fe3 |
| SHA256 | 2e8f3e824d2574d216f0fc36fe529d76af94c9f18eb21a109bd64aa76a11ba3e |
| SHA512 | e932ac9701ebd48978a83d0e23fbe53de779a7fa98df56674412e076e43de82e8905e6fa22ade96ac55323fc98b00e6d2405c82f12339322d3b378df05bd8389 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | d629c50925d69d530472b4691dcda93b |
| SHA1 | fc70cba7ba79a369a8f5524fad71093a598dd54c |
| SHA256 | 625c7a925903b9c17c826db71d8e71de49b19995db7ed4b1acb627c3024903eb |
| SHA512 | a3896903f800e4bdae6bfcde488c7d22e2b19d733267fa6c501e7dcc9fa27b3c21e47f1e86f829c6862e1211e1c5a242cdc171f7847fe5adcded51dcf291c84b |
memory/2488-4510-0x0000017952240000-0x0000017952460000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | d9c09d6edd120a628b44f18e7cbc7943 |
| SHA1 | 042bace026a7a011d0ad21a340d99ecfecf330f3 |
| SHA256 | 9feba1c63afa1a517fd529eb5db74371703ea72c412d941a7a9a2bb17ee16c59 |
| SHA512 | 20b8eb63103c6ca46d3dbe4f531ff4892d7bf392143edc858d5a35f538aa4b4ee73ab4cecefd0d2f52bfcc0730c2e7313a6786cb820517df5e41099267ef9acb |
memory/2488-4530-0x0000017952240000-0x0000017952460000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | cb96b58b1647df9580a811b1996d660d |
| SHA1 | 084337359b9023733416bf894916a2edfdcd4fc3 |
| SHA256 | ccee7a6ece06e22cb0513a23731557951903bbdc13cb9cf027e214c455e68667 |
| SHA512 | bbea6a968393c97462589dbb0e45c34707c4a27d0f3f00099bfc2a56bb1a2437e57514c2bbd4af3a20ac09dee3d5111b149aa3cee8e34f56cd3d19319baac059 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 09e51397f726b120e447729c2cafc75f |
| SHA1 | 63a3a2fe914740d0c3f66f0b356d668fa5c3dee9 |
| SHA256 | 9a2660fb83b2edd118c1041af8982fb08e77255ff8d881bbdd34c0548cfa1e29 |
| SHA512 | 823fd3ccd9da5c16c54e52de217de8d128e28c876b76430537d973c5dff3448c9a7b4814bf433379687e6311711d6b814fb1ef6552e81b97bd9b439f20a5b503 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4fdbd253f754d576fd77e59fe780df98 |
| SHA1 | 2bf90cd36355df26b5b49726cdaea85c391ea0c4 |
| SHA256 | 706c5e9444228580605461c2ccd7a4fb404ccba47e57945f07f494674002978c |
| SHA512 | 025d69c6117021e07fa1c6b6ccd6efd9942f162c8dbe3ef95166ce626a8853bc3cd2f8ed6c9ea28112ed8ac7d67096f119c5bd0fb874ecf9bb1f4e4944f985ea |
C:\Users\Admin\Downloads\Unconfirmed 701988.crdownload
| MD5 | 8f5a2b3154aba26acf5440fd3034326c |
| SHA1 | b4d508ee783dc1f1a2cf9147cc1e5729470e773b |
| SHA256 | fc7e799742a1c64361a8a9c3fecdf44f9db85f0bf57f4fb5712519d12ba4c5ac |
| SHA512 | 01c052c71a2f97daf76c91765e3ee6ec46ca7cb67b162c2fc668ef5ee35399622496c95568dedffbaf72524f70f6afcfe90f567fbb653a93d800664b046cd5f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c4685edfcb5737ec9844d86f6189fc3d |
| SHA1 | 9b87cc505f700cb935d634461f410f109249f282 |
| SHA256 | f0cf7687a88b82ae1deb70e9437ebb7baf714e748087540432f58bbb781fef66 |
| SHA512 | b26e000e258fb5ff7212d72fba36366d82bcdffb644e765f90c173c5927401b18280cd76a6a35851b9f54e925dc8fc77945fc6caa1ae1c5cf3d0d24215e4e1ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 654e62a0f62d7bb0dca404673a29870b |
| SHA1 | 268b7b27e564f71185a50f63185fea1c99b78086 |
| SHA256 | 10ad166c3aa95c39054bda3c6d83c28097f591af041540b221bc198415634114 |
| SHA512 | e830263c4eeaf001839cdc44266c62e73554eeb47c3b783e71221bfd577bce36739bd31b7a735583f1dcca70293b9cbfa3dc2616d0580c2f122b7b2594a79bc3 |
C:\Users\Admin\Desktop\YOUDIED 5.txt
| MD5 | 05d30a59150a996af1258cdc6f388684 |
| SHA1 | c773b24888976c889284365dd0b584f003141f38 |
| SHA256 | c5e98b515636d1d7b2cd13326b70968b322469dbbe8c76fc7a84e236c1b579c9 |
| SHA512 | 2144cd74536bc663d6031d7c718db64fd246346750304a8ceef5b58cd135d6ea061c43c9150334ee292c7367ff4991b118080152b8ebc9c5630b6c5186872a3a |
memory/3404-5024-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 0354ea8693474cd8d598cc6cc92dd175 |
| SHA1 | 17de88fbab65e679a0ce0f9a05909160548ebf55 |
| SHA256 | c7984eefb109fe47180a99c92af9b44502415cecfc71affc9a22c5a51224f82e |
| SHA512 | 2be55804fd5ab88be998c4279c3ca49743b426a2f3b0ea360db4158eb0f5ba2c3ca087c168e8c5cb761be02bf45e64190150dc02517dbcf11a2045980456315f |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 0c6b05821c248874deec5a7e072a8e46 |
| SHA1 | 8e44c02c9163d157eac3b6b52b9b7fcb2b414bb4 |
| SHA256 | 5895befe76ceecc5dbc04367afb8020fe1dabbfa9964918cdefd51d8010a01eb |
| SHA512 | e7208d95730c8dc03908fab8e5740dcb900dae745c409553f1b9e3410f8855f52e1240cea10e6dbc19845f8c3a9b2867c98c2220a0b2594864d474aef87f05b8 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 5c4b6998682070ad73cd246eae251ccb |
| SHA1 | d4e3eef6332a6598e5d63741f3407574c7de5f5b |
| SHA256 | 54e0e90cc5cfef91ceab363c6cad54c7190cfbbecf6353181779938a3f8de8a1 |
| SHA512 | e1f844ecb631b628ff37068ef474b070e22c5be6453c77acde53e886b7e9109f22d09748a7902e64237f5cc9d05818080c0bb5697918235ea2d4ceefb68b8524 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 561d04716812d10fa64c3e47116f923c |
| SHA1 | 9ca69f3069df6ee0b7f2a13e882e08e726ff98a1 |
| SHA256 | e6e01e39a35db626a0978908be635ae54c8a81d7979f3b97555c30cf475f4fc2 |
| SHA512 | b8190584dd868293137a1e1a06c98c1378e45db190c0b130739b88b1540f490f2d17c6feb08b8b5df031e0dc771165e8c8ab9f42aba8f9402870376448391631 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | d7fccaaa00479d7c0d1924870213772a |
| SHA1 | 73db951f1309d0198d11eeae2d31adaf650e74ef |
| SHA256 | e7628ac2f2ec739f6ac7778aa8ecd9c174e3a3a2dbe8239f3ff6635bcd848e4a |
| SHA512 | ecc97ad624cccc47fcade65e332a4e3216d1777da01764749ff3cea9fe04bb0e6f28183aaba86454b52328f5c86be5c8b5b80ed81e015ced443e25be6e19809c |
memory/2488-5071-0x0000017952240000-0x0000017952460000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | a81fb74fe9bf951789cbe9837205188c |
| SHA1 | 709d486284f0bedb61105bbaa2427e1bdd0ea502 |
| SHA256 | 67a77a53d09826dd64183a66b6e1c9d39d20d46ffd559cb3591b5f1c5d16b73b |
| SHA512 | b42a4d1005c54979eaaadfd2305c91ac978ebd0aec6b836351e14a267007b4a1b35526f4188c99532a48c24581008d3f60fba59ec5c3631e52c17ecb84b38a23 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | b1e8e4538e60ebf685f531c07db1eec0 |
| SHA1 | 411e579c8842616d06e6c35e19373c4ea3a00123 |
| SHA256 | e0a0eb06db08d48e9bdca2c6814053a357533597a52b53d69aa1ce050a6f0bed |
| SHA512 | 407ad7f6535a3b237dfc5a58d4b706eae5a56d1fcbbfe537630fb312a665e1fd68a1da133a0ae779afc96cd3d0089e14ae563b3c8cc1f4289bb6e747fc6e3e4b |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | f261ab2ecfe4b7fb2aa4cb83db443dd7 |
| SHA1 | c4125b01c323526f4f262dc88fcf56b4953f60af |
| SHA256 | aec2c867ea8600a76e958baa6a81a50830ffa362cc884f4e416c4566cf6bfd97 |
| SHA512 | 1e12e57d82a26fd1224cb6b26c943c28e98d189a07a3df072447323f25488ee71c12d0e12b83b08f22d45e83a5b40f867d4ff3fb9afd0d9bf9102ab49fdce9ac |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | d8b8767045144ffeadd80a3c1713751b |
| SHA1 | ad5c5e77b4a3162833bc3c942c0c1c944aab2ba7 |
| SHA256 | 6fa4a42112db2a331364f0f73970be8c695433f012da499cd38bf721ecbc7a99 |
| SHA512 | 80b4c289552e1c905970442c4eb0514cf0ddb38e87b3ab7b6fdd728a6335a5a3a26462086900631d60cbb3d9a788eda76619e55d32d0ab968958aa7789c04dd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2171bb5e5fefcd16622d935398c4a218 |
| SHA1 | c86c578b7195bada39cb75ba62e991eabbc8d44a |
| SHA256 | 6c4d92f7dbfd2bc971dd8e0393449ee3a272ee3aa1a5cc133c4fbde9ada27983 |
| SHA512 | f3deaeacf1f6e0452e970aa03a98f87b6a6dfbe89dc3c3e558d7ba85d2c693ca76733956968d1f593381cc89bb8a964914f0230c1b34bf4a66642824a6865a84 |
memory/6088-5130-0x0000000000580000-0x0000000000A82000-memory.dmp
memory/6088-5131-0x00000000057E0000-0x0000000005D84000-memory.dmp
memory/6088-5132-0x0000000005320000-0x00000000053B2000-memory.dmp
memory/6088-5133-0x0000000005700000-0x000000000570A000-memory.dmp
C:\Windows\System32\drivers\mbam.sys
| MD5 | 113e213914c40631aedef185984c5629 |
| SHA1 | 57bf886bfe1e4d765ea43e4c91709a5c4a9a024a |
| SHA256 | d314cea3ba19c49342763fca6b64a33f12d730a8fa531ed9f7e75675035ba004 |
| SHA512 | 76d7286963f28430d8a9bc3b59adf209b5fceb6a5248b7be54c60fff0b931ba2cf46a779f7e66008baa0853ad6ce55a4b9dd56e33574230d1e2588f7679630b8 |
memory/2488-5155-0x0000017952240000-0x0000017952460000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat
| MD5 | 52b71ea455746677f13452d705665592 |
| SHA1 | 891d13ab76525138cc6740c9010708b02faa42a8 |
| SHA256 | f706b4c0c36330d1018ed071a773235eb461e4b695206ca5272221018cc66e39 |
| SHA512 | 6b8cfb998355c03b7d7d78a70fb218ceba8442d6de396f69eb5ca99d23375b7617aa999717d4d65fb57c678ba7e55c3e714d53a8838a2f446d84fe24b44e44aa |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | c060022965ff188576f4c39aa96a90aa |
| SHA1 | c950f52c58ead131c2aa421910f412ee6ae77de5 |
| SHA256 | c82f672546d2607c67e29126b7b8b9b6d209bd9854d4b6e668a93393e4275020 |
| SHA512 | 9f7f00c46a32345e0d88105cc695585d79c6ebdc5b6a8c03b0e1b4cf9ddcce3accc7e6523e7225da67df109f5d876d446c3b3593fe815d4c7600621609a1bb84 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll
| MD5 | 99c8e47d747b36be8ffcfdd29b80dc3d |
| SHA1 | 9b8e87563fee31abf90bded22241f444b947b071 |
| SHA256 | 0db4dcdf3fbeef2c4d18555f479a28dde3d67ee6f0d27c18925207142b7a38f7 |
| SHA512 | f9cf4ec06585c6cde57011884141782bde83adf186f57f75576c8dade1e868d6b886daf8fa15c55ac908ff995c4b6323c3a8266dbd664b807cd67cf788f7074e |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D29.tmp
| MD5 | 3b337c2d41069b0a1e43e30f891c3813 |
| SHA1 | ebee2827b5cb153cbbb51c9718da1549fa80fc5c |
| SHA256 | c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7 |
| SHA512 | fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D2E.tmp
| MD5 | b5d0f85e7c820db76ef2f4535552f03c |
| SHA1 | 91eff42f542175a41549bc966e9b249b65743951 |
| SHA256 | 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c |
| SHA512 | 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7 |
memory/2488-5317-0x0000017952240000-0x0000017952460000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D33.tmp
| MD5 | 804b9539f7be4ece92993dc95c8486f5 |
| SHA1 | ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c |
| SHA256 | 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b |
| SHA512 | 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D76.tmp
| MD5 | 607039b9e741f29a5996d255ae7ea39f |
| SHA1 | 9ea6ef007bee59e05dd9dd994da2a56a8675a021 |
| SHA256 | be81804da3077e93880b506e3f3061403ce6bf9ce50b9c0fcc63bb50b4352369 |
| SHA512 | 0766c98228f6ccc907674e3b9cebe64eee234138b8d3f00848433388ad609fa38d17a961227e683e92241b163aa30cf06708a458f2bc4d3704d5aa7a7182ca50 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D7E.tmp
