Malware Analysis Report

2024-10-10 12:03

Sample ID 240610-dr6llaca75
Target MBSetup (1).exe
SHA256 b9ee60f31be0b7dc3f814c8abbc7caacb6a3e1dc7eb1504b8e831dd42277f8d8
Tags
risepro discovery persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b9ee60f31be0b7dc3f814c8abbc7caacb6a3e1dc7eb1504b8e831dd42277f8d8

Threat Level: Known bad

The file MBSetup (1).exe was found to be: Known bad.

Malicious Activity Summary

risepro discovery persistence spyware stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Risepro family

Modifies RDP port number used by Windows

Drops file in Drivers directory

Sets service image path in registry

Reads user/profile data of web browsers

Checks BIOS information in registry

Downloads MZ/PE file

Enumerates connected drives

Drops file in System32 directory

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

Loads dropped DLL

Drops file in Program Files directory

Registers COM server for autorun

Drops file in Windows directory

Enumerates physical storage devices

Script User-Agent

Suspicious use of WriteProcessMemory

Checks processor information in registry

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies system certificate store

Delays execution with timeout.exe

Uses Task Scheduler COM API

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious behavior: LoadsDriver

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 03:15

Signatures

Risepro family

risepro

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 03:15

Reported

2024-06-10 03:24

Platform

win7-20231129-en

Max time kernel

1s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe"

Signatures

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A

Checks installed software on the system

discovery

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe

"C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 api2.amplitude.com udp
US 54.69.238.4:443 api2.amplitude.com tcp
US 8.8.8.8:53 www.microsoft.com udp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarB1D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

memory/2360-42-0x00000000002F0000-0x00000000002F1000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-10 03:15

Reported

2024-06-10 03:33

Platform

win10v2004-20240226-en

Max time kernel

638s

Max time network

649s

Command Line

C:\Windows\Explorer.EXE

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 2548 created 3336 N/A C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe C:\Windows\Explorer.EXE

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies RDP port number used by Windows

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Reads user/profile data of web browsers

spyware stealer

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9eb96a88-2d2f-8042-a7e2-9548098b0fae}\mbtun.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\rpcrt4.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{9eb96a88-2d2f-8042-a7e2-9548098b0fae}\SET5C5A.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{9eb96a88-2d2f-8042-a7e2-9548098b0fae}\SET5C6B.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\kernel32.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{9eb96a88-2d2f-8042-a7e2-9548098b0fae}\SET5C6A.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_be4ba6237d385e2e\netrndis.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9eb96a88-2d2f-8042-a7e2-9548098b0fae}\SET5C6B.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9eb96a88-2d2f-8042-a7e2-9548098b0fae} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9eb96a88-2d2f-8042-a7e2-9548098b0fae}\SET5C6A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\Amsi.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\System32\wbemprox.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{9eb96a88-2d2f-8042-a7e2-9548098b0fae}\mbtun.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\ntdll.pdb C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Malwarebytes\Logs\MBAMSI.alt2.log C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_895623810c19146a\nete1e3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\hostpolicy.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.DataSetExtensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Design.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.DependencyInjection.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.EntityFrameworkCore.Sqlite.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Pipes.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemCore.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\System.Xaml.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.CompilerServices.Unsafe.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Services.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Data.Common.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_mbtun.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.provider.e_sqlite3.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_wireguard.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\System.DirectoryServices.AccountManagement.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\VPNControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.cat C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.UICommon.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Globalization.Extensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Quic.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.VisualBasic.Forms.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBAMCrashHandler.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-string-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Emit.Lightweight.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\8d5b3c19-582f-448f-8246-9f0e4e21e3d3 C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-memory-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-conio-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\e_sqlcipher.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\Microsoft.Win32.SystemEvents.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\UIAutomationClient.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ = "C:\\PROGRAM FILES\\MALWAREBYTES\\ANTI-MALWARE\\mbamsi64.dll" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ThreadingModel = "Both" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A574BA8-3535-41F9-AB73-FA93F8A7DC3B}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D8258E71-3A7A-4D9D-85BB-C7999F95B7E4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\ProgID\ = "MB.TelemetryController.1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{44AC1571-055F-4CC8-B7D8-EA022C4CC112}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A574BA8-3535-41F9-AB73-FA93F8A7DC3B}\ = "IRTPControllerV5" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E3F70EF-D9BE-485F-A6F5-816DD0EDC757}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}\1.0\0\win64 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B42C0E8E-5C9D-46B7-AAED-2294C6566DC0}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\Programmable C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\ = "ILogControllerEvents" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44ACF635-5275-4730-95E5-03E4D192D8C8}\ = "ILicenseControllerV8" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\ = "CustomScanParameters Class" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA248A19-F84E-4407-ADD3-8563AFD81269}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2F14F58B-B908-4644-830F-5ACF8542D27F}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED06E075-D1FD-4635-BA17-2F6D6BB0DFD6}\TypeLib\ = "{EEC295FA-EC51-4055-BC47-022FC0FC122F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}\1.0\HELPDIR C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}\1.0\FLAGS\ = "0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{23416CFE-018D-418E-8CE9-5729D070CCED}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{76AD4430-9C5C-4FC2-A15F-4E16ACD735AC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AA226B90-F6FF-4618-8AE6-1114E82CB162}\ = "_IScanControllerEventsV14" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B1BDE8B0-F598-4334-9991-ECC7442EEAA6}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A9AE95CF-6463-415A-94AC-F895D0962D30}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CE94D34-A1E4-4FA8-BEDC-6A32683B85F5}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E0F1EE6-E7CA-4BEE-8C08-0959842DA615}\ = "IMBAMServiceControllerV7" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F656FD9-2597-4587-8F05-781C11710867}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3F656FD9-2597-4587-8F05-781C11710867}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F641DDA1-271F-47C7-90C2-4327665959DF}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6724C143-DE69-4A93-80ED-19B75DD2AA99}\ = "IMWACControllerEventsV9" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDCB7916-7DE8-44C8-BAF6-F1BBB3268456}\ = "IPoliciesControllerV8" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5250E5C8-A09C-4F87-A0DA-A46A62A0EACF}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{32DF4C97-FE35-41AA-B18F-583AA53723A3}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3249828-A4B2-4146-A323-EA5FD2F2FC75}\ = "IUpdateControllerV13" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6CE18DD5-2BD7-4844-B9AD-DF6A995750A1} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\VersionIndependentProgID\ = "MB.VPNController" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68E3012A-E3EC-4D66-9132-4E412F487165}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DF39921A-6060-472F-A358-1CE8D2F8779C}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55D0C28B-2BF3-4230-B48D-DB2C2D7BF6F8}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC60FEE4-E373-4962-B548-BA2E06119D54}\ = "IScanControllerEventsV9" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DD67766C-A28D-44F3-A5D0-962965510B2D}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6C1047E9-9ADC-4F8A-8594-036375F53103}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD9CB7A5-5C46-4799-A3A4-20FB128E58F1} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E0F1EE6-E7CA-4BEE-8C08-0959842DA615}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{571FB9A8-E53B-4740-B125-082207566E5F}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{778103CC-4FA4-42AC-8981-D6F11ACC6B7F} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2E423AF9-25D2-451E-8D81-08D44F63D83F}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0EB1521-C843-47D5-88D2-5449A2F5F40B}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D10B0F61-43AA-40F4-9C6C-57D29CA8544E}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController.1\ = "MBAMServiceController Class" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB30855D-36DF-41BD-9EEE-03BA7E8E70B7}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A0A45F1-CFB6-49A7-BBC4-8776F94857A8} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7AEBAD20-B80A-427D-B7D5-D2983291132E}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{834906DC-FA0F-4F61-BC62-24B0BEB3769C}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C4652FC-FA35-4394-A133-F68409776465}\TypeLib\ = "{6C5B978B-68C9-45C7-9D6E-0BA57A3C7EB2}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A10434E2-CAA7-48C4-9770-E9F215C51ECC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAB53395-8218-47FF-91B7-144994C0AD83}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{50538523-AA2F-40D3-9B58-DB51D5BD3D4A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B32065E5-189E-4C5F-AA59-32A158BAF5B7}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0400000001000000100000001bfe69d191b71933a372a80fe155e5b50f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e190000000100000010000000ea6089055218053dd01e37e1d806eedf2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 0f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd979625483090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd21400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb1d0000000100000010000000885010358d29a38f059b028559c95f900b00000001000000100000005300650063007400690067006f0000000300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e2000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254832000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E\Blob = 5c000000010000000400000000100000190000000100000010000000ea6089055218053dd01e37e1d806eedf0300000001000000140000002b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e0b00000001000000100000005300650063007400690067006f0000001d0000000100000010000000885010358d29a38f059b028559c95f901400000001000000140000005379bf5aaa2b4acf5480e1d89bc09df2b20366cb620000000100000020000000e793c9b02fd8aa13e21c31228accb08119643b749c898964b1746d46c3d4cbd253000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000003000000066b764a96581128168cf208e374dda479d54e311f32457f4aee0dbd2a6c8d171d531289e1cd22bfdbbd4cfd9796254830400000001000000100000001bfe69d191b71933a372a80fe155e5b52000000001000000e2050000308205de308203c6a003020102021001fd6d30fca3ca51a81bbc640e35032d300d06092a864886f70d01010c0500308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f72697479301e170d3130303230313030303030305a170d3338303131383233353935395a308188310b3009060355040613025553311330110603550408130a4e6577204a6572736579311430120603550407130b4a65727365792043697479311e301c060355040a131554686520555345525452555354204e6574776f726b312e302c06035504031325555345525472757374205253412043657274696669636174696f6e20417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a028202010080126517360ec3db08b3d0ac570d76edcd27d34cad508361e2aa204d092d6409dcce899fcc3da9ecf6cfc1dcf1d3b1d67b3728112b47da39c6bc3a19b45fa6bd7d9da36342b676f2a93b2b91f8e26fd0ec162090093ee2e874c918b491d46264db7fa306f188186a90223cbcfe13f087147bf6e41f8ed4e451c61167460851cb8614543fbc33fe7e6c9cff169d18bd518e35a6a766c87267db2166b1d49b7803c0503ae8ccf0dcbc9e4cfeaf0596351f575ab7ffcef93db72cb6f654ddc8e7123a4dae4c8ab75c9ab4b7203dca7f2234ae7e3b68660144e7014e46539b3360f794be5337907343f332c353efdbaafe744e69c76b8c6093dec4c70cdfe132aecc933b517895678bee3d56fe0cd0690f1b0ff325266b336df76e47fa7343e57e0ea566b1297c3284635589c40dc19354301913acd37d37a7eb5d3a6c355cdb41d712daa9490bdfd8808a0993628eb566cf2588cd84b8b13fa4390fd9029eeb124c957cf36b05a95e1683ccb867e2e8139dcc5b82d34cb3ed5bffdee573ac233b2d00bf3555740949d849581a7f9236e651920ef3267d1c4d17bcc9ec4326d0bf415f40a94444f499e757879e501f5754a83efd74632fb1506509e658422e431a4cb4f0254759fa041e93d426464a5081b2debe78b7fc6715e1c957841e0f63d6e962bad65f552eea5cc62808042539b80e2ba9f24c971c073f0d52f5edef2f820f0203010001a3423040301d0603551d0e041604145379bf5aaa2b4acf5480e1d89bc09df2b20366cb300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff300d06092a864886f70d01010c050003820201005cd47c0dcff7017d4199650c73c5529fcbf8cf99067f1bda43159f9e0255579614f1523c27879428ed1f3a0137a276fc5350c0849bc66b4eba8c214fa28e556291f36915d8bc88e3c4aa0bfdefa8e94b552a06206d55782919ee5f305c4b241155ff249a6e5e2a2bee0b4d9f7ff70138941495430709fb60a9ee1cab128ca09a5ea7986a596d8b3f08fbc8d145af18156490120f73282ec5e2244efc58ecf0f445fe22b3eb2f8ed2d9456105c1976fa876728f8b8c36afbf0d05ce718de6a66f1f6ca67162c5d8d083720cf16711890c9c134c7234dfbcd571dfaa71dde1b96c8c3c125d65dabd5712b6436bffe5de4d661151cf99aeec17b6e871918cde49fedd3571a21527941ccf61e326bb6fa36725215de6dd1d0b2e681b3b82afec836785d4985174b1b9998089ff7f78195c794a602e9240ae4c372a2cc9c762c80e5df7365bcae0252501b4dd1a079c77003fd0dcd5ec3dd4fabb3fcc85d66f7fa92ddfb902f7f5979ab535dac367b0874aa9289e238eff5c276be1b04ff307ee002ed45987cb524195eaf447d7ee6441557c8d590295dd629dc2b9ee5a287484a59bb790c70c07dff589367432d628c1b0b00be09c4cc31cd6fce369b54746812fa282abd3634470c48dff2d33baad8f7bb57088ae3e19cf4028d8fcc890bb5d9922f552e658c51f883143ee881dd7c68e3c436a1da718de7d3d16f162f9ca90a8fd C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: 33 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: 33 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3956 wrote to memory of 3480 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
PID 3956 wrote to memory of 3480 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
PID 2100 wrote to memory of 1140 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 2100 wrote to memory of 1140 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 3956 wrote to memory of 968 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
PID 3956 wrote to memory of 968 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
PID 2432 wrote to memory of 4508 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
PID 2432 wrote to memory of 4508 N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
PID 2548 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe C:\Windows\SysWOW64\cmd.exe
PID 2548 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe C:\Windows\SysWOW64\cmd.exe
PID 2548 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe C:\Windows\SysWOW64\cmd.exe
PID 3244 wrote to memory of 1436 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3244 wrote to memory of 1436 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3244 wrote to memory of 1436 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\timeout.exe
PID 3244 wrote to memory of 3652 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3244 wrote to memory of 3652 N/A C:\Windows\SysWOW64\cmd.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3652 wrote to memory of 4276 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 4656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 4656 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4276 wrote to memory of 1696 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe

