Malware Analysis Report

2024-09-22 12:33

Sample ID 240723-sehfkawdjn
Target https://github.com/Da2dalus/The-MALWARE-Repo
Tags
troldesh wannacry defense_evasion discovery execution impact persistence privilege_escalation ransomware spyware stealer trojan upx worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.

Malicious Activity Summary

troldesh wannacry defense_evasion discovery execution impact persistence privilege_escalation ransomware spyware stealer trojan upx worm

Modifies WinLogon for persistence

Wannacry

Troldesh, Shade, Encoder.858

Deletes shadow copies

Modifies RDP port number used by Windows

Drops file in Drivers directory

Downloads MZ/PE file

Sets service image path in registry

Reads user/profile data of web browsers

Loads dropped DLL

Impair Defenses: Safe Mode Boot

Checks BIOS information in registry

Drops startup file

UPX packed file

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Checks installed software on the system

Sets desktop wallpaper using registry

Drops file in System32 directory

Boot or Logon Autostart Execution: Authentication Package

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Enumerates physical storage devices

Checks processor information in registry

Modifies system certificate store

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Uses Volume Shadow Copy WMI provider

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry class

Interacts with shadow copies

Modifies Internet Explorer settings

Suspicious behavior: LoadsDriver

Suspicious behavior: EnumeratesProcesses

Script User-Agent

Kills process with taskkill

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Uses Task Scheduler COM API

Enumerates system info in registry

NTFS ADS

Uses Volume Shadow Copy service COM API

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-07-23 15:02

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-23 15:02

Reported

2024-07-23 15:11

Platform

win10-20240404-en

Max time kernel

442s

Max time network

551s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Troldesh, Shade, Encoder.858

ransomware trojan troldesh

Wannacry

ransomware worm wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies RDP port number used by Windows

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDDDFC.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDDE13.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" C:\Users\Admin\Downloads\WannaCry.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\W: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\U: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\R: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Boot or Logon Autostart Execution: Authentication Package