| MD5 | 699dd61122d91e80abdfcc396ce0ec10 |
| SHA1 | 7b23a6562e78e1d4be2a16fc7044bdcea724855e |
| SHA256 | f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1 |
| SHA512 | 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D82.tmp
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D9C.tmp
| MD5 | 54dde63178e5f043852e1c1b5cde0c4b |
| SHA1 | a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd |
| SHA256 | f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d |
| SHA512 | 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e1e31e914e7af87430a195caf08e14d8 |
| SHA1 | 612a3ccafe1a0456043b7d2e1cc3b0a54502589c |
| SHA256 | 62c0365ee90ea6d67cb255f959d8a7829e26be6664648afacf84fec1e14a6739 |
| SHA512 | f130e7c0c8ad3154d4d3735f3b14c5750b18bd7c61b86ca57b83337034e51a320501fd95c98c709c33d8f996862cd946b2cd106b85bd321c2fb724ead5ff6786 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | fb87d6dc4b55993a242df944e3413d5c |
| SHA1 | 5888c1cb0cf58a3d239a8932900c074d903d57d6 |
| SHA256 | 95d5622ef24fccfa490f7b075034203b4501b03634a0fc171fcecc82a7b091be |
| SHA512 | 03df1db2c2486956d2567523612b5548f32f6a4e6a964232046c5c3fb557baa468c410898c127e904d1a49b97194c89a00201eeac1de4d56b011494fbc374f19 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 6408cd4c6168a29c38189afa15a34345 |
| SHA1 | 776ce051a2e0e57edfa3a6b3bbbb0b55e8b39564 |
| SHA256 | d276f5e9a03a1f5beef026e7982b26feda8dad32b2b4dceb749e1ea214f6d93b |
| SHA512 | cc7acdc7683c5a50ef6e767a98e1ae1f44b9c19a319d6f76f7bdde602ed77d5a04540e99c81bfd84a41797721baa3104f41928a386562ea7b9f90c64b02fb0c3 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 3d748ac384a2bbb53143c72457df9b7f |
| SHA1 | 880d8e570f9c11e9463c828f158328b2da872f3c |
| SHA256 | f751e90aa1a228fd5d0e9f1a6cf60953c5523ff514c3342841a00037ddb38ade |
| SHA512 | 53bf46b18eea4514484a684a09bc63a8de5a275724eb1c6645090f7b92a0d7d7e69f70618749ae92c139b7557b73cf97c59cb853d74396b91b5efcd15375c1f4 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | ebe574b4440a169492c75d65896516ac |
| SHA1 | 45bd9c4adb1233e9a87cc247338eae8e3e436a7f |
| SHA256 | 675ad084c87c7ba49f5ea16872c7abce9914080723ecccd314eae8a6f5dae94f |
| SHA512 | 5e407a47ab43ce6b83300aa61bafbec54acc55badd4e2e46601961070d56b549d2cb88f49e427afe80dab3e7e494ca231364a6b0ba6fda40a742883c3d1874be |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 48ae6b8a6ab84fd71d3d276f583b2fb8 |
| SHA1 | 98348cad3a65c174f22453a20ead81f29cb3c9df |
| SHA256 | d837f84cfaf352392e5c74b53cf648fa2c937156def70b683905dc75c8e26d24 |
| SHA512 | 06667d8ac3ca926182a2d05db5f4564067a90167903b3daad2f9e34c840bcec215c5b126e2b754364f09c595dc086e40d1ee9b6a37fd7ad2dc6bffedd1abfaac |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 371c22184cc8312db796ae71f3b2ec34 |
| SHA1 | 43ef3e623c915d48ec9ca468292d313ac1e31e7d |
| SHA256 | d9001f0407dcd5e1c2f4d6a62801477c62f8378e3e27b5bb971e4ca402324872 |
| SHA512 | 46ba1d471b5def37458cb3b7f2ff967c78f6f6c9fa0735e502d07be0999455a068cea2d1d2f13e75c262289a23683a2c16a52f11e6dd5765d05406e989b19a50 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | bb72c705ce5ab99ef88c34923e6fe5d8 |
| SHA1 | 90fddbbcdfb6c4dde39a5c04968bfcbe052f388d |
| SHA256 | 3b60dcae3cb25821abf01ef9d38c9dc18a74cc16f11d7be3ab1da4cc86825eb5 |
| SHA512 | cac8882cf9014bc56b2a55a77ee46dffc25de9fb2ddf568b9ed829a4a20de4b42f83775228b415ccf72d05dc64f32ace391d8be302a773601b9fce30ee0e0622 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 6b789789c37a9a5eb7987fd47b6cff83 |
| SHA1 | 2a12e4b2619ade60b74f4ec4cf10067b1ba6e5b5 |
| SHA256 | 024be103e7ea049934c084683317525853b85050572df00b5009434801e427e8 |
| SHA512 | 4ed1d308445aa0230f1cb1f2f0a40ec809d2fe8df0ca5c5fdaf6002212a3ed153ebb70cf7dde1b74ef481268d1c36548ea6ddfbefdd3d7815f7f5c7e51008fe4 |
memory/2488-5679-0x0000017952240000-0x0000017952460000-memory.dmp
memory/2488-5707-0x0000017952240000-0x0000017952460000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | fc893043a41220dbcb53df0b1c2ad5d8 |
| SHA1 | 9c4bff963caa490318318cca63e5ff5c9ad44025 |
| SHA256 | 8488cfa7303e68fe18f2991bfaa0b682f53fa0889e08de7479d270bb34f2d413 |
| SHA512 | b6f696281179eac43123c6afec205ea897359166e28a46db2178172c076768fe4418ff647cab6fee7d5246e9a76bd76ee7b038fdfaa2cb010fb5bc64622e732c |
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-22 10:00
Reported
2024-05-22 10:25
Platform
win11-20240508-en
Max time kernel
1105s
Max time network
1233s
Command Line
Signatures
RisePro
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5052 created 3316 | N/A | C:\Users\Admin\Downloads\MBSetup.exe | C:\Windows\Explorer.EXE |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\farflt11.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Modifies RDP port number used by Windows
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_49825a4c00258135\kdnic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_cf2766005585f6cd\c_net.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_2518575b045d267b\wnetvsc.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_bccd4c0a924862b1\netrndis.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_532c2a6259a26a38\netvchannel.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_b98aa91c766be0ea\netavpna.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_b96cdf411c43c00c\netbc64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a2df726f-a6bd-8549-8e19-7bcf3fa774b4}\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_badb18141de40629\netbxnda.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_3aa3e69e968123a7\wceisvista.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a2df726f-a6bd-8549-8e19-7bcf3fa774b4} | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtucx21x64.inf_amd64_d70642620058e2a4\rtucx21x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_2299fee965b7e92c\netvwwanmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_09e02e589e7afd83\netloop.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_04b60d124553a40f\rndiscmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_749854ac3f28f846\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{a2df726f-a6bd-8549-8e19-7bcf3fa774b4}\SETC77E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{a2df726f-a6bd-8549-8e19-7bcf3fa774b4}\SETC74E.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_1e173acb8f2f340f\net1ic64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_d54f628acb9dea33\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_bfb9fd6f3a078899\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw10.inf_amd64_3b49c2812809f919\netwtw10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net2ic68.inf_amd64_23084e964d79333d\net2ic68.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbxnd0a.inf_amd64_777881a2c4c0272c\netbxnd0a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1ed57daf97af7063\netrasa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.deps.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbamsisdk.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Services.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Xaml.Behaviors.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-fibers-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Calendars.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Queryable.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Windows.Forms.Design.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.inf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Style.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.core.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\version.dat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-heap-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationUI.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionSdk.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Serilog.Extensions.Logging.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.Tools.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Caching.Abstractions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.VisualC.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.Serialization.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\System.Xaml.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.AccessControl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XDocument.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Prism.Wpf.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.NameResolution.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.WebSockets.Client.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.Protection.Interop.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\expapply64.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-time-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.CoreLib.