"C:\Users\Admin\AppData\Local\Temp\MBSetup (1).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4048 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000154" "Service-0x0-3e7$\Default" "0000000000000148" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5020 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4308 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=1020 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5400 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\Admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"

C:\Windows\SysWOW64\timeout.exe

timeout /t 1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3440 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\Admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\Admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.0.1332608539\1602719050" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93c106a8-76eb-4684-ba49-cb7c3cde2ab4} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 1828 1178dcb9158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.1.488700337\866435603" -parentBuildID 20221007134813 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4c530ed-ca79-4f06-8557-cd296935fc48} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 2312 1178dbe6558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.2.814612517\935001379" -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 3124 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58c54609-cd1c-45f1-84bb-7dc4e07a5cd3} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 3140 1178dc61958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.3.754192362\185166836" -childID 2 -isForBrowser -prefsHandle 3068 -prefMapHandle 3148 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e36846d5-16f2-4cef-a196-cf15c645118d} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 3548 11795483258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.4.1476768413\2095204527" -childID 3 -isForBrowser -prefsHandle 4864 -prefMapHandle 4908 -prefsLen 26286 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23cadbe2-ed65-48d6-a217-04b2ee0eb7c7} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 4904 11782265358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.5.1159033193\528635596" -childID 4 -isForBrowser -prefsHandle 5056 -prefMapHandle 5040 -prefsLen 26286 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b781da2e-2478-4e6a-adc7-7acea1c237da} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 4912 11792ff2558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.6.354831664\1447480863" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26286 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bc6b2f6-8b56-45b1-a587-e377b35bed18} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 5304 11793550558 tab

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe

"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5804 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://links.malwarebytes.com/link/pricing-inapp?version=5.1.5.116&x-prodcode=MBAM-C&x-token_secret=0RJqCl-jr1uEbqGi4UPgLl05A4q6PxvRZV3o-90KR4iZkcYWbcpkMOcR2QQ9iH7JJBFOqNGNGidkJ6tJlK9L00sJlOu_H6h_ZIEIhPTPoEr5m8eOrLGRXCZpED5QoUGv&ADDITIONAL_machineid=18e531be88f745adecc4af1492e653d803938bc1&days_since_install=0&varID=mb5-onboarding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=3468 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=4292 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1600 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5500 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5844 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4308 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2f0,0x7ffa2d402e98,0x7ffa2d402ea4,0x7ffa2d402eb0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2096 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2292 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2468 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4088 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4440 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe

ig.exe secure

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://my.malwarebytes.com/registration

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4716 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4784 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5216 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5284 --field-trial-handle=2100,i,13717100392841679177,6881025597311502987,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 34.211.62.14:443 api2.amplitude.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.62.211.34.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 44.213.166.254:443 ark.mwbsys.com tcp
US 8.8.8.8:53 254.166.213.44.in-addr.arpa udp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.87:443 cdn.mwbsys.com tcp
US 44.213.166.254:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.87:443 cdn.mwbsys.com tcp
FR 99.86.91.41:443 cdn.mwbsys.com tcp
FR 99.86.91.87:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
US 44.194.75.48:443 holocron.mwbsys.com tcp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 44.194.75.48:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 48.75.194.44.in-addr.arpa udp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 44.194.75.48:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
FR 172.217.20.195:443 update.googleapis.com tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 195.20.217.172.in-addr.arpa udp
FR 172.217.20.195:443 update.googleapis.com udp
US 8.8.8.8:53 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com udp
US 8.8.8.8:53 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com udp
US 2.17.251.17:80 msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com tcp
US 8.8.8.8:53 17.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 udp
US 44.213.166.254:443 tcp
FR 99.86.91.87:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.148.221.168:443 api2.amplitude.com tcp
US 8.8.8.8:53 168.221.148.54.in-addr.arpa udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.117.188.166:443 contile.services.mozilla.com tcp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 34.149.100.209:443 firefox.settings.services.mozilla.com tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 contile.services.mozilla.com udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 52.42.69.239:443 shavar.services.mozilla.com tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 8.8.8.8:53 udp
US 34.117.188.166:443 contile.services.mozilla.com udp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 239.69.42.52.in-addr.arpa udp
US 8.8.8.8:53 udp
FR 99.86.91.87:443 tcp
US 44.213.166.254:443 tcp
US 44.194.75.48:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 18.211.79.36:443 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 iris.mwbsys.com udp
US 52.4.144.178:443 iris.mwbsys.com tcp
US 8.8.8.8:53 178.144.4.52.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 35.164.97.135:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 135.97.164.35.in-addr.arpa udp
US 18.211.79.36:443 ark.mwbsys.com tcp
US 8.8.8.8:53 udp
N/A 127.0.0.1:53763 tcp
N/A 127.0.0.1:53778 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 3.213.125.4:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
FR 99.86.91.10:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
US 8.8.8.8:53 4.125.213.3.in-addr.arpa udp
US 8.8.8.8:53 10.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 156.33.209.4.in-addr.arpa udp
US 8.8.8.8:53 28.190.21.2.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 153.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 119.110.54.20.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 248.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 api2.amplitude.com udp
US 44.239.84.166:443 api2.amplitude.com tcp
US 8.8.8.8:53 166.84.239.44.in-addr.arpa udp
US 8.8.8.8:53 links.malwarebytes.com udp
US 8.8.8.8:53 links.malwarebytes.com udp
US 8.8.8.8:53 links.malwarebytes.com udp
US 3.165.136.73:443 links.malwarebytes.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 73.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 233.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 67.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 42.215.58.216.in-addr.arpa udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 52.6.22.190:443 genesis.malwarebytes.com tcp
GB 143.244.38.136:443 plausible.io udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 190.22.6.52.in-addr.arpa udp
US 8.8.8.8:53 www.upsellit.com udp
US 8.8.8.8:53 www.upsellit.com udp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 munchkin.marketo.net udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 bat.bing.com udp
US 204.79.197.237:443 bat.bing.com tcp
US 2.17.251.40:443 snap.licdn.com tcp
CZ 104.64.124.188:443 munchkin.marketo.net tcp
US 34.117.39.58:443 www.upsellit.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 analytics.google.com udp
US 216.239.38.181:443 analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
BE 74.125.71.157:443 stats.g.doubleclick.net tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
FR 172.217.20.162:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 238.75.250.142.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 58.39.117.34.in-addr.arpa udp
US 8.8.8.8:53 188.124.64.104.in-addr.arpa udp
US 8.8.8.8:53 40.251.17.2.in-addr.arpa udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 181.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.71.125.74.in-addr.arpa udp
US 8.8.8.8:53 66.214.58.216.in-addr.arpa udp
FR 172.217.20.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 805-usg-300.mktoresp.com udp
US 8.8.8.8:53 805-usg-300.mktoresp.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 www.linkedin.com udp
US 8.8.8.8:53 www.linkedin.com udp
US 172.64.146.215:443 www.linkedin.com tcp
US 192.28.144.124:443 805-usg-300.mktoresp.com tcp
US 8.8.8.8:53 r3.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 r3.visualwebsiteoptimizer.com udp
US 35.194.81.74:443 r3.visualwebsiteoptimizer.com tcp
US 34.117.39.58:443 www.upsellit.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 196.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 215.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 124.144.28.192.in-addr.arpa udp
US 8.8.8.8:53 74.81.194.35.in-addr.arpa udp
US 216.239.38.181:443 analytics.google.com udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.182.143.212:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 44.194.75.48:443 holocron.mwbsys.com tcp
NL 23.62.61.97:443 www.bing.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge.microsoft.com udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 3.213.125.4:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 crl.comodoca.com udp
US 104.18.38.233:80 crl.comodoca.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:80 www.microsoft.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 my.malwarebytes.com udp
US 8.8.8.8:53 my.malwarebytes.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
FR 18.244.28.109:443 my.malwarebytes.com tcp
US 8.8.8.8:53 my.malwarebytes.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 109.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp

Files

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

MD5 a545b29abb9db951e9e2508a1bbc8d2a
SHA1 061494912b29c965638263b7321a54b9e0399417
SHA256 7607ca2abc8f5dfe7a100ccf73d885375ec599b0648ebd964ffb8bff39c821df
SHA512 e7e33f5e49570ea74d427e12c049a7f0f89f7e4d3c7c511f59170cfb166bb5dd49ebfaa5a968dfdc15758f3177d7d39beebce26e593629aa0eac630748b403f1

C:\Windows\Temp\MBInstallTempe02577d126d811ef8b33d6c6679d10a6\7z.dll

MD5 a144e24209683e3cba6e29dab5764162
SHA1 ab2112cce717bec8f5667721a072d790484095ec
SHA256 b2ff9dbf90cbd0c45cd7d95ce4892377ec7e92970e05f2e56b0ce93861190348
SHA512 2c823981b53b7eb7c1b726468d3b28c234c7e555aab35e759e88d38658566d267a20867f1cb18d96c830e7d53643629a9fa313eecee8b553703086fbb64cc984

C:\Windows\Temp\MBInstallTempe02577d126d811ef8b33d6c6679d10a6\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll

MD5 3143ffcfcc9818e0cd47cb9a980d2169
SHA1 72f1932fda377d3d71cb10f314fd946fab2ea77a
SHA256 b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7
SHA512 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

C:\Windows\Temp\MBInstallTempe02577d126d811ef8b33d6c6679d10a6\servicepkg\MBAMService.exe

MD5 2a04ba83060427c8dab782517a07e01b
SHA1 f4573f20473db0ab32c3348e536e2287151c4c4f
SHA256 569379dfd0bac0b2ef4408c2786c982a9b4bf5bcf530518564ec7db1af764295
SHA512 749e66f94cb516fd98b2acd9219a2adfeba49729510b255ecabb5f1610f75eff214d361a4fbb2e2efb59a0eff25b9d49b8758b6e0c4592e5713e59df6a194ebd

C:\Windows\Temp\MBInstallTempe02577d126d811ef8b33d6c6679d10a6\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTempe02577d126d811ef8b33d6c6679d10a6\dbclspkg\MBAMCoreV5.dll

MD5 9bbcbee54b8adda7eb979322ee9c803a
SHA1 82d1c65ae32210b6ec3df6c2dc5a395ea6b7a9ac
SHA256 fe5c67c1e19c1137a4d4b3928d8b37db1845ac6d4b3f13d7b4d4bf4b325e331a
SHA512 fc0637f2f55698775840720480bc65fd40911913a509f0fe70cd2653aa2bdfb0605e4db24283da56a83ed7d74eb5837d2eab876c3025a94606bdfa6715ce19d9

C:\Windows\Temp\MBInstallTempe02577d126d811ef8b33d6c6679d10a6\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Windows\Temp\MBInstallTempe02577d126d811ef8b33d6c6679d10a6\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTempe02577d126d811ef8b33d6c6679d10a6\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

MD5 5e0e2d584de048ec8e1d96a8402b9074
SHA1 bc939970e17845f19b5487ebc0f1962aa4f5a756
SHA256 2b7b5bc2a6db622fd284281cd712081dc0a8c2650ac55133a96d2a719306f41a
SHA512 8481bc8a5a7188e3d242f426d9daee162ed372101327ef6c452bdabb64cc3b5c38814715705d8341303a3ae1b377e6a0c77b8e0d7258376f563af8f9d21131f9

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 23f1360ae0e948d300f0f62b53200093
SHA1 e44fd6f0248e0a02525ee67664d83b535d9cb7d3
SHA256 40dfe0689b744e0812ce857f7221ff85431ca37315d9b4f75ca40892af5870da
SHA512 6e34d2546626736aa26b369a86745bdb9816138244fba3d5b5e29de4585cf4e66d52c35b5c5a577f252b62a137e340dd9de36c08a06f5395baec5a726ffb5222

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 7f0ac115d34db24927ad71f77412a171
SHA1 6ba631008cb4ac76d6a59b83630d08e0f7eda6e7
SHA256 8ebe68a5e88f08f98fb9825c9f55302d0452c45294c5ea89fe3882503f6b01c0
SHA512 0ee0e5e0fae00ba3195b07c5b3a7fb68e8163f9e5e0e708da8ae9d4dec43529242801f733d58b4a4b74945ff93b9a1a92d912055953b46236cd4d5deef597086

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 dbee8e7bbcba63adfa242c00f228afb0
SHA1 6aae8d9e4053cb52a2f1b6847e65ec6335dbc0fc
SHA256 c01415842abaa4bb6ada941a44c132a4a41c55097fb7e931decd04e8b5d6d380
SHA512 1e82896df024fe6a2390e415bcf8dd92f71125639daebed99e115bd9ac219b5667201d29c6b2390a2fcd505c3780ba112ddfca128137b665da0cfdbd4d63f038

C:\Windows\Temp\MBInstallTempe02577d126d811ef8b33d6c6679d10a6\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 88b95b7116045866fd204987f3c35677
SHA1 b5ccf414b58ca667045b2bcbfc5c041cfe3d7815
SHA256 cc9fdb0e29ec17cacd4e534663f8e22ca4e0739a3a29dbf3d53802d3c9483b8f
SHA512 537279612464091da5baff08b090149864297c14e1b059554e0b1229433618082baadaf5463d6c0088e202a510ca0f5e6e0e689a31e25e471ccde5d0782b900e

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll

MD5 2bbf63f1dab335f5caf431dbd4f38494
SHA1 90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0
SHA256 f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364
SHA512 ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\Windows\System32\DriverStore\Temp\{9eb96a88-2d2f-8042-a7e2-9548098b0fae}\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

MD5 49eb28031bb0d40d0f62206fa54db5de
SHA1 1cc505b8b991fbb205c5f1be1f3b7a6ef1dd1d89
SHA256 1a84789aa12cc4920d4cb49467be451a4844b9032a9b21c9555627e9bd16ecfd
SHA512 e0d5da21cc1c0e643c9bc181dc16202a2dd8a9934ddd058f46dca8285adf2528b90e1b31f686a8bee4f99186ba7dd1b26a2acbbba171c0d4eaacaa38d3d645bc

C:\Windows\System32\CatRoot2\dberr.txt

MD5 f182870a641edc4f19b0ba491dc6bc92
SHA1 c37356bc388e33b7c03aba125e324eecfcb26b31
SHA256 77692e9b2da62df3bd9fd2d7b8f2ec8e99590967017960da753d99fc1b6500df
SHA512 52eed92f6543830fada28e837bd6ac9207064a3ce370906fa2496b40f840a1321c54d295f3a1b329ba682aff76f84a923b7dd769813cf42c7d010d7fad40eddc

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

MD5 b259331297947e69ca89098c8a51c1f1
SHA1 31b166af9c5246e377afdcd6201fccc9c5742b35
SHA256 7e0f4c8b8f675c319f5633f36f46fb8d146d82779f6d342f09037b02e3b7b8eb
SHA512 6e93a1cad80f091115683927b02ddeb01195c7458176be8862306828fad309b588d5279b8c5fc2394fbfde0f91563611fc8ce99b7b43890ef3e32af897d1449e

C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

MD5 f782f049b0e8c13b21f8e10e705bd7e5
SHA1 5c11f955e3983c50ea46b5d432c97c9148ac8e9f
SHA256 16c450a310edbea07f578f31368f168ec338011cd117406898593e86ebb83dae
SHA512 eed29c42b14ff26a030f53d61d6dc8e3971e478dc7646b26189f14f16699b6bedc170c4bcc37efe2e8f3048bde37480033b49eaf1a4712b88464f5da0efc18f2

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

MD5 1fef61c41de230ad3977ce0f5e5021f1
SHA1 2b956887940c52930d25e1235092f06ad46bc942
SHA256 5b97f3c8e79319f7b9fcf740ad1cfab68a9765d7d463fcdc38d4bd1a0c95dd0b
SHA512 072daafc3410a349053075231c1dcafcd8084fee648385fa86f225bb642407bad4b45096b5a73a8f937f2ae975b3f7af842c4b4aad95c799d14a60c4bd6f2b91

C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll

MD5 5557e886d8981d10a12a954dec4bd103
SHA1 622c9e9e6c98a1d18df162dbd83b7a9651607719
SHA256 99bc675421b15dddd928f82b3bb8865a1301b65a9699b43b3c31d15bbfc843d5
SHA512 5b6c401b890a591fea2fc611a6be3de55837a3dee26f4d4552267cb6abe752de917f6652d751a80de673c142fa2a9e6d5c794ffbffd324a07051e630323ff032

C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

MD5 36a4ce53e0aa4d9c5851ce01f1b1f249
SHA1 9d26250d0bb42e7caa9e768456c1c70d4d45992b
SHA256 f39ef1786c08ede63c1e7c4590a07c7c3625d7d8ba1e919757f111953c64b08e
SHA512 fad03a0efb89f026ac463d4f178164f9a188e96b0e7ef3e03864c424f415b493f621fa674d9d23326a16a8a0e801827af586ca73465b6e3c6ecfd02eca14dcd0

C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

MD5 cb0262588c155b66991c739e156613d7
SHA1 6d39cd12679c51edfb73e93129113a102576b6c2
SHA256 73580a98c0c0b98dd5a37e51623dc2efc7f5c24978ba0bb2761dd3ab65cb5e5f
SHA512 dac666df37352c8b540ab55f6c7b13921198c283e83236c38f9c2ec838e08d57a0049402a27550898ec65c4a7ad550483cf781630ebd72f42c18a9643f0732a3