persistence privilege_escalation
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Notification Packages = 73006300650063006c00690000000000 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Authentication Packages = 6d007300760031005f00300000000000 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_291f12bd323b3ff3\netl1e64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_c9c15e7d233d6d5d\netwns64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_abe96c8dcb5b0eac\netwlv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_c82335b6cfcf830c\msdri.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_356b66ad47b23393\netvwifimp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_3bab30cbbbda44a6\netax88179_178a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_1496862836cc181d\kdnic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_6c303885965f99b8\netbc64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_5a2c95e8a5a2ec07\netk57a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_72ff1ba7dcda290d\netr28x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_932e3738220f305c\netr28ux.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_68ba6e09a25225a9\rndiscmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_08f6d3fc478987f0\wceisvista.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_6174f7431c31c88b\netwew00.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_ec0c19c95c819b82\net8185.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_df3530655ab60648\netelx.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_387464037c2d56cf\net7800-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_64dc8ea3097dbbbf\rtwlanu_oldic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_23f53da2fc1e1be5\netrtwlanu.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_383eaad9c343710d\netwmbclass.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_f3d0d8bd79ab9a02\netrtwlane_13.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_5abd56c57baea010\rtux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\mbtun.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_8d2331ef1f1a08cd\netmyk64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_c5a42cdc1adb9ade\usbnet.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_9968491cd13abd17\ykinx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_95255160f12fc865\c_net.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_0e1cf7c50ca4ffaa\dc21x4vm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_d271ba5a9c993ac3\netathr10x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\SETB127.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ded518ad79c316ac\net819xp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_abcfd585de0a3e55\netwbw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_f38e8e643baa98b9\netvchannel.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_0d70dfdd3a576529\netrtwlane.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\SETB127.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5d49cc27a6d05e5c\net1ic64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_621ce01db587a93c\net9500-x64-n650f.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.UICommon.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Primitives.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemDrawing.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClient.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\System.Xaml.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Prism.Wpf.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemCore.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Drawing.Common.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.AeroLite.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\System.Windows.Forms.Primitives.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.IO.Packaging.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sample.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\e_sqlcipher.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\UIAutomationClientSideProviders.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.provider.e_sqlite3.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\ELAMBKUP\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\vssadmin.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MBSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 \??\c:\windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 \??\c:\windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags \??\c:\windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags \??\c:\windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 \??\c:\windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 \??\c:\windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 \??\c:\windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 \??\c:\windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 \??\c:\windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 \??\c:\windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\vssadmin.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} {000214E6-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000134f3e4712ddda01 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662205508444770" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{956AEAEB-8EA2-4BE1-AAD0-3BE4C986A1CC}\ = "ICleanControllerEventsV7" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E32ABD9A-1CBD-44A5-8A62-55D347D3C4F0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3FCAA7C-EA26-43E6-A312-CDB85491DDD8}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31A02CB9-6064-4A3B-BCB4-A329528D4648}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E32ABD9A-1CBD-44A5-8A62-55D347D3C4F0}\ = "ILicenseControllerV7" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EA248A19-F84E-4407-ADD3-8563AFD81269}\TypeLib\ = "{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2870643-0645-41F9-BCCB-F5969386162C}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{32DF4C97-FE35-41AA-B18F-583AA53723A3} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.SPController.1\CLSID\ = "{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94E6A9DF-4AAB-48E7-8A94-65CA2481D1F6} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E1BA0B73-14BD-4C9D-98CA-99355BD4EB24}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{616E9BE3-358B-4C06-8AAB-0ACF8D089931}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0070F531-5D6B-4302-ACA0-6920E95D9A31}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04F8CDB5-1E26-491C-8602-D2ADE2D8E17A} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DEBAD4E-3BAF-44F0-9150-BCCCC3801CF9}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{735BE2C0-5A9B-457A-A0A9-4B27FCED2817}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E0987E3-3699-4C92-8E76-CAEDA00FA44C}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2650A9C4-A53C-4BEF-B766-7405B4D5562B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9442AA1-AEB8-4FB4-B998-BFBC37BA8A99}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EF7DFB76-BA49-4191-8B62-0AC3571C56D7}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A66A096-E54B-4F72-8654-ED7715B07B43}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C4652FC-FA35-4394-A133-F68409776465} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{964AD404-A1EF-4EDA-B8FA-1D8003B29B10}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71AC94F2-D545-438F-9156-C231B7D94A56}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}\1.0\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4AC5360-A581-42A7-8DD6-D63A5C3AA7F1}\ = "IArwController" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0EB1521-C843-47D5-88D2-5449A2F5F40B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A34647B-D9A8-40D9-B563-F9461E98030E}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3249828-A4B2-4146-A323-EA5FD2F2FC75}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAB53395-8218-47FF-91B7-144994C0AD83}\ = "IAEController" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A0F9375-1809-45ED-AFE0-92852B971139}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD9CB7A5-5C46-4799-A3A4-20FB128E58F1}\ = "ITelemetryControllerV9" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B34A461-332D-479F-B8C4-7D168D650EBD}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{834906DC-FA0F-4F61-BC62-24B0BEB3769C}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1917B432-C1CE-4A96-A08E-A270E00E5B23}\ = "_IAEControllerEventsV4" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC60FEE4-E373-4962-B548-BA2E06119D54}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\ = "IMWACControllerV13" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2D56B7B-4B87-45A1-A6D3-5C77035141A6}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A9AE95CF-6463-415A-94AC-F895D0962D30}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5B978B-68C9-45C7-9D6E-0BA57A3C7EB2}\1.0\FLAGS C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{172ABF99-1426-47CA-895B-092E23728E8A}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA248A19-F84E-4407-ADD3-8563AFD81269}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A574BA8-3535-41F9-AB73-FA93F8A7DC3B}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D88AC9B4-2BC3-4215-9547-4F05743AE67B} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{557ADCF9-0496-46F6-A580-FF8EC1441050}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}\1.0\FLAGS C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDCB7916-7DE8-44C8-BAF6-F1BBB3268456}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Users\Admin\Downloads\NoMoreRansom.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4180 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2796 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 2212 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 3216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 3216 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4180 wrote to memory of 4932 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff935d89758,0x7ff935d89768,0x7ff935d89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2792 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2800 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4836 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=868 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4932 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4648 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\NoMoreRansom.exe