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608468470521628" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\MY | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F0067A5-A8F1-46BF-AA32-F418656FDE6F}\ = "IScanParametersV8" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2846D47E-9B85-4836-B883-6A7B493E2D6A}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD6673C7-8E52-46EE-80B8-58F3FB6AA036}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\ProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\Version\ = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1047E9-9ADC-4F8A-8594-036375F53103}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6724C143-DE69-4A93-80ED-19B75DD2AA99}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1A173904-D20F-4872-93D5-CBC1336AE0D6} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{61964EBA-D9C0-4834-B01C-A6133F432BB1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{553B1C62-BE94-4CE0-8041-EB3BC1329D20}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EBA4A79D-9F4E-4E7A-AC00-49ECE23C20B6}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A3D482C3-B037-469B-9C35-2EF7F81C5BED}\ = "IRTPControllerV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EABA01A8-8468-430A-9D6E-4C9F1CE22C88}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{90F4450A-B7B2-417C-8ABB-BBD1BDFBFC27}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\VersionIndependentProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.MWACController\ = "MWACController Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\ProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}\1.0\HELPDIR\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5D448EF3-7261-4C0C-909C-6D56043C259D}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{96C7187E-6EC4-49BD-88C7-04A3A8A97CC5}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0F2D6C4F-0B95-4A53-BA9D-55526737DC34}\ = "IMWACControllerEventsV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F656FD9-2597-4587-8F05-781C11710867}\ = "_IScannerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4412646D-16F5-4F3C-8348-0744CDEBCCBF}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EE77988C-B530-4686-8294-F7AB429DFD0C}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}\1.0\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BDCB7916-7DE8-44C8-BAF6-F1BBB3268456}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36BABBB6-6184-44EC-8109-76CBF522C9EF}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D1E6E99C-9728-4244-9570-215B400D226D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{90F4450A-B7B2-417C-8ABB-BBD1BDFBFC27}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E90361FE-F6B5-43E8-99F7-1BD40500981F}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C710FA9-862A-40CF-9F54-063EF8FC8438}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E03FDF96-969E-4700-844D-7F754F1657EF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B1790AB-65B0-4F50-812F-7CC86FA94AF7}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ADCD8BEB-8924-4876-AE14-2438FF14FA17}\ = "IPoliciesControllerV5" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7EF16D72-5906-4045-86BC-16826F6212FE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94E6A9DF-4AAB-48E7-8A94-65CA2481D1F6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6357A98F-CE03-4C67-9410-00907FB21BC7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC34538A-37CB-44B4-9264-533E9347BB40}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE}\ = "IPoliciesControllerV7" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6ED2B0A1-984E-4A35-9B04-E0EBAFB2842A}\ = "IScanControllerEventsV12" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\ = "ILinkerEventHandler" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E41AC038-1688-417F-BE23-52D898B93903}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E90361FE-F6B5-43E8-99F7-1BD40500981F}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8153C0A7-AC17-452A-9388-358F782478D4} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F798C4B-4059-46F9-A0FE-F6B1664ADE96}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DA5636E-CD8F-4F2D-9351-4270985E1EB3}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7ffda9c2ab58,0x7ffda9c2ab68,0x7ffda9c2ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3500 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4332 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4736 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4116 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3996 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5280 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5624 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5264 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4692 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3448 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:1
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000154" "Service-0x0-3e7$\Default" "0000000000000164" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5904 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:2
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=1556 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3104 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3088 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3452 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3152 --field-trial-handle=1812,i,14832568255839405066,10640376064607237856,131072 /prefetch:8
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe
"C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\DE8.tmp\DE9.tmp\DEA.vbs //Nologo
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Users\Admin\AppData\Local\Temp\DE8.tmp\mbr.exe
"C:\Users\Admin\AppData\Local\Temp\DE8.tmp\mbr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\DE8.tmp\tools.cmd" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Users\Admin\AppData\Local\Temp\DE8.tmp\jeffpopup.exe
"C:\Users\Admin\AppData\Local\Temp\DE8.tmp\jeffpopup.exe"
C:\Users\Admin\AppData\LocalLow\IGDump\onokqmneekeckkyyioyfurgodvdfojom\ig.exe
ig.exe timer 4000 kygdvarspmvgudeuykliywygvamlhdyx.ext
C:\Users\Admin\AppData\Local\Temp\DE8.tmp\bobcreep.exe
"C:\Users\Admin\AppData\Local\Temp\DE8.tmp\bobcreep.exe"
C:\Users\Admin\AppData\Local\Temp\DE8.tmp\gdifuncs.exe
"C:\Users\Admin\AppData\Local\Temp\DE8.tmp\gdifuncs.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004B4
C:\Users\Admin\AppData\LocalLow\IGDump\uyiyfpwypzzctyegdcakxxnhdsundeyd\ig.exe
ig.exe timer 4000 hcirccudjochekpajllkhvrknoigvbch.ext
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.187.238:443 | ogs.google.com | udp |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | ogs.google.com | tcp |
| GB | 172.217.169.3:443 | ssl.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn1.gstatic.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| GB | 143.244.38.136:443 | plausible.io | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 54.174.144.10:443 | genesis.malwarebytes.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| GB | 99.84.9.109:443 | api.demandbase.com | tcp |
| GB | 54.192.137.111:443 | www-api.malwarebytes.com | tcp |
| GB | 54.192.137.111:443 | www-api.malwarebytes.com | tcp |
| GB | 54.192.137.111:443 | www-api.malwarebytes.com | tcp |
| GB | 54.192.137.111:443 | www-api.malwarebytes.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 52.36.208.75:443 | api2.amplitude.com | tcp |
| US | 18.207.31.167:443 | ark.mwbsys.com | tcp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 18.207.31.167:443 | ark.mwbsys.com | tcp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 18.207.31.167:443 | ark.mwbsys.com | tcp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 18.207.31.167:443 | ark.mwbsys.com | tcp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 18.207.31.167:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.178.14:443 | google.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.180.14:443 | encrypted-vtbn0.gstatic.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| DE | 34.98.33.162:443 | e2c18.gcp.gvt2.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 192.178.49.163:443 | beacons.gvt2.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 23.21.154.125:443 | holocron.mwbsys.com | tcp |
| US | 23.21.154.125:443 | holocron.mwbsys.com | tcp |
| US | 52.42.168.116:443 | api2.amplitude.com | tcp |
| US | 52.22.217.77:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 77.217.22.52.in-addr.arpa | udp |
| BE | 2.21.17.194:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 54.208.193.252:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 252.193.208.54.in-addr.arpa | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 142.250.178.14:443 | google.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 3.87.85.210:443 | sirius.mwbsys.com | tcp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| GB | 108.156.46.32:443 | hubble.mb-cosmos.com | tcp |
| BE | 192.178.24.227:443 | beacons2.gvt2.com | tcp |
| BE | 192.178.24.227:443 | beacons2.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 18.236.39.78:443 | telemetry.malwarebytes.com | tcp |
| US | 18.236.39.78:443 | telemetry.malwarebytes.com | tcp |
Files
\??\pipe\crashpad_3228_FDIWJQBCUBUYSFOT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d36f70455db848ab7a9a497006415831 |
| SHA1 | df0808853af6f657afb676b5fad5e80ad735b7cd |
| SHA256 | 3f7d280ebd0ae4ac49fc9b6e57a5ff662c2109cfa2aaac076dfb570d58c9e0fa |
| SHA512 | 06279e8d01bc0de761560f32e92d735d033e73a1b411dce4c4fcf85706f15252bd3390f3d3019dbabe54ff68ee25d45cc31a6f0130dea1880723de7616f67164 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 785b189cb5c64e559ac71fd9463fd9be |
| SHA1 | 623ce8c2991d063b399fe0d248384c3a62b8a8fa |
| SHA256 | ed1d396f53078fb473a568df23bb86798e35d133c74087611e38184517011cd9 |
| SHA512 | dbfad7aa8462f53a30e32f9efcd891ed89154ed238870a860d7e90863a5e87a0bd7eadac091f42c4cc457c91bd4bae39e8f5fb22bd366655ecfed51cb55c6df9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ddced65660c9de9a0c4aad7dc4633510 |
| SHA1 | a12526a4d69bdc6b75dc3cf6ccf909c6ae32bd2d |
| SHA256 | 7ea245854f2db8b1d8f3b28c32178875f54029b8eb5502d7b218a3cb87ba031a |
| SHA512 | ab0bc52963a0c1577ad828f14ae5d13f250eb51cfca1f483ae3dd040d808ba259279e965d7ee981058ae1b98d6675598e58041b52fba5b0a2292f4970898696a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d3c3a9f8d4f39192a30eff14f94823fb |
| SHA1 | f86720b64543c5bd9ee1c3f8cede785ccb2f517d |
| SHA256 | 49513f73c63e3e6079f112b8facd9b139be97b31b00873a89b3864247e9a5f9b |
| SHA512 | b7fe69e3fde7f2d40c1c2cf8a509dbf3888a4dade0dfe1f924ef22066a993f0234a4d72c1bdcd6ed8e8af29b505a735b5e98b4e5cfa79b0ea71de7aeaa6d4628 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 601ed240021342c05002aa642ca71b01 |
| SHA1 | 0a2e83fc808bec846b30bebe84af08bbe3dfd391 |
| SHA256 | 659c7d4cafbe841e03359e40dcf757f8f9b0e4dd706e1ab3f65af283da67fc91 |
| SHA512 | 1b594bbb80ac097b836138327a819a0c7644953a78d45849259dace9f67c308af4ef26894a3d98370bd27cc09443cf7fa3d0bec1ff9ccc762234b0ef6adc9666 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 3b69d7544031d48e81c8858d8271da6c |
| SHA1 | 3634b011aebc7b20c05ff3e315c6bcb247fa844b |
| SHA256 | 32437dbfde6d5300cb4919362507a92251d99bdea41ed3a15f3be6617269c192 |
| SHA512 | 6eecbb7e99b4af1c723774b1bad108eeb37ff0f12e24834154f5dbefde43041cd940c61d501169695734351394eed6aa1714e7e22a4cb9ec7c6c81d00c36786e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5f0cc795af4f3ca702ecd1928e866a3e |
| SHA1 | 4553d2b443e08e800b7171cacc7b578733e3ce2f |