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 a37e4272ae8983b3b3d6fac2385b8456
SHA1 7d76f53fd68e846cfae81ed722316a5ca9273f53
SHA256 be87270cf49dab363491bb4717e6b27fe13d174be5284dcf6bdd2b23b8eac13d
SHA512 34d295b6ff89ff23c361b4b17949d8c3e7aaf17e20db31d256a4b0fe69880c346fe6aa5ebf3d0fc3c3056f3d9ecc9ec21a6a97560f65dd93fdb4956128f8d733

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll

MD5 702b2ffbfc901954c4ad2e8ddad90551
SHA1 eea50836372e244519939f97eed058497ebee639
SHA256 4cfa41ca45f26028bce2b29edefdb6e946d56011ab62742c64b4665d664b253e
SHA512 99e694a98a5839d555e1ee6efdcab7ccb6865ff17d5b8c2bb4f28f843c26d98ddd8d12a9778cb7a808e66dea2376d691cd27e41d98ebbc15eb7a445f668178c9

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 b03e071b831ea455d2138b1cf046d4b6
SHA1 7115c2acaf011c5d0b8b9415b60046c1514c3559
SHA256 da5c0ab150447897a10c9309201e7333959cf23089f3d2167b8337c100bcf2f3
SHA512 339c765c3cd53048b1ace918b3f10bace3f4cc5a28508ac4cd155ef5cb7ea726ccce245ffc928a0446a553847a27f090275d532b9c1709d7b8cc6af07be292e1

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll

MD5 7357e806738fc72fc7e396c0fc7363e0
SHA1 659dc4129e770040bb7d22a742d0c49cc1d5d175
SHA256 1da44d9da26113e49ffedd8c44c9d22d87adfdb517425b3b63dd9bfa60484905
SHA512 77ede08e472106acf43a40ab7a70354f95cf9d08ae416b86b3c3baead98c7a86f60d7f57bdb155b6d001f29a83667702854634ba656a9f83950518f00ec98852

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 a3b9c2936e9c21e83a3a082e8cb4ea4a
SHA1 6b135af6a83d657fff334299430e034de6bf796f
SHA256 41447e33e29003f39e0e81f7b6a9b172cd09c57c5fd2b28ce90287e9077f3614
SHA512 d09742b9576104d5ad147e336e753331c265eaf16189a7402e3aec176d1749fc994b87717ec180dab4f614be0da4c24a47678a864dfdcbf50903b16a80b3e950

C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll

MD5 da3608ff85764a876ed7a7f7a640e57e
SHA1 84553bd9359b92e5b335b1bdd7a7a8533926b7a3
SHA256 a5005427d65f83e20b13ba5b57b1d71940128896909e41702948c9c44c771264
SHA512 f389fc879616e8cc68a6b30dd67297443f5089c2955db3e27426a47db5a71ebe3c98e639e5fc8ec0ea42e8b617ea053e882188e6fe92603031e572b19907c168

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 67136c18211d2857763214dff5d4164f
SHA1 74bcb7fe9641c1315b49330dd5f3a8869ac40eca
SHA256 029129c046798b02a35dcfc3c27810fb27795004b86be2ab149047a790464d30
SHA512 15091e3917548e42d17a896ae5ebce401a48d257cc3eecaea306e127b9610d34b393a73c6b0eaa26886ec63056ff79e639fcf8d242c833f0f23429e645136722

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 86ba5203f1ac2f4a2ba2d4e4df50edf1
SHA1 a9a49255a7f4eb4bf27c44b23f3aae704ac82a98
SHA256 03c2a3b9412c74a30f40d3c5c85acfe17eacba9ccff35f5c0e575b24675d16fc
SHA512 1e3919f0a812560af4a4e43634bf8ddb159ce16da01ea132d13489f714b1ea0c2eaa567badc8ce6594f046e495ceb9d6af566dcf909839ff8dede53d1123e694

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb

MD5 827f373fae73fb1f11ccefdf38f57dd3
SHA1 397f4ea58faa62f85221ffc699c578dd7332fb17
SHA256 6ebffca1215249485488bd337f461588de23337f5b3bcc759a8b9d3f1e82394a
SHA512 57b08ec234964144966b4eb49fbfd77b3ef1c1977d4d08fd80800a319645c484238c4569f9eacd74aefc96e870265fa5f35223b6321added0f7821149d593902

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb

MD5 00945996048ff756b87a69413ba9ac20
SHA1 78e8211c2d65063a33597a97a6d176643e9b2631
SHA256 cb420edf38866fb3efa0999f7cc8b277028eb61190fe0d2a3a40324bd852d0a3
SHA512 69b166dee924fa6768ecb77284700254b9899a4a355358af868415ef28cc2ff6e5e7fab8fd259f376320cf907aea1f369f5f3e5f633e8ffed8904a3b66efc89b

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat

MD5 90ae986da076b33809956a63292f8ece
SHA1 f59a271ef9d30beeca4d96746b1960ff1e35379e
SHA256 184dd97b61c0f6cb22d600925bf9170ed9ccad99c57af78dc42c149fc34c7b54
SHA512 7be9fd019a72f2a6072aa1438a5a27fd392b8e93365492861a9de77d68e4730e2b96ca98e8727aa0c6ab7e6b505c33f9061f8e4a83c6522c5c3eb348e0e35e3c

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat

MD5 de6af8e7cb358a9ae31c37eac064fa3b
SHA1 4b7dca3efc886d404ed7e9b6985ab7f49de4cefe
SHA256 f751fe98372307081ac8be0bd2095c4e01bd1c7ff2f59d8616211c1a73048823
SHA512 c02410678af925e408157643e9640c8a75678fa84d74cd31cd5f7b56b99fde8961537c34c3c170ea64b2a9d109c6ccb5a8642494c434cf6df9b007502f23d055

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 c287c0ff2b52446fa3648e4e60dcac82
SHA1 3639d187f44402298c5d945cd3eb80f7285f0d77
SHA256 413c3b38714e661ee2100a64d382db85fb04a2c925df3bc69b9a8bb60988eddc
SHA512 221dd85023f75f1b2f330d0d358867b8d378ca2c9ebcbdceeac5189f086a804d9963d9db653dd083b6aefa508c3a0b5ab51e77b6f0fe422715fdc5586110d705

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 3c15392db6fe80271b626b9e1a8445b8
SHA1 7ad6166d33af832c7f9b5b694f075cce51a75dc9
SHA256 27b046dda577c3f39b298d56ab07a1e541304141173f1c466d036666eb7bb1a3
SHA512 b638f9cea6879d6ca3a6632c9127200fce08d9500cfb809edf7b19c7fd9f4db6f5ff3f64fc872bf1c5e53566e32a18ce6c4246ee25197a8e9e2d90f9482a6f1a

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb

MD5 782a4babe3099d778d7c03487acdecc0
SHA1 35ca7a7f5d83145e58fa9da68749e263a1af7f0a
SHA256 000c9ecacb10b0fe54af660b483de2d71a231026944c4ce6a29cf2a63117658e
SHA512 eeae3b2753fccdb5cdb05ef7cdb16a14d0f0e7d277adf39712e7466791501cdb857518ce156c53834203842bc722c5b66ef53bf6098f2dc65bf3236c117c006f

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb

MD5 a01658bcee0ffadd042a76ace6e7c8a9
SHA1 3f0ecae2bc830fb4fb825e4169b35bf52275363d
SHA256 713375325c86c00122123fc0f46d342d6794ee054b6da72d5a385c7de770681f
SHA512 9320509dde539693828e8cba5fcf79a431a80d4e81b4acdd90a7cb6af0ba2b4bc4305e5770de0ec1dab0000cdafee59ea280fdf7778e2361223037eb97587e95

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb

MD5 0924fc85d03912f161b581ceade05232
SHA1 05071c9f501b21b9f2f5ac43a9bf1b72cacf1a31
SHA256 814047df1cac7072bb3549162147e799fc84aee53e4ccfeaa5b912a0caf63bbb
SHA512 50430b3b5814a035cdb3dad25bddfebf6d0634e0dfb1d94b5c6ac3450457484eae14afcda7a29aea8daa9e5a73df0a01326f3ba727517ba7fd2a30a098ad9cb4

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 c98cbbaccf2fbcc3e3c41d36d4961922
SHA1 48c1b5e13dbb82c0ff99fe49e4ff6bb56c7cf41f
SHA256 3984ed5d816c06310e0ca1ed7cf60a280e45e70f6d79a4e3cd1f67b77382d872
SHA512 c18b673bc9d23c6aeefc245bb60ef3cf0ca80bd7173820842c8e2325db9cd010f63d5a05065544891f1f2dbc01f851a74f5e8267fee923cc85230d86fe9447b7

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr

MD5 e87eb48299e8fbd049fb699bca9566fe
SHA1 50721418fca9dbc7d21b6e6354645523ef07b9ce
SHA256 d45bcf46891ec62e97e144d1b722a02fa01a8219c077f0e84c4d97367c3e73b1
SHA512 821e094881c9101ca1e34fa802777c86a3a5cf919cf9b74568bfcff719371f5e671ab14884111e3234267e9f377034fecac1a4c673c0454ad890d14f8730485d

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll

MD5 0e6c18ce76944d78a4949b3ae1cdfb9a
SHA1 23e173b4519e5cd2e32a1df6ecac282dc47e1fcf
SHA256 23e87a9a2d3fd140fbda133afde9e4c9408f610af83363aa0e49d25a4c98b497
SHA512 2143778b2ad407ab2eab70d4aee35c70bc07b51ffc48cf1cde5274b3a6d44df976c02f890bf8fde33959b4fdd61ac23a60011de4952ee324ece14285048540eb

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll

MD5 a4cc0f93568aedf4892c6540c5ee43e5
SHA1 824c112a8caea4109466cb4c5ca609290554a1b5
SHA256 3abf2098b9f5abe6e14fb225b9ef79275d9b8fb5c0a03de545c8f8957f0d6e61
SHA512 f3185bed52ffeddcc7ff52e1af00dd7e663391d41d17459f7ed1e25f2209784f46c1d1a252a0572c4667af909751017bbcbe550a50c7ffa18e24fb6cac1b5738