"C:\Users\Admin\Downloads\NoMoreRansom.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ff935d89758,0x7ff935d89768,0x7ff935d89778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4632 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5712 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 224301721747167.bat

C:\Windows\SysWOW64\cscript.exe

cscript //nologo c.vbs

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe f

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im MSExchange*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im Microsoft.Exchange.*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlserver.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlwriter.exe

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe c

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b !WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!Please Read Me!.txt

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.0.1677283139\291049546" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1716 -prefsLen 18084 -prefMapSize 231738 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ef4aa16-6bff-4b41-845c-dc7f3ae70f36} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 1804 1347f2eb858 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.1.807410276\1599414917" -parentBuildID 20221007134813 -prefsHandle 2268 -prefMapHandle 1820 -prefsLen 19118 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99bfb423-f1cd-44dd-9646-7a2b507d4ff8} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 2236 1347fc0d258 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.2.1956094967\1788724318" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 19792 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7d38bb3-7cd6-4eaa-9580-1d417a353e08} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3384 134012bc058 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.3.1178362875\1306593604" -childID 2 -isForBrowser -prefsHandle 3772 -prefMapHandle 3372 -prefsLen 19980 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9211745-65ef-47b9-83f0-a4228be9341b} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3860 134043a9858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.4.932934728\870705773" -childID 3 -isForBrowser -prefsHandle 3748 -prefMapHandle 4080 -prefsLen 26345 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9fec7be-ed6f-415f-9e7c-204ce761f3fc} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3968 13474330858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.5.1776125480\2107277961" -parentBuildID 20221007134813 -prefsHandle 4724 -prefMapHandle 4720 -prefsLen 27224 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2865c31d-c53f-48c9-b08e-f469d1e66949} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 4736 1340572e858 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.6.1605746185\1600781624" -childID 4 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 27633 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {871e85bc-35d5-426c-9556-75dca704313e} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3080 13402dc4658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.7.1088478844\1535714405" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 27633 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f55c70ff-69c2-41f2-9a48-448d50c513e8} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 5088 13402dc3158 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.8.601667458\389695286" -childID 6 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 27633 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13fc8a07-6996-4a33-8384-4ae0cb625b0d} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 5380 13402dc3758 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.9.1601438873\190229618" -childID 7 -isForBrowser -prefsHandle 5752 -prefMapHandle 5748 -prefsLen 27712 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f78f3bf-f13e-483c-895c-e583b3c82fde} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3884 13405953a58 tab

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

\??\c:\windows\system32\svchost.exe

c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000178" "Service-0x0-3e7$\Default" "000000000000017C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\Windows\system32\taskkill.exe

Taskkill /f /im NoMoreRansom.exe

C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe

"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe" --ContextScan "C:\Users\Admin\AppData\Local\Temp\mb_7051.tmp"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"Malwarebytes" --ContextScan