| SHA256 | e95ae4786471f6f70dd35db0248f4fe067031e09a4cf89b79b9272b76a713b11 |
| SHA512 | 92afa313f76b6f68c95c883dc7eb38133bb1722463ccb71e8ab8674cf24a55a8f90e8f62e79623cf01303657dfbd173471464df0c13823834fa262f0956928e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 06365a6c2a96d3c4783b74afc6ead06b |
| SHA1 | d300cb5dbaa4d3eb7b11272add344004dec6dfd0 |
| SHA256 | 8ae1679d20671bca478fd4ab6b5a72082111c6630a0379851608ba58ee858c56 |
| SHA512 | 958f88bdc4bea624d22166622c2e61beceb676303260e66ad36cc66741bf88a46d1e4aa1023f067ed87ba839a8c7adce146a3c04f04ec6189c9b68317bb13366 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ab6ea2a67cd6aab1c1b25f4306e64b84 |
| SHA1 | 75b75af38a32a9646b2d8e8b98d28abe5e494299 |
| SHA256 | 831d9ef04a0c0760113414ce624ce18d233544b151bf6d6d8f08aa4267f7d524 |
| SHA512 | 01e75517f3483bcf394e0e22ad3f7ec4e59f4e4c1915710477d339d23d26d25665b1f788f65f892ddf1f67f3f043343c465f8b4a0ecbbcacfb0f69293d3d8369 |
C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | 6107ffe4a1a1ee9eb2453ca669791ac9 |
| SHA1 | 8f69617ffd69adab260500ec25d5ae50cc49b882 |
| SHA256 | 3c68baabc345c58d95825e548a395d305775b7f0313ec42997c17870ea6a458f |
| SHA512 | 305ed565d5b61271e3deac9ab254ce2d70c031f4713c9b37212ea56ff061b8ce0afb5002c02a5252991c506d217f3f6aad439c192384646432f2ae71c252fb56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0c41de2b58316c7f0d30e1314dfafd00 |
| SHA1 | 29c1ae285af07335fba33e715678147ae2e57a17 |
| SHA256 | 5fbae473a06b2c5ea362a9e2e67031830b2d6539ea24ab3babb07050e10cc9ba |
| SHA512 | f2ac5a139f77ca2f1e16221082aedf56d83eb52dae1b1623e33bded4b9af75f70eabaa0fb4ef8a57208b09a8f71191a75b4c9b06efc95c7311cf45f232289b64 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c82b9406250ba0df464571a6ea49d1b6 |
| SHA1 | b11d7b950d5ffbf49b20bcf67f70ef156fc304a2 |
| SHA256 | 246dd35cb2797398aad2bf2fcea0ad7cb2199923a75a0de1b5e3b52433b208d6 |
| SHA512 | 028ca0cc486331eec6697674019f82c7523c9d02a2a5fc13821b2945d9a4985deda96a63f3fd9bfe9c264f6df410c2b0f550b7bc6911baef953b2277fee62055 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 51c9d70c0275e925985ca9fb0ea4ab53 |
| SHA1 | ba2f979c689338ef2a9a7d553187b429c14871f7 |
| SHA256 | 67a1d534671582fabbe8c8d80650163e94ea83b5614b659951f749d8fa939459 |
| SHA512 | aa899302893ae568abc1400ee6c1ec007dd1942d283a6db494370f4c9812224177e8c650cb17656f35c0e468968c6bc54bba738b22b3d74297b1071668e4acf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe6623db.TMP
| MD5 | 00df01ef41ecf0e58f4ba19df50022a3 |
| SHA1 | 895f7dde4644dd370b76a1296efa837f95ece328 |
| SHA256 | 326c1643abe6123f0d125242eda469d1311ba1abe85b8146e1ff5f0544a984aa |
| SHA512 | 47a41b007ad59cc34eb2b3680f207f398318bdec8d3f6dcef3903f6768fa2981c6f64de448e77dd2f325fddf83e53aa8da4f36bc3b80c4fd3b27f2f6c48981c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 78e4eb99db06241fdffd6ff204faadb2 |
| SHA1 | 98b20fa27904361ecf568518dc93a6a673047ea7 |
| SHA256 | b8fafec044da759b68a9b0ad7c8f881735eb1aa028df7d571a4889e37c97aba2 |
| SHA512 | 525ceb82ab077f703d5d3d31fd32fb4c7bf149dcb390ae2aaeed8fe76b6ea025f2adc7052200a0fb1a90a4c115850a90772d81723961ecc9cdaac29e5b2ca1d8 |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | a545b29abb9db951e9e2508a1bbc8d2a |
| SHA1 | 061494912b29c965638263b7321a54b9e0399417 |
| SHA256 | 7607ca2abc8f5dfe7a100ccf73d885375ec599b0648ebd964ffb8bff39c821df |
| SHA512 | e7e33f5e49570ea74d427e12c049a7f0f89f7e4d3c7c511f59170cfb166bb5dd49ebfaa5a968dfdc15758f3177d7d39beebce26e593629aa0eac630748b403f1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d1e616f96ea254bc803b31f789eacab7 |
| SHA1 | 87961914700931ef62cd179a7e9b9400d6dad580 |
| SHA256 | d0f860339f7b91c6c877d505524cf2a273c603cfb79828e2bff773d9af772079 |
| SHA512 | 9afdb7033d7ec62ffaa2c1d82082dff3de00b122475b041795e0db9bd75cce79744f4b414eab35fc3532af281ce1e0afd508b07a3fa5836cabee5d37fe2b5102 |
C:\Windows\Temp\MBInstallTemp18dd8e91182511ef8adaf684ddebc7df\7z.dll
| MD5 | a144e24209683e3cba6e29dab5764162 |
| SHA1 | ab2112cce717bec8f5667721a072d790484095ec |
| SHA256 | b2ff9dbf90cbd0c45cd7d95ce4892377ec7e92970e05f2e56b0ce93861190348 |
| SHA512 | 2c823981b53b7eb7c1b726468d3b28c234c7e555aab35e759e88d38658566d267a20867f1cb18d96c830e7d53643629a9fa313eecee8b553703086fbb64cc984 |
C:\Windows\Temp\MBInstallTemp18dd8e91182511ef8adaf684ddebc7df\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp18dd8e91182511ef8adaf684ddebc7df\servicepkg\MBAMService.exe
| MD5 | 8c89563b4351b2c39d94c81ec37ace7b |
| SHA1 | 4c238dcd62b99226b3ac1a67c7b7c2cc2ad1edf4 |
| SHA256 | d17e0a77d02d5875318c14af09ee900bc4bafb87a96b2f84dfc9ef7656884228 |
| SHA512 | 8f1421c8a553acc7d4541cf6d319ab97abf2803a2c0c83ac7ac8d1dc9335eeb0bd911e79a0bedc14e65f1eb523efb76f9cfea0dd71a79e43c9501c954546ef2a |
C:\Windows\Temp\MBInstallTemp18dd8e91182511ef8adaf684ddebc7df\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp18dd8e91182511ef8adaf684ddebc7df\dbclspkg\MBAMCoreV5.dll
| MD5 | 65dae541c8dbc3e18f1bc9150ffad616 |
| SHA1 | f9c98b9eee98e94240c425a4548aae1b5d943ea6 |
| SHA256 | 75249cc6d5ddbb92a76f6750165380eb3b6182cdd4733d8a18003b7dfc88b558 |
| SHA512 | 4f2755add2fa384d617e7bd6d5d2c793503b54a284eb04be78682a0b6cfa7e6369995ae6625bd085ba2887b5034760323dfc61c2b28ea6db91b9d17a8394e988 |
C:\Windows\Temp\MBInstallTemp18dd8e91182511ef8adaf684ddebc7df\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp18dd8e91182511ef8adaf684ddebc7df\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp18dd8e91182511ef8adaf684ddebc7df\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | 35c919c92586d90651a5183e962c4a5a |
| SHA1 | 48653cfa8c7a378f7226b3cc55052af55091f5c0 |
| SHA256 | 69cbe3b65794fd3ddb7e49ce394a6ce5ec8d8512d4a5932f24417c4c7b61e1fb |
| SHA512 | ea1159f582119a37dc4f3408028a00886bb4760cc5c3b51da53f186cec81ac2aba35ccf24bb2d35aee6effcf787f548583bb41977827c3ef0987a9daabb2e9c8 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 589a48dafeb9c78b9d8094ee4ac4b055 |
| SHA1 | 0629e032dacc0335ba1e3061bf10eab93f3d624d |
| SHA256 | c39ff9286ce4346089bbeae39afa198c032ff473b480760408ffaba11f63b08a |
| SHA512 | 2fc385198d654f2e6b4928a7292c5ee14e703b987711395a2a10afd05bb1cb09f79a212158e2869c94c83685efdc3fe9a60906407dfa5abe8dd38e0b45225659 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 5ffee3aa137d8f2716380a6bcc61ac49 |
| SHA1 | 4c3a420a900c5759ea0efa2fd27340bfa403c60d |
| SHA256 | 8e0f7cfabbde6cbceba3f53556b3a04970fb60ef42a2959c53ec3943e2eeec42 |
| SHA512 | 08d36b96498eadebc1091ba9adec929c38f13c857ca8c257242ab2510299d4fb7a953f578219a28df83a56251614d2c615258ad934e2d6effc05828c732b1331 |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | 17412178172b24c5e570f6f13c42f4c0 |
| SHA1 | f0aac01bdd57f034d9cda7dbec9dd97c0dcb81eb |
| SHA256 | 2f2bb8b0a74e9049f4ee9dd039d81bc853fa8db3f311a799032f002b9cc1de41 |
| SHA512 | 3b9808f22e3455505da42b26d3c0c0d56cbac41fd0d2076c3363273d9e77064047d8fc7b969612a5f5c78e0588f510ddd5b2173be224b1b5eedc5e51e9e5a92e |
C:\Windows\Temp\MBInstallTemp18dd8e91182511ef8adaf684ddebc7df\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 2acc14dcfc51d25b212199a1181dc6e2 |
| SHA1 | a684f3c8291405c6f24981cb5db17103a8e5e12c |
| SHA256 | cbda0f7df34d5c42948474aca954e1d4ae07a860a606eed4f806ef7ba15ad56e |
| SHA512 | 7a7c3bbd252877635a101f7fc646e123aabaa6a48119740ecd9b73434a6351d24e62318a8c57f5ef1f23f2595d235731288505f16ed6616855252fa57cf46cad |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
| MD5 | 2bbf63f1dab335f5caf431dbd4f38494 |
| SHA1 | 90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0 |
| SHA256 | f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364 |
| SHA512 | ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5cfc1d20e5c74aaafe3fcd1cf13b92ff |
| SHA1 | 873f572a556555fd50ca0202857c4029c97b03b9 |
| SHA256 | f252e7a413ded98f5d73a997dc268172875492be93b556dc2bf3396a6bea482e |
| SHA512 | 5bab4097558f82995333972664937decf03adb8074951f1a3af9ea0761707b80a7b035b501135aca10f6b3c632559c1e8a0afc870dec13909253dbdd3c3c2c08 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 6130cd784040501337ba8feabd1dea1a |
| SHA1 | 7f35db5ff263a7b5f4c9547dc73328a56684451e |
| SHA256 | fa53e765a9e165aaff145f180a5d3cdcb184abff7ce6d4093e52868403ecf934 |
| SHA512 | c83fc1b990e32bb8d7fc86f79a6aaf94baa147ff415d2363a31ca9b6507826c2f9a972d2b81590f27a6475dfabb352c6b7b3c8b0e888e1aca0367c6128f95f43 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 95c8fb3bfe5e9077b855ad89f099d5ee |
| SHA1 | 7e65c123a7b7c8ccea3de43e38d5a4b12fca5e64 |
| SHA256 | e308b3d98826e23c377d27b238f7ba46f78f4c52cc569d3da2766a0c6fac7d50 |
| SHA512 | 6c7fd79dc8dfbb1f8b2a843889d73616626d79dff35ea0929497514fb1782ec98ce4f318cfd0e97a028e0bbd422f79081fec2ebf42bb1581d078394c6b7fbd3f |
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
| MD5 | f782f049b0e8c13b21f8e10e705bd7e5 |
| SHA1 | 5c11f955e3983c50ea46b5d432c97c9148ac8e9f |
| SHA256 | 16c450a310edbea07f578f31368f168ec338011cd117406898593e86ebb83dae |
| SHA512 | eed29c42b14ff26a030f53d61d6dc8e3971e478dc7646b26189f14f16699b6bedc170c4bcc37efe2e8f3048bde37480033b49eaf1a4712b88464f5da0efc18f2 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
| MD5 | 80202b21a6f3df9d0d54f20a381df93c |
| SHA1 | 6915dcc75d0b84e5db40656d6382cb217a1996c2 |
| SHA256 | 4217a62ea3df3bd98e40d205b4fb5f9673c340c366551adb771ff3e34e7bdcfc |
| SHA512 | 8d691deae1f7c5243d045940f7f728a874e72550859b291119c9b951bd95232980dc2a1b3c19154c723c42e0aa93747a046f747bbc305941594477a39c2925f1 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | fcb672c773d9e36fd9cd91d569fc087b |
| SHA1 | 6a0a257eb2952046131e35218018118ed7284b54 |
| SHA256 | 82cd0f2c49f8bd858f793d31ebe4a31e82211d972e8fb84311a88a26a07cd422 |
| SHA512 | a2f177e29a5a4f5b19a171376c8996d95dec0263ee8e325aba06e33682e7d1ed2ca016af5184e5df98085a1b81e27f218efd5289e940cce241129b025d909b0c |
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll
| MD5 | 0ea9e23809dada42b3fee0210d8c7907 |
| SHA1 | a468e990f09610226170edb07ae0e3839abff4e5 |
| SHA256 | 60d1140904e0e8b19c1d2812fe80e3b7e2e071dd4a1b27647bc6dd94bdfa51bc |
| SHA512 | b0d5e6f7e84f1209df2adbaa238e6497980a3a44a10de8b6dc38f81d84b8376b85e3582854cf4887d2459bb3590dd555e2f6cb7cdf3f0d43a4f4093175f4f2cb |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | d8e7149c2f2948cd85d2790be0d362d7 |
| SHA1 | a5ba2d97ff43e5be90539d8cd6d27882b31b0fdd |