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 ff5845b201b6d21e8353801035a11939
SHA1 dcc64e798f069260ea86855fa7bbd59ea859f190
SHA256 39b75cd597b6a56c47a70737c1bbf8e6662e1f15fb7184b5fd8ac1ff96a1b48b
SHA512 8b2364d77ade5acd93a40ce87ba41cd64453613d1af3aa177d1030dad509d9eb5a56f8e827a4c72410c211a0f09d133c5972e3b95199880d9403d927381879fd

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sample.dll

MD5 2032f9692898fa331874ad9eed31f816
SHA1 0d7c6405f8329696913ae4e196f14d21fdf239d9
SHA256 6e5d158663cc707e98381083e93292da2c05fd18bf5abbaa6e66a2588cee4ca9
SHA512 c38287e4740bca6e3d5a2779c11d59eb6090bae1141ef4c662cff244a1ddc61a442f4d1388e6fd4f033d7b257dfe6e0cdad65938b251b358925850f7595b50b8

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 5f4f4838ed0a41b4ae61b16cbdb7c41c
SHA1 c9e300e9f5245d736d6fcc42dfb990b2639aac52
SHA256 cd1e8db650a73bfbc124467737b96fe2080f27f27e031e1043ddc76a9844fb06
SHA512 9bb1ac32b62fb1398616081574b03c0eac37377b4102641299202601f4881fe64c98111334f783d013b509f7eb36ec9b79a7b71bf07436632c280c1ae3142755

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

MD5 af38c5777956fd1a958201270fd5ef44
SHA1 f86c6b8c922e3b4a01f55bb85891be17144d3aca
SHA256 af8b4c46545ce7655c439ea2776992f975f2ebadcea860ab0d0d8b3f4c580870
SHA512 fd117ae0d7a727e19b6619bebfaa53b441e61e4b7ba5d35d7c5591004a7622dc19c490609686ddf8dcffc14a45c89dcd4a893d629fea605b002c99a8b1dc8bd5

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 8fa77131342ad19dcbd23bf31244997e
SHA1 0a6968613af393ba924bd40d526bbef59a4ee527
SHA256 74eaa6c68066960cb40bc787efacbc4bb0f4562f049fac2f6d57f2415884d1dd
SHA512 ca28092361a252963ffda908e2c7d9639b3a84d793736e594d8c30b3543bf344cfd4c240eb9db4b291e2f09e0aaa167cf43db0f921825524bcd181dab2d77d1a

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll

MD5 eecdb9672ebc864945287e50c3867939
SHA1 715d22f044d35b0f86da68fa1aab7ff785a1e551
SHA256 7cc2c24875a0c85098380011ceebde1a65b4199a01e4e986904d089deec28d65
SHA512 29c8f8a94a4c25e64a043c3bdeecb58fbd5e61017185d6c76052656edd3373687decac6174e2ea139b0501d79b5cd8be5765c8cd8bb6971d25327838e8a785af

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll

MD5 41304f2f0fea8eb92babdadb6925adb0
SHA1 305292bba98c5bf79679aab4718699257a978d0b
SHA256 333410f73415a161c720feb98d6fc2262c257af5c392ccf53cd34e55755fac10
SHA512 4c66d4d2b84da74a675726f48b9c5481401f6ca0b95b7ecb855da4e0f01888ea998dc1beaf8d2b580954af74593a931fc1722170e9c23a0a5bae295fbaa20d93

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 b757f9268b222971f04b2eb0dab2d929
SHA1 2382981ee4df3360b895517d2459591fdcaa6800
SHA256 8d6096366067928ea6975a4f836a2bdc11af9c6f6d8fd13ab744af951f06b2ff
SHA512 7464f0579458374fd71660bb5dd44a7fb5e75c379fbd8844fdde07874429efc46a896b1227f5f0f57af02854619a4bb5f1629fd6d6369c06d57bbb96d9c62a35

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll

MD5 c9f986485c18fefcf80c5af9a7b9bbd3
SHA1 28c7c3ad73b9d5ed66b3c07a4e4e869c5aaba35e
SHA256 ae3dba5be2864bade0f63f022b75aaabe05bf9c8bf24fcbb54b99843edbd6f26
SHA512 0be54b3f4a88eb0a6827b694ed95929c1b3c3cb46a29597bf744cf9fa886f659064b9d65cca9bf8d143f9a264d78b5c83e7de88145790966a6ca91b86c286151

C:\Program Files\Malwarebytes\Anti-Malware\7z.dll

MD5 a802e11a15727e3534cdf11c61b47955
SHA1 e0c96b1d33c1e67e1031ffe21bf70e7750c159b7
SHA256 bf864c3641662c8eb966796912e1194bc6e3860bf35332dbc5ab0e90ae885f4c
SHA512 320da23b27dc3b7b097ed5341123085022bb735eccf05a3d1eddb90f94550215e314f9a8e7f36ba7e900ccf7921a763b32ede2b2efed386ed5d392261a16d06e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 edd0e31ebdc194d4ea847eb352e5fd76
SHA1 c66297808352c2e7850e5bcfc188ecb196c7ca6e
SHA256 08ded32935f044c1b6fe4874a270d3764a32c03e19c21da4fd29a3bc5ecd4a98
SHA512 38c00f9499b0fe6daea278f31d52ddd08945d9cd4564a4418418f0304890d5738ac72a106e90704e7eb4dc0773b12c00382db780cb2b3ab39cbf92013c78c854

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 634c582955715ab32ddfe83406564b05
SHA1 79c0a481c1ff351c2e622e440bf7e6795ca6efff
SHA256 4783d65126b8c83fd9aa8ee0e8428d10c20adb3daee6b6c92dab9aaa26964a67
SHA512 38af39912704bed274cbea2c8cc0d136b94e328433cc02bfa7f04fdd9313473e11f6e6cd34a7b4614de55de0d8746ade1040a9eca4f37fff178a07d3e8f5b1d6

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 ac14203c4b95e98e76b2a698632fe35f
SHA1 7269c981f1893e54d61f746f528f509af416bbd6
SHA256 2e50639db2b22a71eb0ee13f33c0eec9ffbbf8bde52c3f7479de34727939193b
SHA512 d3c39b9ff3c48553ea7f49135272a7757ba13505cf85815de3a34f3c99a1b91e3c5b49ac5b0ba358adf9c2c97aef8806aab3052311ceb328c39f4bd369904340

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 570a375934b543458b08970a56d63a9e
SHA1 a64af9e056e677efe90c3c4618938aaa185bcca4
SHA256 7b96af8badccf36559835fedeb1142891dcd35b08396d3854cdebd5b369a11d1
SHA512 55908bf09eab473780c43845db28651c1bf986a184f12bfc07c9f21729a27a4b1570dfeceb03486329c4ca744648aca0cbcec8c66980ae735b44522a18e95f34

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 77c22b7f42708e12f3afa221af2cae6a
SHA1 520953438889145a924e4df64cdfb509a179b008
SHA256 7df22b3352679fa20383690ce7671df863cacd0c9092c5d02829fe06e72158b2
SHA512 7625e2d0d5006943fdf4338a75e692553cde2f59bf98cdf6e1d6e296c6781a3d7ddd82d02025d06d3f6f0649fb47c2baafc7430237181c23dc15cbcc7e4cb959

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 56eb84516aeaf6dde353d07321c450a7
SHA1 f74f98ea4620678e6790f16e896c2fdce5029943
SHA256 c5d082577c3445e4a5e37beb2954aee2d58a69bbe99f981dfe2b13c5a7cfa00d
SHA512 19ee13daca63e2e8be394cedd86f792e1803d16257d129e5ca456d50deed3682df78c95132efe7ff5ee5f09285dee7f0e8ecf198ac09997bd1844c378adf3c68

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 2d3124670fea1df012f99e728c3ce571
SHA1 9ccdbfd1a3f70bb43885382daaf7f7306b813ea2
SHA256 161074d827ef1efdd66a99a3e731c2fd9981894aec2cab20b153121bd0778f8b
SHA512 86f75b4ff3b085303b9daa0d61260758fc61aa3ae8a0768d6bf279536d7566a370e8334e685e728b569749f229d5df556c643f9d87b9e4737b6160155e7c0256

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll

MD5 becafcb40dcaf83a39128705dbd36082
SHA1 2460acbd76261c98209eacfbce6008a717a7e6aa
SHA256 95e046cd9d013c2b772b049728ffe7e9a4ad1684b1353bb9d48d74e3c2b35074
SHA512 1f7ce29d1b35092b6c93fd890dfaa09dd225f5c58a3f963bbc1019060dca603f640a877ebe939995e2beb2a3ee5ae492324fe82d29983f40a37786b00155c5ae

C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll

MD5 b1a4d8866dda0a7c71d54cae048c1216
SHA1 b03b6b8366af332b73328d5d81c86b9fbd53e1d0
SHA256 88f74617e4f6fd30959d52e1f065d63f4405b5512835838347c2403a2c9d004e
SHA512 21aface4d1835ddd682b816bc2d4738c6b66dd106eaf7387aca46f71716dc161896e3d4c6928ef34abfe67912a88129da05e6f7f170393f9daa09dbe1a39c362

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 92075abb95a027c3215954f18dd81480
SHA1 ad9513836d246017c184b60e2b3333e24b8ce79e
SHA256 c7605f8e5d5cfbde385472e9732597fb57fe0922852d450d4051b6db65846301
SHA512 019ed8530cfef951f4d6516549621124cbbc6ae5046111e907b002521fe36f626958da61d75cb471840869449d24026f70ea85aede3c4fd52f9ca572f6f4e5b0

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 9e9dc6735769b685f617f19037ff89bf
SHA1 e51e3d9dbfd734b37e4cdf56f4c369cf4d7b7caf
SHA256 7e8fbeadd706a6092cbf7a02280029a748232ac4d11ef298bb48a911ac91e78e
SHA512 dff4781825fedea13e86697da134418b28d5d23d4bd715ecc49dd22f10b913503991b8cb86c4782d4448d61430562e1604b7d00fe70c2821c70ec2663c6de787

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 d67d08746a95b2f5caa48614cd70f448
SHA1 3a7cb9a4aa364968254bd3bcf5b5eee973892efd
SHA256 b588ddd30fc2d8a8063490b3aeb3cb630780005826ae7a1d80ce59a6d9f4ebb4
SHA512 c7e0c72798c85a0ae488672b0c32e4fa137d2678bf4cf1ff2892cab3a9b29eebe886488d5ce5b83c81b5b15a22579ff84ae38debc0a49e1450fe5bc9eae6ddf4