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" --ContextScan

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe

"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe

ig.exe secure

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe

ig.exe secure

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe

ig.exe secure

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 185.199.109.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
SG 76.73.17.194:9090 tcp
N/A 127.0.0.1:50092 tcp
AT 86.59.21.38:443 tcp
N/A 127.0.0.1:50231 tcp
AT 86.59.21.38:443 tcp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
DE 131.188.40.189:443 tcp
US 8.8.8.8:53 189.40.188.131.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
GB 142.250.187.228:443 www.google.com tcp
GB 142.250.187.228:443 www.google.com udp
US 8.8.8.8:53 228.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.200.46:443 clients2.google.com tcp
US 8.8.8.8:53 46.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 location.services.mozilla.com udp
US 35.190.72.216:443 location.services.mozilla.com tcp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
N/A 127.0.0.1:51993 tcp
N/A 127.0.0.1:51996 tcp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 166.188.117.34.in-addr.arpa udp
US 8.8.8.8:53 221.5.120.34.in-addr.arpa udp
US 8.8.8.8:53 228.192.238.44.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 malwarebytes.com udp
US 192.0.66.233:80 malwarebytes.com tcp
US 8.8.8.8:53 malwarebytes.com udp
US 192.0.66.233:80 malwarebytes.com tcp
US 8.8.8.8:53 malwarebytes.com udp
US 192.0.66.233:443 malwarebytes.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
GB 143.244.38.136:443 plausible.io tcp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 233.66.0.192.in-addr.arpa udp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 stats.wp.com udp
GB 143.244.38.136:443 plausible.io tcp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 23.20.223.21:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 192.0.76.3:443 stats.wp.com udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 8.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.223.20.23.in-addr.arpa udp
US 8.8.8.8:53 stats.wp.com udp
GB 143.244.38.136:443 plausible.io udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:443 pixel.wp.com tcp
GB 143.244.38.136:443 plausible.io tcp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:443 pixel.wp.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 162.247.243.39:443 js-agent.newrelic.com tcp
US 8.8.8.8:53 js-agent.newrelic.com udp
US 8.8.8.8:53 bam.nr-data.net udp
US 162.247.243.29:443 bam.nr-data.net tcp
US 8.8.8.8:53 fastly-tls12-bam.nr-data.net udp
US 8.8.8.8:53 fastly-tls12-bam.nr-data.net udp
US 8.8.8.8:53 39.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 29.243.247.162.in-addr.arpa udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 8.8.8.8:53 api2.amplitude.com udp
US 44.233.181.83:443 api2.amplitude.com tcp
US 8.8.8.8:53 83.181.233.44.in-addr.arpa udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 3.210.101.178:443 ark.mwbsys.com tcp
US 8.8.8.8:53 178.101.210.3.in-addr.arpa udp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 108.156.46.45:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 45.46.156.108.in-addr.arpa udp
US 3.210.101.178:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 108.156.46.45:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
US 8.8.8.8:53 holocron.mwbsys.com udp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 34.227.118.143:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 143.118.227.34.in-addr.arpa udp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 34.227.118.143:443 holocron.mwbsys.com tcp
US 52.205.202.43:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 43.202.205.52.in-addr.arpa udp
US 8.8.8.8:53 iris.mwbsys.com udp
US 34.227.170.7:443 iris.mwbsys.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.223.144.176:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 7.170.227.34.in-addr.arpa udp
US 8.8.8.8:53 176.144.223.34.in-addr.arpa udp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 50.17.158.69:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 69.158.17.50.in-addr.arpa udp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 108.156.46.24:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 24.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 crl.comodoca.com udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 144.245.100.95.in-addr.arpa udp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
GB 108.156.46.32:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 32.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.223.144.176:443 telemetry.malwarebytes.com tcp
US 34.223.144.176:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 50.17.158.69:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 ocsp.trust-provider.com udp
US 172.64.149.23:80 ocsp.trust-provider.com tcp
US 8.8.8.8:53 crl.trust-provider.com udp
US 172.64.149.23:80 crl.trust-provider.com tcp
US 8.8.8.8:53 www.intel.com udp
GB 23.194.11.2:80 www.intel.com tcp
US 8.8.8.8:53 certificates.intel.com udp
GB 2.20.12.77:80 certificates.intel.com tcp
US 8.8.8.8:53 2.11.194.23.in-addr.arpa udp
US 8.8.8.8:53 ocsp.thawte.com udp
DE 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 77.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 crt.sectigo.com udp
US 172.64.149.23:80 crt.sectigo.com tcp
US 8.8.8.8:53 blitz.mb-cosmos.com udp
US 3.85.46.175:443 blitz.mb-cosmos.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 95.100.245.144:80 www.microsoft.com tcp
US 8.8.8.8:53 175.46.85.3.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 34.223.144.176:443 telemetry.malwarebytes.com tcp
US 34.223.144.176:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 50.17.158.69:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 34.227.118.143:443 holocron.mwbsys.com tcp
US 50.17.158.69:443 sirius.mwbsys.com tcp