| SHA256 | e750b85a4600403a00a354d4d534975ffe7449e9ee998d4e2d427836d9227e63 |
| SHA512 | 886eaa5867d6952fd1b8d4701423ac483093abe780174153019aa995f4ab016869f9a50c99bfe9cfd92dffe21d232463f3127b459971692507d0c655f8d1920e |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
| MD5 | 6867cbf4557635aca16ac6fba455e82c |
| SHA1 | 41994b5169762474d9febff66ed3ece998f691ca |
| SHA256 | 26de9b9f28927dcc71c40ba623a77a7b47bace9d749d06a1b3e229e296513846 |
| SHA512 | 24fd41344211e1c95c44a4338c33e0d6c734107757694e3b59773c574ac424cd030bf37fd08fec2824e3111a52c5288bf8dd8a8900457b8749246142d019de74 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 56b97d9c795170cfc429eb87938c9d6b |
| SHA1 | 8fb3a580c58df5643297cf83d382d7612ffe4c3a |
| SHA256 | e50f501633b36d315b87ec2da2932d69851ac01361d80223efad9f69fcc5a8d5 |
| SHA512 | 30296b500628b3cfbcdf6dbef32a33eab27696e1ef1c54cf117f9b8695d3428a3baf3d667d964ee6d8c6237ebc2a7690678d258d548344ad67aee6c01418977f |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat
| MD5 | 472acfaea98625e3585be3a20f937870 |
| SHA1 | db546649187eb2db45f40598a2e876c108817ef0 |
| SHA256 | 45fad3635c5adcb4323b0de852e7eea755658a30f4cde2090405b943a186a514 |
| SHA512 | fa3ae80e8f6fadd63992b019ead2e924ff93ad6229c68ccd638cc83b094d13afd6fbe706da54103c792c807af1850aef0d633565cde84da734f74544b96bc5cb |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | c0aed23b6a01a869a18e661cbf4f8210 |
| SHA1 | 7904c8c8e222a776b5e88ec5e591b9f02b1bffbd |
| SHA256 | 4f118071fc436afc0676e060293cf1e2f2011a6a8957e8ceb4d92b7ef67070be |
| SHA512 | c24722ab0bb23fe587c4da607942ffee9cfdd62bf67d4100f01892f222d961cfa1c3ba9b1455659b484f37fa6ef6e773b90909d1abf39b4bdce0fe92a39fd5b4 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 3e69c48bcf46a03c7476aba4ee56536c |
| SHA1 | b2fb7c55422cb8c0bec7ec6e8a062218708b7ad7 |
| SHA256 | 8d9ed4d6bd44ef05930387285115069d8626e071f3f136011f63fd974d686373 |
| SHA512 | 24db0ebe49b465d32564cefbde9ee1f59384313a09e87d2776f25203e9aa0721729722902694f4a5fa24b22f41879fa8a2cf962d7daaa737a85791e97c1d81af |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | f943622c8c91445fa2ad44f0ed420d9d |
| SHA1 | c5a5180fce4b88fb0f89c51365f9b53c119200db |
| SHA256 | 04613dea9b39f2d1d6eca469239bcb48c9c3376b81015d6033b7afea8680815d |
| SHA512 | e17e3a719103ce4121ba3255618760bbb720632331223e985071361095e9657529b35f50dd45f0cf3d66df3bf07e3f99d80efebadb73b359b0ee6e2aac0a88c7 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | ed08bf5067ca9cf7e9115a7ff44421d0 |
| SHA1 | 524cd0c99d56d40824a9d5081fa0cb560bcc8476 |
| SHA256 | 80024df68f2fd3a70c923756078636c85c5425b9f369f040d4c62fd73f8dec04 |
| SHA512 | cda493cf2a8665de80ddff6217a738742f35a1a97abc35f5416ae46963e28d9df8e01a7cca0efbfd3d073ea69c83f8f3e918f4fb287798b186640d67023c2891 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | dc975e978ef6ebbd76d5105e2dcd62af |
| SHA1 | 17162c7879085430bba7038e1b3b29561ec14ab4 |
| SHA256 | 8de62571c4671290b232af22470ee48034878a9ca6fe6c900866f23b4637e8cb |
| SHA512 | aa2b8400d77d0fb90f7360d977ff686761aa40d9341e3712c40cfe4dc3ab9218158b64f07a451bb06381f82e1ec952a316bd441f0c64d13672011b6b89cedf75 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | b4be837e4a3cbecdf1f033200f2360aa |
| SHA1 | 659fb9e719458e9bcd12bc9022bbefa3e141000c |
| SHA256 | 2d1b95b730cdb58bbe5561c734fdc35ea98cdbff727739dbc0b5f80b512ee05e |
| SHA512 | e57cc3ee76c7929262c7f6fad30ecbd69fa87ba3a5e1f0995236008e7af266f26492128494f4873155a955ad2ff826775413fd3380c2112338d71d6a6cddc349 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb
| MD5 | 20e5779f93a4cd1d35a26038d038efd0 |
| SHA1 | 901de817db018b3eb78f7c4b7081374ee02838d6 |
| SHA256 | 1c776618fce0ec908937f23c2f2cd0a6c5e34e2da3737eb3f070081ac1de0882 |
| SHA512 | 9825dd166adba9c38718ac0f83b676026f9672058af32dca9c98a96e7b1af7350ecb0f15ed6714d0979d5e506952b9e27e596af6f3c790be54122b01ff0763b9 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb
| MD5 | 4015a8b99b38a7e5199b09077e52f9d0 |
| SHA1 | 7203c5416cec486b37eac2e1c8367874aedc348c |
| SHA256 | b75fa20e09442db84943bd2073351d36620120ec6621e81700c43cbaae1a64b2 |
| SHA512 | 4a38400e3e9ca71a8ac2622938aaf9657e53c17aef7b2ba5071d8cb9f4cb54ccf6d409d6b0554af06a50cf91cec69f42ad8f4942f60ae8d4254b95cb7830a692 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat
| MD5 | 31c0ae1d88d8b6abf8802c2565b22e0b |
| SHA1 | e9fca7de08d0ab8cf625c9d225a76f7860e04c6b |
| SHA256 | 2ccfbfe9f42a47672cc161c63f68f7d4ef7e1309881f0dea9c989bdc8428873b |
| SHA512 | ba1e1d013ea5d064ed097982f5fab576872ee6f8facc194c0d9eaccea5c1596e11a17df47cb19b9a130e7d0d119676a7e4037f032d1689807123723164eb8464 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat
| MD5 | 48fe46dcc563b4817d901a6ab26832bb |
| SHA1 | dc1543bf65e55477f948d79f2194aa4aded76b22 |
| SHA256 | a47633a5960c7993b7fcd1fd91908cd04fff1dc5122c16c9c3c10d6d06e559ac |
| SHA512 | 30a1fd4df60992c5198bf1f8c2d95ac42cdd7e7d6b762ee3b9d3334375bc83bf72c6b1a5ee3ac3bc0e91a2e7c0808d43503a1b9f9f4a38ca5f386ee77052494f |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | 80ae2fa497f6b48a692b71db785f2fef |
| SHA1 | e6812a14f28fbedd86b88e629b6647e879fa06db |
| SHA256 | a763d93764f239386253017d5978fde9d330feeee4969e4f664a9096734af793 |
| SHA512 | 905070dbf41fcf6717a12f98479ce4c45890527a8b0c6e8ce8134411e9f185482f17140dc7f0f6a9b503158d83dd009d489a07ea55fbc1962dcf4510d9324a99 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | 289a6b2683e52b9b1128cf59b4bb4a2a |
| SHA1 | ba2239f65ae4dabd04d14312134a5bf42bd40e50 |
| SHA256 | 62d3c7b5f1fe4a24339a7559488fa8a54486e406aecdd30fc04379d583fa5781 |
| SHA512 | 472aaa9f82176a383fcfbd3f1b855e8a1fd205d7a347664d7c6dc6c7b054f87ed9d17bc4be0a7b1f22ddde5bc04c6908d56ad13890a7329277adb348a9c90445 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | bdab928adf3ab2df82801f6e40c18bf0 |
| SHA1 | 2c02ed76f1d9d7c6065142b2c303d7db42cc73bd |
| SHA256 | b55d7dc99d29af6f0edd7706f6a84d9a6100e88571654f9681bf178c6ee4ef26 |
| SHA512 | cacb265c3a09ed264ea6f26b98605fa10258d63b8db87e4c3d9b105b76f3b9db31aa3111a55e953c5c677da00da4723c24c3c9ca34db91d5a1c0c8ccea014005 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | e598638fd1a4029a1074a7647097ae45 |
| SHA1 | c50f5b1d941b8732245ea0db7221c019f3a23851 |
| SHA256 | 3b1067d82276710058fce2e32fefc73759aebef9bbef3c6a0e0de17f35432b42 |
| SHA512 | 6fcb4462bf4ab0a273e710b180efc82b9ed521a579d10306307971c330d137b9265ae3f673a1cf1b45b13e634ff2f9301a2ce036a88fefd94b94ab78f4cfefce |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | 1bea85f6f77b365122fd5f51b10777e3 |
| SHA1 | 2431dda3ae3310739fdbc59a1c40aadf5b0c5e2f |
| SHA256 | ebb6bfbcb66f79d34e10c57e70b26aee5f99e11207e6f103c660b4c2a005f771 |
| SHA512 | 01402e189787bb653c14400721acd55ed2ae78f94c4ce9d0c9b9fd8a49ee504136bee56deaf24291e0594dfc73489a973d54f2e19094ea21f061cad2daf35460 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | c3733612c0b6d99690e4f61ad5461150 |
| SHA1 | 69c190948d99fcef3008a8945e9156a9c4518ac3 |
| SHA256 | cb96582951ec8fb4ce4d2d6e0ce09b7cbd29aa10644417296bfbd786671c5e02 |
| SHA512 | 9f16770de0f0b1c3e7f80428c53bdf8612b2f1e9df406f2420d6f034300239d48e72dedf158c1c66f814f11fb49be580ac7cba229efde13da48679ecb045399f |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | 20d70c6e04dbf14c01ab2d756e97854f |
| SHA1 | f172c8b8c0e87d2a9ab064513dce004d16d03e0d |
| SHA256 | c4002339b58bc493ae3540bafe1b2ca0a70bba0f853e29f60e0f6a1680fa9a24 |
| SHA512 | 13e073cd4b3d53c6d9fdda671a55962266b5c0a18abcb5774092c35f0d0bf2c5d0d9802d8955d32cceb166821634bfc067dac7809c9ade143cf3a3b497743b36 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | 71c2939bcb601b29868a2549fc22a827 |
| SHA1 | e4065e0a62cd60915ebae2d510830f50b3a4c266 |
| SHA256 | 1a2348213858488dfb80c9ae5ed650352879a9593c776e56edea92ea1c1e146f |
| SHA512 | ba2f9a22a3be1f470dfa7ea933eee04d4fcd5c8b38b0d2d3ed38d197e5f3aa3ecf3f82fdcd11aad34bb427ea39ea394220ba1a628c6aed3d6c80289b795b1028 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | 478df352bc79ef18c258b53f662b0885 |
| SHA1 | e80aff69534545fa437074818da66c5b06ce85a7 |
| SHA256 | 95370683adaec8d785ee7368d590cac8de0e7add72c88c24aaefcbfde9ac1826 |
| SHA512 | 1771d6d85614369c810a52c2044b4e8b6014fe4ee62c1586b28442eafdd0db50c9d514a3e0c94cca2a2450da2fca19ddca74608dea5ab0edf87a7d78b34685bb |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | a3fe79081a59d493c01b5c1139babdc9 |
| SHA1 | 1505cb4053bcd9b55c40227ad6b62a2457cebbdf |
| SHA256 | 60c8c024ff020f04fcccec10ee78872bb1e6985463d6370c6af095761d88b860 |
| SHA512 | 22310a585edb36050ff20356cd9eb5129cdae3ffea2ccd7a54d9652dbd336d7f402ed119dc59ae3250b93bad40e75983184256c0bb239cff049bbb983f487bdc |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 552908dbfa2229d4ecd54eaee05def06 |
| SHA1 | 890a4f9521c657833dd874c6770eb5bd253e2601 |
| SHA256 | 93b9e3e5f6f27257f10307d07a8e42d935a5f20ae2e405feafbffc8eeb2a4767 |
| SHA512 | 703bd9355b6f927319afc47d4caa74ea862ed39ba78118ecfbda3a5fc385bb2d41c4345d8e13ccc1f8e38f0767d076e827b0add51a5b942f79ad2927545d5c56 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | caf860817ba01987e0c6881d739d6081 |
| SHA1 | a72eb012873bb11d399b0e0046b60682f57b11e2 |
| SHA256 | 407a7b0aac7b9b2ff55e9d414ceaca2597e714e2feedcb7131347bc2c9b88d35 |
| SHA512 | e9fd92588b583297adb658dba0df21bee19b2bf166a5ebc56dd29f73218b0c8bb36a05b607ffa7621fd0e7ef515a5504d0344fbd3861c03c1dc1804cc582e75b |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a34b8ea79d539583d557bbcaa92b16ac |
| SHA1 | 134a04805f3fcfa2a88f495d96ddaf2f8e058d53 |
| SHA256 | cb7907ff24b56617bc41f1853a7d90ab7f3ec0209b5d2a32a9f53b79ee85b454 |
| SHA512 | bb3b3a15e58afefda4c7a4861670f496d410a2a6f3418622b84b5221b36f455875988348ae961a1fbfa89fffd15874266d31abdfa6e5492f71aa0c0156352c4a |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 9535bd2393a076283f30011bbcddaf77 |
| SHA1 | 278227e3052f5c8b5d6ecdea3ba4304cdd6bb7ab |
| SHA256 | c50da9dbae94f4f208422f47ace08711d47e68493890bc4926e873ba99d36d9f |
| SHA512 | 22474e53030effd8c5dc99eda1741fef09ed995494d785c5ab32379fe40698874f6223263bd3539f51e22c0387bb2d8fbe8c421c213e0bc4867232275bd3c499 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 379634e48be829f8358288bb42be5111 |
| SHA1 | 595a01af53bdad631cf7ed9f3ab20c072b310f3d |
| SHA256 | d10ee39e2ef3d353228355f6ddddf580b9d1ebb83020670a7bc81012671c253a |