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 bf8bd2c2b03bda4aff12b610bb701c86
SHA1 10308b7b2ac87ff8ca84317afd96d13f3963c159
SHA256 14004ed4a00b64bf40e8473db03d2eaf4113ef7a86b867244a3c10f1a7790755
SHA512 bf2d85386e290c07c610e0f333a2ef7d5fcac04a9c306248c1aa1c2ea1eb22df2dbc726dbb47278d2b313cb182862b3b31d3d81fa92c340941dbd7bb643771ee

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 84e5381bd4bf1b6d6db9dd8418c8e4d0
SHA1 c880e4e1a0590b2be0488adf3895201327394cd2
SHA256 065386e6986c41c23f45b8cbc0498b337763c630ebee0093519fbdee86b6ce82
SHA512 2120c3409d07898ab27a6170b2fc255f8b9dee8ebb70d63fd10d8d81e701388d8ab3b629c3c5e918f7873f596ac4215cf46f6afebb81891199f8750a5b979d58

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 197f77715179326a5b3205066045f79f
SHA1 01bcf72dcb7ddfff8a087f8b2fdab997d5ba986e
SHA256 c434d678efab31ce92d2afc07f260761baaa48c22b74e79ee9549c8eead45364
SHA512 2d8e3929d15a2bfd6550bad78ed491214221d46541522f1eb7e938afb20421ec0371b54f4008621def8b29140655ff7dc7c98dfb8939aa61154ea3bb0143c610

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll

MD5 002489ae38fcd08e362e51d32f5a544f
SHA1 7ca95bd787fc0bcecd400742caae680746f5ba8b
SHA256 f12f766678c45f51eb856465d06ac895895b917ef1e78a7ce5673d46ee277aff
SHA512 d5874a6f4aaf9a424163a9a7e78a67e172fcf886d8518756cd4939a100ca227d27ba2a18225338f848f375919396b4346b7f715c02e2912c3885bd95e64f98e6

C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll

MD5 f1864dcf36748eae7cc7fbf2ff6f1be6
SHA1 ca794a40603acdd06d0e02651a0b61f54f035a6a
SHA256 62e7cd2036a608fdd0ba5b924aabb99fb4bf78c6b02e6345516e00b87f303496
SHA512 df8e4b0aa2558ec915aedfd3ce5dd0e9a85a5aa8b2595a041c80c3dcccb9fd963c140567200c5bd5d79092778f7f137bbf3adbc4501ec53173a0de692ad94bb4

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ActionsShim.dll

MD5 0954a50e6cc69b8760f78246e123c2f4
SHA1 317da650742c11ab9bc863ecdd8bcd17fccbca9a
SHA256 f46c5c8e3874e9e1eddf20ac67cbdb0f53173c5e4d7f81e9c6975d515d30cf39
SHA512 fdb5ae918307cf339c652a041522ca67d896907069beb97bbdbe0b551fc11624a206bc8f7adb5fa427e147b6e3aa5d8febeef8ebd56d3d831f6edd1bd35c14bd

C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll

MD5 4a345ac3f848c4f2be3df54945d8cd64
SHA1 c9bc4d24b64aabacd0dc2e421eca02f795dd42d6
SHA256 aff8dd46f399f749cc78bacf761f1988fca140b0408b3a8d2708695f84505bb8
SHA512 1bdb0815fca7bd8dcfaa2ba4889132c4f574d3b956d2554553ef54248b4fee078c1535e99ea8fb0db3924950f69e699ddd885c46a3d428030f34ada80fb7fb06

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll

MD5 162164867fa4ad7e873d24831e7cdbbd
SHA1 7bec4ca93f9bd27f48f2c9de6bb75f5d9b910738
SHA256 66c164b536441fea7c64c45ef39b80412b6ee2b01ade4518076f490e74caf422
SHA512 96954906a6d6cd0d1952434ac9477e7cc09cb4bb16b6404d567d010ac2d321eacebd477647f5bb6014455a00580b4007ee26ec310bc290df6300bf99450066fb

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 9e77dc58178a05febfd15bad8130074b
SHA1 bf72068ad2b361bf60661dfc00955af507bd853e
SHA256 280b593c5b1bf9e95637eabfd08f4a2912a2b0c61993d80ee36d05e8cc0b31b5
SHA512 30a53aaac9c60e15ce9313587819fb8796c192fc16da5517c739c46b7767ddc3583ecb06f06ec9c519303ad49de420055c9f6611096664a6b681afbb22435952

C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll

MD5 e5766890c20c1babcb99498c39025b2b
SHA1 6bfeb3b4deff705882f16f15c83b761ec90d368e
SHA256 56d6f3193d6bbbf9416cb51b7e1ada182571fa4aad8a94282eb1c8724b3b7bf4
SHA512 44be428240e9c17da7eb53edd692b3869122f72358d9fd370f132575b5058a33e1dbd350a7cf8aea69866cf34325cd926f53d09837bfb3356bd60d3707d985c8

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMShim.dll

MD5 fd141224920839d8c2e124eb419aeb22
SHA1 ac5c20cb3f141539432ee38a0d576a2f7387b3a8
SHA256 f9a8857f7d04c83ebbbe33adf1b52905fd434a791a1bd6eb2b9e090353545fc0
SHA512 552ca1a3115bd3f579eceaed2ae501e460bce290d7b156d09ebc07379dc88b6025eba4a450d221c69695dfe7436d0de31bae87e6bc6420d14258eaa77b203762

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 cc4df95d984d5d058116dfef8aa369df
SHA1 6155ebf046f62299dd3da800f919103b99a3f5b1
SHA256 95cf89c620293c1d5c4f05e40c7d52a0265e26c5c9c3f6e40e47a7de07ca6051
SHA512 1a7c954d5fdba17495c0007c2f7dee79b108147b6d35244133376f1a54a0d7f7eea55746ade3d97b917db5bf9cc2fbc012f0dffbbab6453d99f90ea3a06077a0

C:\Windows\System32\drivers\mbamswissarmy.sys

MD5 29cab46fc7a117efb911fa2f6d15dac0
SHA1 006b1ff6942078339865dd3f30224a46bbe96663
SHA256 dc7718443d1ac29d1d0325803f0be60ef9a7b6395071cfb1847e7a746e790d23
SHA512 a179481edfcce87a44520feadf0a81a2c2881957c89a066c94b08db72244dbfb91708880bcf9e8f91f3b97da5dc06b2e10c742e031646ec202bf07262c16f9d7

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 e44e7bfa2ead35a91410925091485dfd
SHA1 47bc32df1fd9f9124916740186601dc5664f585f
SHA256 0aad79e1786bb4c03c9ca77aafce8e5a5e6383c838c2b79ec790c2eb72a7e3a1
SHA512 6bfabd467856968866f7da97e24a4caa36a2c9d931cdb8b9aa4050041a179029850d2c830ea3597a2fe2b733fca632fe92448a1f0b0fa27c8decc2f933edfe52

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

MD5 2f81194bf9eb1240f4b0a0b8364069bb
SHA1 46594c8cd1481c130252a6eacfedd3cf2bde7953
SHA256 cd2acc3dd22a239cd1f58400a1b6a22c6e47a4e22937d667d18b5e56dd0bb9df
SHA512 ca4e6c78bd4f20e74951c19e1b134c6e138a6011473bb639b36c94a6040f9f267670d21b74e4585db53884c527b9988f287c35d3fc7cb91e8fc99a25c2bd23fb

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 cbd4c73446eebcbf0eae9fda81eceaeb
SHA1 6c80b408b98548945eee3df55dce39eb15195ddd
SHA256 ffe0ed465ab51b9d9cda3a2933ea1f5e6cc0817c187d506f646a3731dc545ba6
SHA512 e7b93ab30e57ce72af7db2c73a76df1f9d4ec7420c0564db4ed51053ddeb5c9eadfcb558330f4466c38a1615bcdee7993bb6d0d13f78a63f4553d6090c78080f

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 66f247486a8022b571da6d4d096fca54
SHA1 2cefbcc4250ef7e085cd3d8c3774d019d5fd4f71
SHA256 acdccaf1fb2bd041e061a5ad6a26b62b7f067672855fb66c121a4a31a283650b
SHA512 98acbd6e933f2f36c2637d377d860676425a065732246e12092e0a2b7b180a0f0cb9ae9d504ddbe8636b04cceed21d4a047da18f6f20657fa14d478655ce7fe8

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 ede4587cd474fe68037c10fe0057266f
SHA1 54abda3322ce2d61fe4986988f5efcf544ca5495
SHA256 75b8a75840d92c018ee8bdc936a916a990352572345c8d961c4cfc4e8c9991ff
SHA512 3b3852fd747a2d780bcd9e0e4b862a705dda75f8db434c053b985e2dcd8ac030b6dc0cf49656127ae0b37ae773b2fec06b8de28958cd227f06ac9d899a756c8c

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 2d763a90abcd5bfecc3f9ea28119544d
SHA1 d4868c954cca233e1ca869dc117cee44dfee1a67
SHA256 df50719b06d37955fd7aed6a8d7c2e0955c4f9cf936e25f1e1284ede1f6e27a1
SHA512 4e60e4147e1fc6ea03e656d02bd031f5d2f2f7c398b3a1a3ed53a3d5615bd5f60d6adeca1434453e58dda765ea54582d64567527f43eaf814be01d2f9c0597b9

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 66f4587b608612a64352df9bd0949b33
SHA1 412df353c39b038ad4ca34cbeecd185f5bcbc5f3
SHA256 8228ddf0d0ea912afab633181d2b96446f5a7e986af658b6b033b43f23a9ae21
SHA512 cea0676bd15c5fe627cb50341c279871efbe945e0fa1437a5910be6dcb694e7dbd4595b4f3d8baa838c4f5df3a204c031846b1f2e3531296e8a031acd7d1fd7e

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 4244abe4890d991b6ba081cc51d77436
SHA1 9ad0e8bb718d4d8681860437a67b91fe60d832d7
SHA256 0befb7e87603036c9be7529392d8d2b16f54cdf28f4deda47844ae062af112e5
SHA512 e99d3111d22cc0d508b97b94bb4d9aebdeb3f04f146981c5ab6c2e6ad9dcde19af350c9efc9be431c3ac95e150fa71416eedd8985fe9addb2ae73f14833c72ef

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 756807c5948fc3c686af148a51c7fca3
SHA1 8fec0d8d0b010346b5d644c55ce5cee8f3bef1fc
SHA256 8ff46c6e3a9eb71e0f733a2b444ca878546a3220fde8ac9061b91d1fef59756a
SHA512 e93ad4efe0d615aa6b760b9016a1b5d4d678813e8f09029c1892ee871f39322736f9b8bd3060c16314b967825edbf00bf9203294df55a0554b372e5c2ab361f8