Files

\??\pipe\crashpad_4180_OIIJINITHGGRQCPT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f8851643-a6f9-4157-aaf6-87d962be576e.tmp

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 ff473f2934e3c8eef257f684ddce4684
SHA1 fa61f247a5bed4c9ed2b320f437d49fd5306539f
SHA256 76ca41d207ef5e15f6ace9129b04295ef524ac3291c9bdc279833b8ba1276830
SHA512 a15cc5fa922231e1a704b701fcc6a8e615d258a8ace71d0399bb854f15483340558a742987d8eeecb17a4ec34ac63da3ecbcfa079a73d319d12bb14e3b111ef5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d9ab2cd7ebdc8bd95215175cd1bb343c
SHA1 8d89f71073ef12565067794c6f8fc52bb7ad7796
SHA256 5bab20ae9905f47710f0033aa365b6de2b489b1a113fa1406798c98da148fc4c
SHA512 af54829a4cff563335bf7bd26dad59edc8e8b4e73bdb0aa73986dd4f15a42d0d2b608bfef9f70cd532594dfd37db02ca0e817db689b94d77bd60779de246d7c7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 bc10c1636bec6c5c029fbba89b96b5db
SHA1 7cbfeda552bd8797cfd350dc1dc191af2cc4bdc7
SHA256 4ffbea3ba1921c7ce4d8299c570dd64c3fe453ca74ec174f09c0a7868aad2deb
SHA512 6c639f78ddaae28426b7dea4af7dfaf67cac6287089f5fc905accf21e81c1f6cc2c2683d836a718891e883bfea601811fc469b84e605cd2825752e2c9a7acd8f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 48c95f975b4c0f56586dbc7e0dca6966
SHA1 617f007d5abe96acf24d2e3e0c24c2be14573783
SHA256 1d562991f5ebf49550a2c7e513f92b8f8526b7232d1a60479cce85b3d8231009
SHA512 5e32f8814c6e2351e0fdf685a7b4d609adcb2ad92736f561a5eba8620077b45dcfdecb72667440c5e8fcf0aa0d3a967a63a18ca615dd16fe000d1644d372b7cc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 54663603038e4d8499b1de15184d27fb
SHA1 c6a9699c56ca216f8234ca6a29a111bb0cb609fd
SHA256 08b9c91231436f07807061557f5aa0c02aaca796dc0ea485a9c6dd6bec4c96fd
SHA512 e0a507abcfea79f4ad32054dd5d2cc8996d3249744a4f6fdefa7413bb2cc3cf5280603577f2a95989709eb47a3ca7f00ec29eb2234555d29787ee0d4dc976992

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 28b02816ebbf31e9dd24b03e73aa4940
SHA1 72278c93ad657440a83a86060bc82127709f4b46
SHA256 ef2a6d00c78c41ee4349bfc83de3b0d1687659ffce545f739af7b098ff49404d
SHA512 bed0f3ec6f60d69d757b651c8cdfd82c4145b39e3387c11bb3352ece1a027fdd565e5bfe8248f58295b4c8d4658fc1c8a02b2d450737052f701ffdb5e7e163ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 e483172a09703d8b12818806a66eeed6
SHA1 aeeb13f4c6cddb55e1e249a09d685484427a0597
SHA256 80eaead6b6078b8f9fc4682344787a436ed2e481617997fe471c9b952a47e465
SHA512 2ab04ae9f73c8594651bc576482882920c0dcca7e8d36b32511acca4a4acd3e9fac9bc68a3fcb10522c16df3dd2cf2427a967ef24308e36ca667f200d1b268f3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 784322abadef5e971b06da7f398aae5e
SHA1 5f097d33ef7788571d717ed0239ee9defe151bc9
SHA256 3e8dd7ced2d7ae076db16d28ea1fb70d64db0884cd0c75daa22f8727fb96e0d2
SHA512 4cc55bef35cff849252f90cf7a78bbd18015c65bab38747ab8f8b39625261dc748ebc2a3bf18cf548cd0cd205f10c437d45568ed07b87defebe03e5c2f57f9d0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d387442e0a8fbb414343071003fb0274
SHA1 afc070035370f67d1a71cc348a39e6467554f7ed
SHA256 d71f220dc74d4a1ef0539c728784c75a4420dccfb754770d2dc8f50afa9b3bb5
SHA512 23fc516fd8d24ba8d4b36d8c9c49659ab6e50405532a81a0012b063d2d6a3b9f714f067c0a305e02b2cd8a9626becb5b59b7c23d10b908c54445b27eb46edc2a