| SHA512 | e92f5e6c53b96a23e30fbe8c23315770f697488770024c2c7dc3a5d9e4d9b5b5b6c8e6fa9649fb9a6f76ecc1f5020bf046592bb742471d5e8f023f8ec70bd2c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9ba7cfc14028fd7ccee2ddb2465863c9 |
| SHA1 | 824d1e6d4556ca17e5b170053ca394e6eb5d27b3 |
| SHA256 | 95b2db8b3f4712a1f4e156eb0dbe0ebcbc4fe004c21945427dc77d89f85869a6 |
| SHA512 | a36d5b8ba4116b5e1a3e079b5b07bf1f0adcdeef20f69e60e9328bb9ed8600dc76e1fe1907752097fa8e55df5ef287a1f86671e3c3e6afb07dfdd179117f0d98 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
| MD5 | 4b2cc2d3ebf42659ea5e6e63584e1b76 |
| SHA1 | 0042da8151f2e10a31ecceb60795eb428316e820 |
| SHA256 | 3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c |
| SHA512 | 804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
| MD5 | d87c2f68057611e687bdb8cc6ebea5b8 |
| SHA1 | 27b1311d3b199e4c22772fa1b7ea556805775d37 |
| SHA256 | ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8 |
| SHA512 | 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
| MD5 | f7c8e0339bd48b6fe8eca81ac3ba5ba5 |
| SHA1 | 1369bd4dcfa7709d8eed12fa76fdbebd39dd6bcc |
| SHA256 | a9dd01f84a075ea8d0b0968fd7a11720e49f019834f7d4fe80f50dacb12030aa |
| SHA512 | c722510c40fbed32bcda3b5b69c590a9043e4e51f8e804f77f73eb8ea0cac0f4a587ef540f2773981839f04e44f48bbc8b5e8c03ded3f0cf637ed1e3172c8e07 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 2c22e7f16dfed6739249774ff6c28f11 |
| SHA1 | a76e3e31e26cdc16da7f52593e908b85c84caf65 |
| SHA256 | 22f92c22761acc590b5bc4863ea428ba572f3e27ec0684cb3ce6a051b9bb4e96 |
| SHA512 | a5a73a24bfffe87feae02cadc9daef62b662a33ba8b06ebdb9a9668f11f12ece7db20128649521245acf1237fa4c5ef95b5ad273c5bd86b0e9338e214cea3c47 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
| MD5 | 1b9f2df2c391e3a4d475abe6fcefccaa |
| SHA1 | e7b413179d6fe68739703c4b4a7dbc1b46f88995 |
| SHA256 | 2d6a9d2d7c6f9aba9604e11de229088444163f15f9a613afe9f76b81a2ce779d |
| SHA512 | 0d64d694a28c01da9207a3cb0b3abd7ea95c2b730bef3b898f612de116a2923abf8918b8db059dfe0110ad9344661a1b3b83e6819afa038bc6112bdda369f373 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
| MD5 | aabcd781cc34559dcca355fdb0b6e47e |
| SHA1 | 0a7bdbebd2a8bbe6b88d4e38666aeaa14b7e8cbd |
| SHA256 | 8b3de8318edabd3148e0dd08f43a96b116db17931fe3e34c18384d396b4d414e |
| SHA512 | 62012618c187fe8a9bcc07a508741ed381d388e41d32952b4211433530f4819e75e51fcae0ecfbf0f773de872d1c3dbba9d46a034eb378bbaf05bf2b892694b7 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 69521890c9a442b92e48aa86b9b780c1 |
| SHA1 | 4dacb62c584a9515ed0e92a4b2e2599bb8d1ceb1 |
| SHA256 | 259ba282e8c66d81ec3b27bc70edbd4a079c266105025bc0d9feaa324bffe61a |
| SHA512 | c241fa3949f5801fbb3d087be92790d5ff1722651a2d386e097f59e9dfe9828f41239a5639698c64df5f79570c965758367d5e9fc0357020207ce68dca856b3c |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 139c47f7c8e74948f9ba2c327c054af6 |
| SHA1 | 2cd0cec10c98dbb3fd3483d04f65674bdea62774 |
| SHA256 | 46d9a693456c4b144c83064a9cc7ca2e556f47171d265efdc2e30a9a16bcad57 |
| SHA512 | d9e5d4b5f5ae32acb70607668e009125dc390bcb7f493b2c5714aad4bec6ec5d824633e9751182e456be007ea4db2ee1db96765aa242280db36d7c0137e7dd20 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | a1b242779193cce392c2a198c8cb8aee |
| SHA1 | e7669ec9334fc5d78d83d39772bbd5cfdb172498 |
| SHA256 | dacb7b2afcfbe15ed2f0b5ba9d808cd397e29a0d6dbeaa80549e0325f4d5fa88 |
| SHA512 | f6c0ed33cc8761280dc2c3c560c62c8c93de7897385393c20d5965a53ad61f971db86db7522f6a8526c46b03b8cdbbaeb697f7bf97db49cba53eee2242ca7e01 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 58195e0512d39ea11bc07e430381a96e |
| SHA1 | 64fd4dc79618d2b8fa7587857cacbf901e9616db |
| SHA256 | 96901d4477419324d6a669ed8feaacb75934318f58f58818f9903c164d645a87 |
| SHA512 | 2f999de80f43583f13b1a6589955a9267fdebb9bddcf4800dfa523893589b9608afb2702bdc578d31ac83847f578c329ffaf49e4e935c4bfb3cf34817273157c |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 99b5d9790324a3276e6ccfa462a48881 |
| SHA1 | 009c979f0c1d2a81498c51fc8a01e52c8ceed7af |
| SHA256 | 52e800d49a87d1ca2ec127099dfbc15da0eabd46b07a445d5c69fd5971b48c29 |
| SHA512 | 6e9b058a1b18ef88411a20aa181c7a6159f96ceb2eead98e91030b1fb2c1d1c963000915213726ee62db5fb9239bfab5a393ca83d65adb338293b66f7eaa7d95 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json.bak
| MD5 | 9240ffa4eff8f8382b089e932d33d87d |
| SHA1 | 7389b9973a869181affea386d8bf7405cbf1d55f |
| SHA256 | 8f07c21b92debad9107539fa5144955317fd5a0619070051aab98579de843dd2 |
| SHA512 | c774677e4f6e7b6c301e2faaaacc0ab995ae1934454bc1782f6f7b6c316173223d6262e43488749e708d0968c6b5e8b7536aefdbad3e12e61f0169509dc58ff6 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 2bbb534e6075243dfbec78942c88f1a0 |
| SHA1 | e0ef42c339ced35235ab75ebacaf4bdea874f56c |
| SHA256 | 4353f89b854a841dcadf8d47e7f080aea95924cc0cbea90352f380d9ab4533e4 |
| SHA512 | 488908bb5992e15ae457b6a78e6e87ec5807b60388d7163246e3f30fe6d538128f599f4b335e3d6084ff388db73f3f66f27677d4fb76a67f2355930149dba3e6 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 613bfcf7b4272c5342073c468b51034f |
| SHA1 | 982b0d84d2608789521eef227fd5fb04bc242271 |
| SHA256 | e95a583ff54f64682434c78f8e4d40ad79127c08c6e870bd411954649d5e169f |
| SHA512 | b3184abe4c8f4fb0e1fc6aeb5b76451ea1c7b37ea0c43af0b1a40b93def55c14e728707c13b683b6a0225378299f7d3e8f48de278975746ae70dbc326e34c15e |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 007841384d8a7ecd40f38daedb4b907c |
| SHA1 | 0fa8c4a30d03e150c9b00fb45b7e65a449a371a2 |
| SHA256 | 5cb254deda0e6bae76cc7c97172f358ab07dae5e38b838565d14b7272868409b |
| SHA512 | 4f9e8febf8900b5a38fba884f8261418f7e773fd58b0b29bd1a833a7286fa6397182f94d5ff8b38a69a44f37b9dee7062390bab4ad2c7b2eb3107c082ab1cd52 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 7da6a1fbc7e73e4d60ff32e0c1b2b36c |
| SHA1 | f096f1a04e25c2c8399f5c8b363f501ed356d22a |
| SHA256 | 7b1772a99854c3ca67f8aba1d6f8ee431b0b91e16961124aa6d3c286cbcb96cd |
| SHA512 | 5431b0d5e942f6fde9dbb29de13bf53255909bcdd0495824f1f1c8cfd51226660f56f81d92b636fda0c2e7f18fad31b0af27e271baf8461b5857fcbbecac2aa6 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 9321cc7d5cfee2ee03ae3069ee5d4cf1 |
| SHA1 | 7414385602a165ddb3365ded501897ca846e7feb |
| SHA256 | 2fe912bd9df8987a9991762fe20ee1fd61488a966ac4399d352a8d3cde99752a |
| SHA512 | e12b96437ff4b8d1330ef259fc4aed6f36a8e5aa29f11b9ec2222acecf95eb8b8c2c93e41158ed48deeab1f4e72fd09676cc12304ba35a248ca787e4f9a8def2 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 86e2a17ff0894a74b05261ac41b7c4b1 |
| SHA1 | 04e70eecc04609f6ac1cd459148abfcbba6de68a |
| SHA256 | b5bda4ccf9044efece688cfb14e30f40c9c55061a70e94c28c8a55afb63cde62 |
| SHA512 | 90a899f7dc044b6aa553350a903298d1f0b561f2cb5da1f51278b2efc21ecbfd889411b9b20a23b1091ef29ad0cae3c4fa70048de23cabdaf45d034a1160bf37 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 2e8063af815110634fa39c80aaffcc3f |
| SHA1 | 0928f280a97e5ca414a158095141162a768090de |
| SHA256 | 8690a738878ccb650eb2f0b1f10e1ba9ca8ce986b69e5a3b42969c896f77ae4e |
| SHA512 | e3e06a09c64e92903c6d8d73619ef536a9b1b0bc694dcbf4fc4d1a70d584dd73d3bc6657b25db7a6ee68af7dc938e5db36693d28a50db5a92427b8d3297cee4e |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | fa921dae57a40a0071ffd123361535b6 |
| SHA1 | 5665e6ed4c49ae029ef777351da30a448a57d74e |
| SHA256 | bbb542e0ea2cdc4ddbcd8908a77b4017c081c74deff0db984df972837d53c994 |
| SHA512 | 0c4146e94809492d5f7b327f884c5d26e425d4dd315c677876ce64b6d31bf70f1e6a2d62d1263bc2ab46a36ef6ea224ac38634ab9e3913c6bc4352005ae7e036 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | f1fb7f3201c5e96e4f012e123833ba94 |
| SHA1 | 92b72e1602b190b11f5feb5c51d6649b578441c5 |
| SHA256 | 221ff20e85d3a193bf4827bcd8d94ff8d20739e5145d5a7fce07444182b97df9 |
| SHA512 | 781a8eaca94ce2063f44dbb1cf8e41a4ebfb3989a85e6ba2a473fbc29854d86450e3549540bc6c13120990144f9630d1a7d9bf30873125ef57491b30521f7a09 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 1c1474b761178781dfc7c90cd0c2bb1e |
| SHA1 | a34b7b352ed79f1244d8846bfdbcf58650c194b0 |
| SHA256 | 95f2b3376bc605f8c34bc75eba195ec5e85c442b8959f4c7f54ec6d282aa3611 |
| SHA512 | 3251a555305542f0bfe7438796aa14127bd66c763e28b07076a58d532490ffd5ac8d7be5718e78005479d6d515d2c0bb526ad24629ac3161e7fe70a698f54d3e |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 2950ca10a1fdf8fd1fbd45b300f6eb93 |
| SHA1 | 77c603638926f18703d0c8b1a0cb8558da565429 |
| SHA256 | 5af90ee6047725b1f47a4cd5c11a5876286b2a2d090f0a0db50065e8555d51e3 |
| SHA512 | 2169f8ffed20523e5c8bdc35da69e91b71584f70697baa54a8aa4d1b519b891298934d4f0a6bd50e36cdb647cf2d42c2566bc7f29fe7ce11f3bb0953fcf72c33 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | ef356c49f9dbbfa13365a3fda7dfdaa2 |
| SHA1 | ac5286b5570b83b733f5833e92a220e2ceb0ef7c |
| SHA256 | a507ab3164163a52c2039a02a1f5b7ab55fc120b1c1aa73930184086bcc5597b |
| SHA512 | d2d88333f367d0ccefca84b4a24185dea257b30a15c28ed26b00f04ac90b3b2c4e4c5c42e4bdb97e07895c4a5f3d38786fe811d3eb04bc10a1a4b7a55795d8f5 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 743dbbb7772700dcb57f992f95b1e604 |
| SHA1 | 10896ea6aa318c5bb10e7e2f66ccc69b0ee7b76d |
| SHA256 | 875f139c98b518b3aa04dcc9a6f5e3a956d817370a80d27e9e59e57b81f7b1e3 |
| SHA512 | bbe61aa6ab47db34ea45ee356b103cd0f67888a226feb560546c9af0073f42c64b7291abc4b0369a98956c5521d6d462742f4ab7e81cf6cc8f381dc6315cb491 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 6c49973cf519a33cd9fb1397b4fab6a4 |
| SHA1 | 8c7643fc255441300678ec038fd12a16f36ca11c |
| SHA256 | 99ee07ab82060a71834827daf10fa829b58f1c3fd767d4f41f0071402ea437a1 |
| SHA512 | c80f3a43e9f0c33e3b4aae60989849620e0817a06bc3112505a3bb2a750bcdba6d4ccd4820484328c7d38913505ca86d7c3c984b077a7d3ce52756c8d79885a1 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 56cf132b4306ea0f8b526f7f3b8ed656 |
| SHA1 | 4433ec44976c72a3655801e97cb8500052b42fe8 |
| SHA256 | 3239fe88cab49480551df81f60260403304f0595c06fa0bd80a6aae055d8ede0 |
| SHA512 | e1da079125655769ab5b6446dfb4404ff239cad66050466409b9421e9c813c90c1538ca6610dfd202df4ff2b8e4c6df1a4119ad8153d3bfd1f98b5326c4d7f2b |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | eaac9032a5151ea0d7b74ae4bab32b35 |
| SHA1 | f2c1f886868f6b9f78aeda8cf95df5051239c1ef |
| SHA256 | 807379fdd7315c29bc1e96ed224285ac5ae0226bdfa5318642eaed6bb0ca3191 |