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 b1cc3143f6c5f44d09cebaaafd4f8ecd
SHA1 347909203a50f273e5e49c198cc0f913c6758c61
SHA256 397101d3f703e62ff6d26a2d377a30e4343193485a6823d7a0d9d8d3fb2b9331
SHA512 c25238632eb6506dfaf659cf9c39d1de41ee7125683abcb093cb645644448af9c2391fcce9067fe4f1e6a8f543141fb1528515c62ea5e59486a7b999ed613176

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 0479c57539f8eb2f239ed1a76083ef8a
SHA1 b5553b41fa4abb435f87a2c118ecb197c7a07560
SHA256 cd651c014e87a01d5dc473edf024beee0d90fbdc2858bf60d828b7ea03621e34
SHA512 a12e2433b8078a613acacd190d421120e6da293f443b82652eaffca3dee31a1366db39090fe9ef6d1f8a0a631cf7d6bb518f1db852a923b1ff83f818e6adfb26

memory/2432-3156-0x000002A339BC0000-0x000002A339EFF000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 c086314d7ca26f4e32a6eae238a6541c
SHA1 4e99213bacba72df99f21cce80cd6139aaef3e99
SHA256 9602143a8b59ad218dac9928d8f44a75587f9f6f4dd448cb24ff65f5453492b7
SHA512 526131703f64f417acc17407a6eb39e2c57e94af3879caf7ec5f7e908fcb828cd7d75b461c56fd90ec866d312594d935027678bbe6f40cd7b69c4f20a92a3ab2

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 41b123ed7749d14b830fd57c977a0047
SHA1 3422d013b502756062a4aed1ed6ace4649dd71fb
SHA256 3cf52fab0b0cda74647fa0e3b0e7a03c20569f401d6eed7e133c33f52f03aaa1
SHA512 be77486ff610d98fffc59f14fdf269ac9554e00f37ed36a210649564ee9e3472bbb4d9e78535d4ea163b13d25fd173c485754666aad43ecbbc9803a5bf9f71b6

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 2e0840f995a8757c49d5edbfe4e782f9
SHA1 9b46d3a6dcf9ae66d180e433cfbe0813b6c27cd9
SHA256 e7fcada17ee06cf7b628e677a44f2986086e4cac288ef1832a97d4cda1cce5c4
SHA512 fde165d35d9941687638f98a937c0c84113ca04152130d930976fc456230e52764380074a0a9d1f68e53f171e4b44e15a6a4a3ff37e043fa2848c39e55931e62

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 91bdcf1752a4dcb9c378c51adc90bbd1
SHA1 f50edb6ad3c9457063b8b6d576321736325b3b0d
SHA256 fd2a42633bd21d63470aebc1ed5756684ac0d028c1ec0a9662a4f026e62aeeb3
SHA512 5b62bbb4b304bb49d9c93b604b8da99c6c835c9db982e9805b5d082911e5f9acd9c4277b19db394ecd4251a56f9189df5d4e3693a917613db054bebc3ad12292

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 1ac91ffee47081a7a5dda2a19affd6db
SHA1 3b86b5a63e619f062e1e62a5c645b1a83ceb2664
SHA256 50aff4c73d28ebe620832e48ef657546d3347886c29244e8f561ede1d5097efe
SHA512 275a448afcc7e037945836568f2213375c79250e7c72eaa37d9634f8ea2d165eea8b746ac216a242d3633840ed886051195b8afae344bf5b9119917c828c114d

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 5c3593a211bae28cd788d42b71fb5f63
SHA1 e114e15f619f943a4c0ef566bfa69684e3a8f733
SHA256 0aa55c478ed634f0f090648fd2f9d71dd5448f83301edb4e3d651189a7afb985
SHA512 7978bbc22bed98df5ea52bd80df1eb12f8cee19a544ea054258372ceb5c54aefa43ccad34a2f7c59374294e1ee14854c98000a1504a97ca26f402ddc28cd5ffa

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 25ad045a2047c3802e1e737d48b1e877
SHA1 a0cea1b94c4a462eff9676a5881e1626d04e6013
SHA256 d69b809ed4559da05c49b6181fb315079bf33dcb3ca966976df06b893bceba4d
SHA512 42fe4dd5ba3b449af0944e2549df9eb8bfbd95f87f312e5b2e21758db0c0d57f92efcafca21054d0ad7d564ea27aaaa1edb259d7151ab4cef6b64f23b553b7d0

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 e9860344e0b057366c02ba0ed1f0e925
SHA1 dbf8d4b98dd76362bf09936e0130e5e18d0ac0d4
SHA256 41e23ddcc03cdaf901e55d8cf9054b95789db780bfb9d7257671189cd36b40df
SHA512 4da81223ac6a37a71a5ce5aa353e05b70c27607443cf79b3913f72cf8abf10bafff199a57495811eaa3f931bfce56d5d639784d9ae39e902f50e39c8449d099a

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 9978cc1e22b65b6fe2bd93fa3c6422d3
SHA1 ac5cf0df31be6f8ee32b6ad21e78dd72d1b4bd6e
SHA256 216c5ef73ff0925350a3f7c2150f5a45532f9e44d693840ae7b1879e28720d32
SHA512 cb91b0ce6465989730cf6fa32565c3d8f89f98d626ee630bf2ab3d5c03da67cf7b832bf8f5db4fc29cd7d89afc876f5d87bbdb83100f071d987e8cbc038631b9

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 d289d84c0406750cef937bdcdbd32740
SHA1 89a8a040a62bc0d2c2809177773f6a10bb83fae9
SHA256 e21d1060a4a2ad8d0cc781d0ec252b497d96915b648fbc9d1ab46ab750c8d00d
SHA512 c8abdac9756ba299ecd3285a134219ccc222acc9f005a71eae85fd815a93b17b8857ac1e446a8122755e8702a39b76c13df962ba79f45855c752e3347311e09b

memory/2432-3892-0x000002A339BC0000-0x000002A339EFF000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\b050411b-2b0a-4651-8709-7cd533bfd70c

MD5 0da2e7fd54b4f183b7d7cf6bcfd162f1
SHA1 6bbbd1a273f3c18b6d0ff3acfd7b79bce2da0782
SHA256 c2fea97b6c7faf30b97685c117f4a28a9d9ee74a88f54f4c3a9672e962d0eb85
SHA512 5758af570833c6b5a1e331b6d398e8c405a77998cff7514feb9c517c72630f29c58eaefd41dfbfaa465bfc8658b884783d06484f464f5caf40f9968578a3d94c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

MD5 cec636b3b052d43b2c9c767114bbad1c
SHA1 1c9cd91c6d8c73d9da997718d6f4d8c86266e7ed
SHA256 26d3680f02e043d609f4cb92e96dbbfebbbafee6fddf342971505cef2da0f55f
SHA512 7706f058c56f197972364bb28dc9f6ca65823f244ecbb5f079745521b5b422091d1fb74d55ada1c5f2da2086ca5c15a5540eb66522d9b1e9483fb75b242f5871

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

MD5 7774314ba2acad8ac9f40887f9e389de
SHA1 22f45ac77e14d5d248a0e4621855fc5592a7912a
SHA256 c01248aaa07a18c5123e917ac0e9997654de0d8cd58c88f82ff41b76594ffb8b
SHA512 bba556e4ce37aa8551db49bc40c69f0bddcd4e8d97f712aa6517621f080fe5dab1ab888dcc2f93a61642641590e553311d46dfa89cf0038bffad6ba30be9aba4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 52e2d90aeeaa3a2a1c726360938f48f0
SHA1 4da2341cd3305dfa7af94a83bc896723883819c2
SHA256 ecb7d72b316087cee223f3f6e23ebca09d8fda149a26870ddd73eaf5935b40e2
SHA512 c1a2d626e79211bb605b47c59f69d416a763e5c1fb4703710254b25638a5a0305e945bc488d5c7910515ede2dc2cc432bf7fc4a6eb6195958bcbbab78766fcdc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 afecf499b6dd14685f7e1fcf9ff06d28
SHA1 39cdca91dc599f29e9af23c00064237415d6b04a
SHA256 811941ea74368168fe9c2465434a50de2f65e78537f71370ada6a67cd703931d
SHA512 c32a48621494ae4a9787ff8a36d92d98c99762e1d928c710aac60586113f82c9b8a4580ce417f9fda7092c60bef474e872599cb99b505cb8ac5eb9b58d3857be

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 38e9c2c8236469cd1b3f3d5d36e68f4a
SHA1 1d8c6e4026bd2629a2369c8c6cc623b6ab69ea82
SHA256 4fc67360562b09210dcd1a7a2091d3ae2060633e2f00e21f7d50d8c2833879d2
SHA512 6cab5ba16933797fb86d6162b3bc8c9d0b8e9b807c6d75a316a2dc7e9400046809e9841bd20dde8ee296452b8881f7b9f020e8eea0d0646cc110709f96acd3cb

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 7a2b5081b205846dc06bd24b24994766
SHA1 14e6d3916f95305be8e6b7fd7556ca73f7206160
SHA256 25dee790d66bd87d2a6a8fa5ef0310a4bc9b9a96d6283b4a18f83a99523bf3a1
SHA512 36e979551c024233ddc334d301ee23481562ab8875978b3279d14e51b71b4f6446f85507b5a933be85a0d7e4c21d253c654cc21a3277ef94b6aa89ee3adaacfe

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 b01efd0877d8bb4a5d754d6d5a5922cf
SHA1 6dfaecd4219afbb206185171c64c777e9c73ae21
SHA256 ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90
SHA512 6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2735555235faa129dde30d2d4a9a2024
SHA1 9516481cfb3da8921e0bd0e46a075da3ddf10d28
SHA256 69f6f8d130dd949b48821e484446356df35d565107fc713cae01f2f978f7a4e3
SHA512 9a0d602d50ba426eb2537dc7745f87ca2affc2f01168d0ac7b24ca267ec61cef36c16ef90a8ce9018deb36672a709d2853d257608d88ab9d9d68a53c29806c1e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

MD5 f79536321e001fe7a0568041488e90de
SHA1 c9db06788e0458c6ac2a9e4fb63240c6607c8511
SHA256 b824a2b0ce97c48128bf111e53742c67e261289dbcbe4b076fda12ad896b6c0d
SHA512 1535fab83abda52c9384830e55fe40769f294a7cecd059e61c00c1d64e5111d798028ae1d30deecd86ec6905b248561a343c3614ae2c343435325ecd8e3ab5b9

memory/2432-4044-0x000002A339BC0000-0x000002A339EFF000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