| SHA512 | 91fc6c387ee270372c401aa27aa399c5f6091dbcf1e94058c88e5edb473a7876c9de632cff5a4d6479a2a9bdcfb499c8ac6cdd3bd954b04db89685ccde0661db |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | d07344ab1c903efe9bee4bee81ba091a |
| SHA1 | 93dbde598f1419ccb5dce6db1d57254c95ca3b28 |
| SHA256 | 408f79e37697bd1b252911a6a473f4833f467094dd09c5e9a761df9c05e2f9f4 |
| SHA512 | 653a2279eb86338e86e6e0ff289e442563459f91be9a9ecc162427054a3c6a58b2d109fd087676a7da3129ec5f75dbe1e2250cbb9f724246fa8bb45d4e605398 |
memory/2896-4625-0x000002500DBD0000-0x000002500E0E2000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.inf
| MD5 | 1b378aed3afa33a9d68845f94546a2f6 |
| SHA1 | 95b809a20490f689a2062637da54a8c65f791363 |
| SHA256 | 6ef70c4c969b91775368b3c5a6d0dce4c5a5d59463e32b872474f0c50b59774a |
| SHA512 | fe0706f48ae52a14936e372dc1406720baf21e018b12ad79727da892c498fc62af59efd08024ba257a94442270c1fe59859a81a2eb7be54be6c7a3cb76051808 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.sys
| MD5 | 05c4546c48547386962794da5cbb5f09 |
| SHA1 | b61ed60ea92c221ed5a966e9a23b7ab8bfd461af |
| SHA256 | 0b544b88164e64e3cdff31737a1e72baf855be114c2586ce16ffebf787d42593 |
| SHA512 | b2446f22fd79db6ef3085e96305c3230ffa9dc8459caf2d4ecef33f8f94bb22bfd805b8a5f62e0eeab61e4b80f808f0790c0ce6e9222c0d2abaaa7ee32d9b145 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de993fe969ac005170371b28cb55381a |
| SHA1 | fecd4164e280dce4d20f3734f1b3461225c0d628 |
| SHA256 | ff86026d1cb45905a74de3954d09dc3ac9c49fd70da94f86e2c3e58b4596a6f1 |
| SHA512 | 02f4423d2f6cf4bf3ac39253e134dfc58f8f8770d83c7d044b9f558dd4911429a35b5cf1be92b55d3f27d926ce7ca4f2c2b83063633ed1fb9974c3c32cdc0df7 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.cat
| MD5 | cab9aa45b50d2419e3a772946d790d04 |
| SHA1 | 047a95827e31c5fd366e8e43f517b1b903ed8e8a |
| SHA256 | 0fedc4eaf11613bd44b76276542e3cabb36ce312fb37cf04b402741406b7c2cf |
| SHA512 | 49a047a631d026dce5a302318f10c48de26e4788eb28fdedc3347d61f4696cd1fa2047bc2f64aee71fc5a6edc0a1ff026c66513784c68f1406d03b8a69447599 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | a93514fef50c272d886c0030f2ccd42f |
| SHA1 | 657794595822ef183cd4a3118cde8412f9434310 |
| SHA256 | 093c6f0aa9352c7fd7ac28ecf2619cdac2f7a1f51cd8da31a9dddb0e6af4e297 |
| SHA512 | b5f751229091aeb5118b9b9a9dd766438b93396efdbc06342301a30498ee3e9890fbfb01ef99a82adb10e8ed21f6eede0f2ccb3968c081c03eec05573d0de19a |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | e6c02445a780d4975c4aa7dbae671efd |
| SHA1 | 73690d61350640b8e2cc8b6aa192a4fb46e13bec |
| SHA256 | 385d38c88c5b7ed30247cf542a39ef314318308e768d3f7d34f393e2114630a5 |
| SHA512 | 6cede7b63e508bc4c6ec7b8104d3f086ff08a248ca50e9385a1d6aa4c2364b830c52c8ae726855dbeec94beecb77513891a6d1823f59722ca8d70bbd1eaa07b8 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | bdb33f56f93e94043adad7c40ba3369c |
| SHA1 | 8cc67ae701455716e38960d44050927b53ef874e |
| SHA256 | a967632310cf136ff4d8eec868275be0af9c2dab30d25226c3407cf87b1d379a |
| SHA512 | 8cc5d6f58dc18b10dabe85625573b27d263d7115b16a1e0dad844156592174e410670d9271a3ef9ce7dc0dbc0d32975d17b39556f556fa3d1308c18b00944041 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | b8ad3d6e2846fd0ca8f9e75141bf3a5f |
| SHA1 | e46cdd62a9e33cfb1a7ed6440b9b33e60231f30c |
| SHA256 | 42dfbf8228d39a2d199d167b0115520f58609541eaed9f98a117e3dfc7ee39db |
| SHA512 | 1e49d95d47d35d96a5c59d6e17edb44942baeda093d91d85d6d3d86a6f8862e2b5c2516b0561d572c1506fdcec0dac00bb60cf258f086edfd11914e1b92f3392 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 21e51b4a4ed5809f4ff2f0ce2dcb55af |
| SHA1 | 92d7d691b69c872c1d4907eee5bd248950fcb6fe |
| SHA256 | 2b33e9eea0e536c995d06b10b8519f69730978f2b7e7c4ba16cdea938e47ed43 |
| SHA512 | 131c5fb290f595c57c48af33db0dd11b6a521476ef3e625f1b872b6e4509eb69357fc341da1d7d7fdc7da2173953ac11b2a592caae7800d390e3b0cea2044e1a |
memory/2896-4718-0x000002500DBD0000-0x000002500E0E2000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | aef40e9e7ca500f8d23f53a9b7b4fd1f |
| SHA1 | 9d6c9f4c18b6d57e43f26bb2593c11264a1eaa41 |
| SHA256 | 8e66264dc7478e517b72af31ca7a308be15ce7dc9060e5f0488fb186ab1220b3 |
| SHA512 | f6857b87a244dd68ac14016bd6e25e31d45b1b00fcbe70129dccd33ab8db1d01d4c31651f5f7c08d237c76c0291a35e262fc7c25670ac11166354841272e1277 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 1364c5f4df15266b68ec0c325029788f |
| SHA1 | bbe2b3a22cc157a97ebf3f1603bc04e9f7329cf0 |
| SHA256 | bf146ad8dc6d21b6f74303aa52c91907725b2b7d592b66ef22dd69af2888855b |
| SHA512 | aaf4da8d2c07ba5e2d7028f03534dcfc203abf49adf753082d6b8d69c371a4bf20563e7584e6c631ef07798c9a2f4fdd2748a55a66d2af6ba0dbeb3598677ec4 |
memory/2896-4800-0x000002500DBD0000-0x000002500E0E2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 970519704cb5eeb7ce8ab9284fa42c5b |
| SHA1 | d12c993c21c96deddd1f7c0d8eae99590bba3fc4 |
| SHA256 | dbcbdba7e77edc3b7122196cb24e9d862592ccd4b9a7bf9a22c02deaf8882327 |
| SHA512 | 0cbc405f5e50287df8b3adc8939a39bdbd08e18be7e86b77a0a6ae60b63abd9736a6f90923124e59554aaacab423f64884c062d39164a47547bcf2e2959d131a |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt11.tmf
| MD5 | d1397d8df68e08f9d3dd88dd282b0474 |
| SHA1 | 7ed459079568e8bc9c720e9e709d86c03cd19bed |
| SHA256 | f99410e2a7acb8feac86c8ec17d0cb6e811fe28492ee0605399e62f6a45fc423 |
| SHA512 | 47c173d5432f1c58a7757ad6d7b65034f06f89932161fa75899f92aa751e746ccdcace619a8d02a41235b7420ff4a9fd85a36a0cadd9ae469cf27b290e3c24a7 |
C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw
| MD5 | f9b9f65909ec0d8b6febcf59831c1ca9 |
| SHA1 | 15bcea8a4238fcda1fb06913dafbf0aeeb601376 |
| SHA256 | fab728205896e25bff24545b52b2cd2a93a059281b532d5500e9a9a3d2671bd9 |
| SHA512 | 06826657cc17a8acc24c4f249a551c07b235e5fe516f746cf825dabf52d1e5217e678ecb598081250c64098ca3b374e24fab068f12fb27e1eb31d9763d7e9d62 |
memory/2896-4868-0x000002500DBD0000-0x000002500E0E2000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | d56f4bcf24da59b030843c0d7b46ffeb |
| SHA1 | 8fbd9ca17f67b7f39bdb51ebfa98da04dbbee179 |
| SHA256 | f5841946c0a1e63968c7c5f69361f5e0e73ece361b71291e1b4315b802de07ea |
| SHA512 | 690ebaec4d424a12967cdcbe86ddb9c52702b0ebddc49873f3ce18bacbb23372f44ab2805a11465a02c240e9e57009a7f441fed0abfbdcb7becb6f82538b1419 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 3dda7654193d6c5fd7d1cdf1ab0def9d |
| SHA1 | 09d466ae71332b0cb00de9924cebee5494057e7c |
| SHA256 | 0e51a4e4ddc5e3730e09d79124bbea18b8e8e4ef492df1a67b402e2fe8266472 |
| SHA512 | 303967864286299cff663e7261985ecf6ab93747f3eea4113966384e245dd11a3d5500ea40d4110d7ca92841af177f639768d25daaebdaf059b178ead710a038 |
memory/2896-4909-0x000002500DBD0000-0x000002500E0E2000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e3cc7f066ddf8a6f9bbd629fe9c026cb |
| SHA1 | 2e57498d6b178189f4a8174efe3d4ff4ed1fcba8 |
| SHA256 | c56d404ca1d72ed9b5d7ef9a5f9025c5e3e5e7b2c38df6cd85700263bad2306b |
| SHA512 | 5b36bdac188e1cd36ed1daa111dc756d60c21811ece88d82a2059857e813178362678f3cd2104c40cff05d88e1db60abe82cb416d94a7068259c3a99d3ee3020 |
C:\Users\Admin\Downloads\Unconfirmed 826374.crdownload
| MD5 | 8f5a2b3154aba26acf5440fd3034326c |
| SHA1 | b4d508ee783dc1f1a2cf9147cc1e5729470e773b |
| SHA256 | fc7e799742a1c64361a8a9c3fecdf44f9db85f0bf57f4fb5712519d12ba4c5ac |
| SHA512 | 01c052c71a2f97daf76c91765e3ee6ec46ca7cb67b162c2fc668ef5ee35399622496c95568dedffbaf72524f70f6afcfe90f567fbb653a93d800664b046cd5f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b7e4db41ca7e7c572e6b687414d804dc |
| SHA1 | 274347476b305ead51fcec3d594ce52f08fdf453 |
| SHA256 | bbf38cbd40020693d20b6ed429be65a8619dd55c8f73c8ca8b19723c21f12242 |
| SHA512 | de6c8474020a887ac4bb8d33cd14f3d40d722f398c66eeb8c65ecdad40ac3e790be142ad9a67271bb891315cb591def4a3fe816b2144423bd5a318a5c6ae1dd6 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 8cc03fd79c2dfd8ad3301faff5c8c35e |
| SHA1 | 842ae74948e4f41fb21a22d0e9d534f93042ff5d |
| SHA256 | 3410aea9847cbf408e112534eb920587775c307ef9ba2d1e0e24affeba07aeaf |
| SHA512 | 20a62d8cd2813d520f16de5f1601325aad948292f9d6704eb446e02e3a9a0f91003803503c6ceeb0895f0600e3e5a4c6892634becf52da802e45194d0d3432b7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 56c73b649cbe73c9749e95a4936dc56e |
| SHA1 | 91cd9f85bb2b10c9c2a4c5fe0c8667f50a581808 |
| SHA256 | a2dbfbd7603286496f7dabdff187559ab2355e851fbcc510847a76e05a0a2da9 |
| SHA512 | 033de77ffc541040afd04a7b216ce7e2f88be9d39fee70c7519c7d1c891b3dd2f4cf373e536dd869a2478a6ffe49fbd91bc9ecae5b5bcfb2a68ffa7b31821ad5 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 5c4b6998682070ad73cd246eae251ccb |
| SHA1 | d4e3eef6332a6598e5d63741f3407574c7de5f5b |
| SHA256 | 54e0e90cc5cfef91ceab363c6cad54c7190cfbbecf6353181779938a3f8de8a1 |
| SHA512 | e1f844ecb631b628ff37068ef474b070e22c5be6453c77acde53e886b7e9109f22d09748a7902e64237f5cc9d05818080c0bb5697918235ea2d4ceefb68b8524 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | fdb91dee1943bc166c0e87c19b06463e |
| SHA1 | 0d4c56beabdbe70d2e1c224d4a9e346d6d0e5c24 |
| SHA256 | 4a71ca983c679b33c71cb24f0f98f1ae292dce5c3d63bb8b0d033d8ec4467f12 |
| SHA512 | bb8ba4307796b901c17a133773d0935800d6a96f47100d771ef2f5ca3747bb33700139fb861a35aa8dc5d884e488fd3a31cda9ef257c2bffa8ae77872979ffae |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | d7fccaaa00479d7c0d1924870213772a |
| SHA1 | 73db951f1309d0198d11eeae2d31adaf650e74ef |
| SHA256 | e7628ac2f2ec739f6ac7778aa8ecd9c174e3a3a2dbe8239f3ff6635bcd848e4a |
| SHA512 | ecc97ad624cccc47fcade65e332a4e3216d1777da01764749ff3cea9fe04bb0e6f28183aaba86454b52328f5c86be5c8b5b80ed81e015ced443e25be6e19809c |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | aeacebe867048692bf5e7b24cdf17eb6 |
| SHA1 | 263fbf61e0d8300a5654e182252c0faf777cf38e |
| SHA256 | 4af61e04b43ea41865b34574b5fc0f7c567ba6a07e2d87d751957d51908c80b6 |
| SHA512 | 99d9158ff34f2dd4cef313ee33aa840e0ddece1f3d1f5e3f5e416e90667c47980e049507ac2c0bb3f8eb8a44453b54aa47f6db4721531bd6cb2beae615becad9 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 067081f91568eb1344b29479215e06b2 |
| SHA1 | 96ddea28d9c521cf828816cf3e6109f17cad1d2a |
| SHA256 | 08788b3f6be493fe9cd9d50274886d4b17352428fcc3060ee821e4a688244721 |
| SHA512 | c01b3eb0db2d1c4d53f56cb3f551d26990825275dea7581b627f998aee487b833ab8c3d51617407f2ce1504197e8bd32f733bec5659100f0c0a344be079a1444 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | dc417423069f0476aa355d02531ecb00 |
| SHA1 | ff8ad6546c63b44e8874400ee8f293e89d599805 |
| SHA256 | f81b5d27c96703bdc4289daaf1cd6e505407d1b60c832efcd34d969c5128a361 |
| SHA512 | 850ed33ceddfc6ff1d960d3774d4b74fe69ca50bcb451b27db7295d86bd6a7f0c3cd46bbdaf5f4d5ce12f5019f45ad14c5d652b6a5da38e0245b1eb3c0cb7de2 |
C:\Users\Admin\Desktop\YOUDIED 5.txt
| MD5 | 05d30a59150a996af1258cdc6f388684 |
| SHA1 | c773b24888976c889284365dd0b584f003141f38 |
| SHA256 | c5e98b515636d1d7b2cd13326b70968b322469dbbe8c76fc7a84e236c1b579c9 |
| SHA512 | 2144cd74536bc663d6031d7c718db64fd246346750304a8ceef5b58cd135d6ea061c43c9150334ee292c7367ff4991b118080152b8ebc9c5630b6c5186872a3a |
memory/5800-5291-0x0000000000400000-0x00000000004D8000-memory.dmp
memory/2896-5292-0x000002500DBD0000-0x000002500E0E2000-memory.dmp
C:\Windows\System32\drivers\mbam.sys
| MD5 | 113e213914c40631aedef185984c5629 |
| SHA1 | 57bf886bfe1e4d765ea43e4c91709a5c4a9a024a |
| SHA256 | d314cea3ba19c49342763fca6b64a33f12d730a8fa531ed9f7e75675035ba004 |
| SHA512 | 76d7286963f28430d8a9bc3b59adf209b5fceb6a5248b7be54c60fff0b931ba2cf46a779f7e66008baa0853ad6ce55a4b9dd56e33574230d1e2588f7679630b8 |
memory/2896-5308-0x000002500DBD0000-0x000002500E0E2000-memory.dmp
memory/6808-5387-0x0000000000B90000-0x0000000001092000-memory.dmp
memory/6808-5391-0x0000000005A40000-0x0000000005AD2000-memory.dmp
memory/6808-5390-0x0000000005F50000-0x00000000064F6000-memory.dmp
memory/6808-5411-0x0000000005EB0000-0x0000000005EBA000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\version.dat
| MD5 | e4b84b68cc674253381e69aea3bca68c |
| SHA1 | 91e9ec37f5df0f79155d720ba73f8be86b41f1c4 |
| SHA256 | 773c32a02dc3fc913c3c5719cd8ed75343a287a9fddcf796348a39b4556a9c14 |
| SHA512 | 7b9ee3cc0b690dee1b081c5ad40f28705e8425136a2363cb2813f6bb140ae7be0ad2f167955a5ed18739e92def92048a1065b397c39b6b8a8538c2db94a0adc8 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 754ae1447732d82634f330f9a3b00fee |
| SHA1 | 32781251be9a455ef0aa24fadf74d539e24e7ae0 |
| SHA256 | 47db7c0baafbf3ffbddf782e00d0a1518f04b1d7f953007c077793fca1365c10 |
| SHA512 | ae2079271a35295d5a05beaa15cf6bd7aa9dce2cfe05391ee993d810060e638eee8bcc25b927cd4401c0ac8ded7669f5e8682a8594a6b059c535e905a0f01f97 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll
| MD5 | 99c8e47d747b36be8ffcfdd29b80dc3d |
| SHA1 | 9b8e87563fee31abf90bded22241f444b947b071 |
| SHA256 | 0db4dcdf3fbeef2c4d18555f479a28dde3d67ee6f0d27c18925207142b7a38f7 |
| SHA512 | f9cf4ec06585c6cde57011884141782bde83adf186f57f75576c8dade1e868d6b886daf8fa15c55ac908ff995c4b6323c3a8266dbd664b807cd67cf788f7074e |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\21EA03E12A6F9D076B6BC3318EA9363E_6EF0095DA824AE045AE9FC5B645DF095
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D31.tmp
| MD5 | 699dd61122d91e80abdfcc396ce0ec10 |
| SHA1 | 7b23a6562e78e1d4be2a16fc7044bdcea724855e |
| SHA256 | f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1 |
| SHA512 | 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | e55c4a9a0feeb25495646eedee3903ff |
| SHA1 | b836d8fbfc6a84ce37115a61f747d298a52372e6 |
| SHA256 | 1403e7e5644f0b28b72f22dffeed56f273aa8a179ff2043074c0d5089f01d8f3 |
| SHA512 | 396f9396d0ca5ddf2e4bf892984725a17af7b8b254d35a7a3b22f064d6682f144223fca60c86682eecc98eed2a522b36ba21bf5c445b7aa534600d1847060ecc |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D39.tmp
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D43.tmp
| MD5 | 804b9539f7be4ece92993dc95c8486f5 |
| SHA1 | ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c |
| SHA256 | 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b |
| SHA512 | 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D54.tmp
| MD5 | 3b337c2d41069b0a1e43e30f891c3813 |
| SHA1 | ebee2827b5cb153cbbb51c9718da1549fa80fc5c |
| SHA256 | c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7 |
| SHA512 | fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D5F.tmp
| MD5 | b5d0f85e7c820db76ef2f4535552f03c |
| SHA1 | 91eff42f542175a41549bc966e9b249b65743951 |
| SHA256 | 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c |
| SHA512 | 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9150cef0c6b6755ca8c8f0e2cd851653 |
| SHA1 | 0d15a4f7f1ba345ce3dcf383fb35398e2fa23f50 |
| SHA256 | a6f71ef17d764cefe77bfb7a0dff788714ec440d1513c73b19f8ad82ecd719ec |
| SHA512 | 7c495748b8f9437d91f3718851cd8464666f377cd6d95b934eba9eed5a25cb751dab7fc087f089093241c59bc577507da32e31c7c2aff71d3572d5d2712a84d7 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | a359564086821964d8a8a5eca5423e3b |
| SHA1 | 79c6627ea6da31b79e6b40b467f7ef398accf335 |
| SHA256 | 011513d9b1d009b9a248365caa280671cf8b313f1e534a2fc997364e7e00a23c |
| SHA512 | 6cc5ca8d0d5d89e0aea93223875efb9b9857ea4966b27bf086bb149534f92675d60bcd0cf83ca420d71c0176b87a432eb64bdd54e2a5469c1ddd784abc3dd675 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json.bak
| MD5 | 823ecbe4cbabf32514cca45a9832434f |
| SHA1 | 3611f290674bbff842ddee8d2fd3e52e1513179d |
| SHA256 | f1aa25178ee19b9101c5239e017352b3591c1ea03b415f0254df8f97c858bd34 |
| SHA512 | 6e3d3d63ac699352f81caf4879a6c5d598346311f469ef53e502a8aa2ea300db8b33a1b468ceddab3b78ad59ba6e83a58d76c049893d963725d33c6188b99ff5 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA3.tmp
| MD5 | 54dde63178e5f043852e1c1b5cde0c4b |
| SHA1 | a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd |
| SHA256 | f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d |
| SHA512 | 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA9.tmp
| MD5 | 607039b9e741f29a5996d255ae7ea39f |
| SHA1 | 9ea6ef007bee59e05dd9dd994da2a56a8675a021 |
| SHA256 | be81804da3077e93880b506e3f3061403ce6bf9ce50b9c0fcc63bb50b4352369 |
| SHA512 | 0766c98228f6ccc907674e3b9cebe64eee234138b8d3f00848433388ad609fa38d17a961227e683e92241b163aa30cf06708a458f2bc4d3704d5aa7a7182ca50 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 1bbc6777ee30221caa227ea3358ce623 |
| SHA1 | 9275a936ac3620a81777c4f2b4a2005d09ce6570 |
| SHA256 | 155b0c61076e355252ea33cdfa7965bcfb126530c42f79087a1f7744b6937bc5 |
| SHA512 | 7f00689ed2e7799b2db76b2707f714246768efd9ba1bfa8b85172fdd4d5d22769218013b51a8a18dfb42c188a58d54badf1d84b33be37bb3fe956984f297a842 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 97ebf6967d89a8a87be97973ac47e09e |
| SHA1 | 0a91c7eb222a4355f770aeac6a4afdd92a7f54f0 |
| SHA256 | ff6adb7514f64f12c9178ab16a9ec04a7e6adc7660b634cfd9424bfd1c3ccbdf |
| SHA512 | 2d93bcd566eb3cec01768f80fe7fac3c3c838391ab0d925759436920062d49827f2dbf755f87932f3aba677e47d939f78763b4191aaa99f529fe4272b08fc47b |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | f35f5ee78f8759875dce56f120722ff1 |
| SHA1 | 6fac039ffcaae716041c4ee532a07c3eb4740ba9 |
| SHA256 | cfebf1e31270969264ef9156129d9e486dab13792373d0c8f615b3c099df9d9b |
| SHA512 | ca683762971032e140c290c58acd8134c01619ba047b17f3d6d1f0d0f1588158bbe49a83159d51aecd6a92bd469d7b39f3efeb31ece4d925b6f34f030de9d405 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | a4679c6d69d58f5b6bfd31ea7dd73f11 |
| SHA1 | c7596e831147ad554a257d3d997a5046d10dec90 |
| SHA256 | b20418261047c6f0bcbe109072444868e0dea619ed07aad06ff97d426ecfc8c1 |
| SHA512 | ad4e2298b4e4b967bb8120bd2accfe297e1b684ec74c598a3b4e44328a01a744a3973285424763ddc3118658100364208278cd53f500c5c91a20044e9e357372 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | bf6f2a8944ae7d103de642b7b12408fd |
| SHA1 | 80b38e6040a42ae6bf6bb637bcac81c743da3117 |
| SHA256 | 6cf7221f62015a16697062800108319d30af28c69208a9d8d8294b6a762b3b7a |
| SHA512 | b6e9bb7ac33e133c3af1193cc8b39a787de50d226b824ba373084b62f8a4b212919b980dcc51b8b620c495b751b5631baae7888c41efc60072838025582e7be0 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 8549946c6dcb45ae89f29fb57ae485d1 |
| SHA1 | 3b80208689a14c9d79519b9edbdb35207cef15da |
| SHA256 | 7eb70e895fb0b6787236f575ca098f1912a3f0828454f88c4f0e1559bb14b6bf |
| SHA512 | 13597b0322c5321f4ae73063001434493a632e7aa16cf1766651d1edd8e55a5a9e9efdb94cc08569d8206b5d8a7a8091ea2cfcfc788db0c9ce2d566d9a121714 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 8bb396d9655dd1b4cd047e570a79ce67 |
| SHA1 | cf76340debdcc9d42d99660dd60d9d36edfc66b4 |
| SHA256 | 9df17b2992973be7eda434bb1d8fb37844913a81c6a55fb56f3c7fd700f8ab5b |
| SHA512 | f2e37d8ff988a12c703b2fe62b97a2d84715a3c82a2c78d3af92ba10ff9d4555b1213acd356076b79cf13ff357c6faf114e8834a5e8b826780bf8e15fd27d0ca |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 38eded8224f6bd0a7895ea9bbdaec986 |
| SHA1 | 883dea26e23293aa5011de785f3487687595496f |
| SHA256 | 86773baefe680f3dd39ba2a56ba5a5bae039cd83b064784123d06b62a2e87cf4 |
| SHA512 | 097bea5c2396cf5a212580bba918b88fae2c52208c7bd290916a2936f5f553e3ba0b7d33aff4a1cd26f4b8e427cacbc454b04514482ec00d802932ab487b4d49 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 4d9e6fbd8e315705949f715af64aebfc |
| SHA1 | 5cf5f76697b85d0a90f8edb1804aa6a02e943b07 |
| SHA256 | 501f768cb9f657ee3ec5cc860c8dd0fe10ffa5b68783ce78cb489b6e474a3ba5 |
| SHA512 | 8a21893243682ee7ce3996ed39a95c5c60a2555454a8e28a90ff1d1b3531e8df406ae36426006a861ffd941082c7b69fc0b76f7ad629f0c11bd1ea4156edca85 |
memory/2896-5882-0x000002500DBD0000-0x000002500E0E2000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 29fd2e24e88ad6b3e88b1f978118981a |
| SHA1 | 8d816fb6416a85ab5c4ef0982811c77f57f19803 |
| SHA256 | 109f4e3950760f8eb956dcb111e390c96edbd53a43ee173d2b9f7825243437e5 |
| SHA512 | d80094b55197629c9d187eb770a0f10c919e2fcfd4720f834efb3d888a904931f543741806bcb8ca98f28fd97268a869035ec72f3ad8ba27c86056878967d58a |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 6e75f9cef628d969f5a380f4eb5da3f8 |
| SHA1 | a83d9f4183e2cf7385b76f9bc2ee65e6e0044805 |
| SHA256 | 9f60d63e76de7d68e72d5a782deaefc31e07bcec1589d47c798b226269270fdd |
| SHA512 | 6b2dab80442856422773e25ac868c520520ba51760d8606f5fbcefa266156dfb27a4e28853f40fd68e9835cb229a3f181edd50a18bb90827f55278c92201641d |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\5cca5924-1825-11ef-8cca-f684ddebc7df.json
| MD5 | 49e7cb7baf56dcb46ad53e789e2321a1 |
| SHA1 | 269219e2c243fa7e4764cbe32b3ba35a03a66d3a |
| SHA256 | fe627c8a1882a76ee39c20f6dbf30df6033f496b9983f7259b282573931621bb |
| SHA512 | 7ad3864ae9d9a1f8bc0f00b19b1e781f922a9ee2a05241b4c616fc14bdf33190cf0e9a6e3fc6d1af249de3fadef66875b4d6dc2ea5d8daa7c707ccb8c8ac6bdf |