MD5 896a7064bdd38f41500a1acc76d56d7b
SHA1 f46cd08670ad5749a865b8e2605f9a4bf1842223
SHA256 c65639f8d8d261517f4f1a9c2d134ebb986b7087a27c736e5b10fd29d4bced85
SHA512 f23039afea5c4b34d49c87827bca2b250f02d2ff05d8c6e29656146bedc376438d2976ad57ebee1c06333176cb78789515621a01e2b1202d0a5a2cae6de4bf01

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 6a229a4b6705714512fee328ff295004
SHA1 c0e2ee811242571f9bcac56a8062c321473b9526
SHA256 f164f29397c304218f75291004e37e477d12de03732685e5ec27baa9a3e46d7a
SHA512 929be6914e4bf3bfbbfe3dfcb26ff34e092139321755e180728d130820224dedee9c812d4501a84de530f06d1e1c0dcbd7066ba233f7ee1138770bd7abffc607

memory/2432-4127-0x000002A339BC0000-0x000002A339EFF000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

MD5 5c4b6998682070ad73cd246eae251ccb
SHA1 d4e3eef6332a6598e5d63741f3407574c7de5f5b
SHA256 54e0e90cc5cfef91ceab363c6cad54c7190cfbbecf6353181779938a3f8de8a1
SHA512 e1f844ecb631b628ff37068ef474b070e22c5be6453c77acde53e886b7e9109f22d09748a7902e64237f5cc9d05818080c0bb5697918235ea2d4ceefb68b8524

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 612e5b42da0ec8728ad286d4e73bf9bf
SHA1 cfbb648ca8e8d435fd552d56842310ea4f6e4d28
SHA256 f88312f403f89c00586f670f0e17d7da03ab7a21dbcd4c15cb197cbb9119f6a8
SHA512 6e3150852eaf41e2c9a018140ffa14dd55764db255e4f7bcf369b5582b1599ab7d319cf11cacb875501ba513e2d9808261bd37676ad06bf84b94a0eef0511ae0

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

MD5 ab258c2dec1945b65cd09b302652e8d5
SHA1 90e660cd3502d9bde40227ec0c0c2820958bab3c
SHA256 c488c36827fc5505fc797e4d7f9bc56c2c2ab9d8c432ff9eb55657179bbe5e36
SHA512 de9e9d01f7cfe40fb64ff4e9ca83ae8f7a87b2e460d89b1fd6717f007afbaffb8cd4dd34e13352c46bbc00372c3ff7f9d9027f54df44f2fba16bd0dda4cfe7fc

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 af9a7cab0be64a5a02d207a5fa4784df
SHA1 ea733834fc4bd8b32605e71c495a00e917f3a56d
SHA256 8240d072fd788cb4bee3a6327c25519b053366de38f21bb4ccf7c21f7e4f4b88
SHA512 726eb2d4e522496620f0f1ffffe1c4287a02e108cc341acdb9e285f03b059914e83e3c8197f9dca69dd0c2d993680f91890a82818b85c43695a4157d981092b0

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 8966a6cf2d6a96bad7ef1c9d6a281024
SHA1 f5ad15890941af8e18d11f2dfb8831663711d7a4
SHA256 73d38e04c2d15eaddeb1a31c35237c640cf9927e12941d8e54bca0020aa77bfc
SHA512 6f303948c94da4aebd82cf31b95416fe846675803bc30944e1b0ca03a9b87a24dfc7e6e50ffae6fa32d3a97e2824ed0878c9b0fd84c59dcd6d5b24cc3c96828c

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 0ccb148902b07e39d2bc542ed1f0617e
SHA1 c66ffe14dd28eec310f66080b64626230c7c302e
SHA256 99b634c673d7f76e438f7f080eae7e769ff3b74de0975afe2a1fdd6f71d1bc71
SHA512 1debfede8bda96b6cfeb0dfae6302d79719dd4cb614a3789a667d3fff28892dacc33742ee4b8482fe05c49abd474a4243eca62c1a90a4c0a245887034136279b

memory/2432-4193-0x000002A339BC0000-0x000002A339EFF000-memory.dmp

memory/2432-4198-0x000002A339BC0000-0x000002A339EFF000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll

MD5 3bc4d2bb173c005c678da34697c17d99
SHA1 2e07b4f3af7dc82d8f7a5fdc920578f6e908a0cf
SHA256 fbcfade08f8d2617b6e9f2e279f81ce3b5e1fc0cce5bcfd927cde1335114f6da
SHA512 36864cef0ba96899d1c9ce088ae931b10461f1360a21fe8791b61acbd6ff1b30786a0f6745eac6acbdcfbcd3f05347aa1aa05fdaaf9e36e8fd0da3768ae78a17

memory/2432-4234-0x000002A339BC0000-0x000002A339EFF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 51e12dd744e641b44de08a9c8422edb6
SHA1 939da19556ec3972d0612db1f23a557de6ca39e3
SHA256 3bbfaebc8fc33c10d1449c8f2e46f2cc69846a8d1a70e51ec509109b0a1b6e52
SHA512 2fd4f2fc0014f8fa2462fd84097c7dafd65844db92ecd7f52cbacc87a16390c503d57cc3eb3dcd034baeb02008b4eea531b253f54bdeb156584f64dfd240a023

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ef62c2388c8006b6cdd83508ea46dbbd
SHA1 dad24faa68d856e6b5a9c70c5e0ca8b22aaba94f
SHA256 e1555e89f3ae043b2d464353f42c2fd603cf1d9a33f03f4de95c7001bce2c1d7
SHA512 2d78033a109f67ca57248e56a2b404b899b67b27cf011907fbe1bedf0db512092559fc51b511b60339bd400a07ed5653d0c7a7f2fc7ed3559bc2e5773b7ef2b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5c3036e5bb01bc97c8bc20be2de74ae1
SHA1 7c481cae1e852e748127e703f0294b48e00432c0
SHA256 bf4fb630d38e1f3584d435c4d45a85f59f12470e5f8dc149cf1f65012ea1b794
SHA512 9c773def3b91b5c22646ebe886448056c2198e76fc4abc92d86b55b2aa62ccf98cb61bf8f8ea712d8a244ab3a60d48a9b848b899d2e320709c516c394cd25f15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 758a3dd0602a88f0261c3b2f12d9416a
SHA1 97bc29a7e4243b163dae8383fa32a1d435b6018c
SHA256 f2af74eb2cdbf976ea77a7fb561631e5297ee895072a25184484944bd1466737
SHA512 654174bd3cd5b4559b3ad77ece4c3bb2c90d327e010701d5447120856efff3f71d1d573f2f5c199883fa8f25d1ef8e98ded71d3ea17eaf2bf07640d15ebc1727

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 e123213efd7d279e5e65a69e1946874d
SHA1 8c4c6f56e867cfd55db7d9ff4ba8fbd8232dd2f2
SHA256 7643b74772c497059a869d5c0fd781226325dfd3acdb8a4be233c88e5de4bd57
SHA512 d5dbd86272b7d621b12e7c9cca78eba4cb6837dc020c922a1a33a6ef769df4d15f4a56f98ffd13c7a9891059e29a52913097ce05ab3bf36f3274452c2be55d42

memory/2432-4366-0x000002A339BC0000-0x000002A339EFF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 01f23613bd4e76dfe06e94f295e67b8b
SHA1 295b0e53c6d51197803483de59f9c7a20683ff3f
SHA256 242b801564567816049f89087a4d5ea36d9a00438389ab1fbd947dd79add91b4
SHA512 e33ffe4a73bd780944a0ef471bafacfc0a3860d66ce6e9e8a362b4a48d3a28e5e8486fac9c8ae1db65901218e95ac490969e0bfe98105eb6cd2f2ebcc054bd3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 18944e00b54ba4196c1c4511619babd5
SHA1 72ef2ef7f49c23c08af8fddda229b00f980cbc38
SHA256 f2e162bd14d9c1bf8717b34c3ff699eb6d0fe118305b106ddef0c4882425f33c
SHA512 e6b30c511f5817149917c4a061b7ae00fed04c83bcaf0359bde2ddf6d19efddeb220602f9fbb43e9e935845472aef0bd42d19f2f9deb112371fe46ae53ccf647

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7bb401bdcc79885d7b76b31bba144d94
SHA1 9765e416110027489c9839d0862c2a3978233d57
SHA256 c9004a0ee3e08aa340ed134524b6ea17b9740f0262069c254ebf33ebca57ce1a
SHA512 b2eb8aa71f149f8c7bb6dd0582020cfd94e93f1374d81aa200fe39742febd3d71d1cce455fc6468f3178f73522552da240e51d713a76f4ab6945efe9067d2bd5

memory/2432-4498-0x000002A339BC0000-0x000002A339EFF000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 d56d660acd8fe0e6ba567fba0883b2fe
SHA1 bfa5fadef40f972a55a87748a87c79ebac39fff5
SHA256 12a01750e6e846dc61c78821b1cea75bf6c57958ce4b6a1de33c7daf9adf1e51
SHA512 53cd581b6d7ec6ff914c67f3d659f04f161ef26a3ba0b0353e5183658bf08d3c49f1ca90f2bbef8f70d3f2eeeb6af7497de33cec770cae4fff9ae5f3526164b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 13a85eb16c8b4543e10ed1f35f2157fd
SHA1 ffbd7347e26c6d6b49f7a765b19350f7980eea17
SHA256 174657068aa10ae5498aeb4e88499c05b97434451864fcb0724d71c8e4411c1e
SHA512 07f296b4b3c287ca31bffb2cef314a15fa2f8bad5c4eb898c9d88176c1cca99339327dffd2e25bdd40929c6702e6588d5a1428e4400f91d2e9892a750f131ac3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

MD5 ff87a2995369aea1cb9940c718317b9c
SHA1 5132d63a352dd37f8a92b31986059858d56cb4be
SHA256 82a2384fafd2eb6fb8b1a8ebe83fef9ddaedb14dda5361dadceaadae115b3bb0
SHA512 ba6321418df27d9d400b181a6d18b5173f9f9a55163c80caecdce059f37b91eb07747c1cd530e53e39436d6a1cd4bd93e356ae35ce10de333ccbb053a35857ec

memory/2432-4521-0x000002A339BC0000-0x000002A339EFF000-memory.dmp