C:\Users\Admin\Downloads\NoMoreRansom.exe

MD5 63210f8f1dde6c40a7f3643ccf0ff313
SHA1 57edd72391d710d71bead504d44389d0462ccec9
SHA256 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f
SHA512 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 49f9e1dfff4401a96d9b45008b70480a
SHA1 9864717a73e16af05b33c98b27c81dae1ae97ea9
SHA256 ea8b231b0bd687822696e98b362ba946fcaad654bfe65a75ca58c457806021a2
SHA512 77b25ea5f5f3373804bd3f965c27b2fa238fcf73f002bf5f13ee3730e59d0e644ced4f28593bee80116190143d7b8e42d417647e1f92c1e5bff6790d52dddf92

memory/3348-297-0x0000000002100000-0x00000000021CE000-memory.dmp

memory/3348-298-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3348-299-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3348-300-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3348-301-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3348-303-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 187fda534acc28b05af553b68543d663
SHA1 121ce8bd71005cdfea2046a50b65479e00481e88
SHA256 a9b683dfcd9e3b7f042adf124ffbecc5453596678dd6d00a24582b0e6516fa87
SHA512 658874c880b284b2a93585a4d018aa24119dd49ca23cbbc3d0ed1a3651273f7aaf0dc77d9fec0c0e91bee984ceb4ce51a02cbd47843ee8e4a3eedb7b34a1228d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 df22a731c050b83872e9dbc7c8e7cfaa
SHA1 9a725bbaff46a2c356d7309f84aac888aaf25e2c
SHA256 1b072d6431dbb6e191c6f019a51cf5bde28035ce91d6ee8bfa214a83ecfdb97e
SHA512 01bdaa742e83f2773855b1212dda484dbb3b9fc70708a33527aef61e9d508c37a2154ea1ace539d4bfdda983603e1930bc763c6c0c812983ffc1a0fb6d453f71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d174.TMP

MD5 353294f926842f4c3cbdbab262478ba1
SHA1 3d2ba1f4528bf396b1229360d48bb7d82b5f932a
SHA256 53bace17abeab68d9076894834ae11d7282436768541960ce7e0ccc0486a5209
SHA512 5687cb78b0fda82b869a9983c5b6c85511e210e9a4be80bc98ec781777d67ccd6012386788bac32f791d43dd191eaa454c73e6c1dce7ac211145a2587829ff0f

memory/3348-326-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 28567e67300fef5104c2d3924cce16ca
SHA1 01e8767cb641bb705b0f388d8c8ed2e2fc978b8f
SHA256 d8c5b4fff847344338ff9aa26bfd950d1645aceec4b25ad614bec5e06c804e8f
SHA512 5de6ece94bfcb7210a1de2740a03a47e8e3e594de74aa628b3245786ede46c091533350d2d6478a47e919eb9ee16edff00473678dc527f2ab6a27008c0620427

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a7ce5f267babb5659c70d06bcc0f9937
SHA1 3c4a9d2210481a807b0acb1c0687d93b632c30f7
SHA256 68923ba991e2b01c2a438edc1f9f587d50623ee53f639c52b5b88acdf4e36059
SHA512 cc384a5c74e404aacfe9edd57b904fcabe796e7b688880c36eba8138d2b8532d2ebc008bbb5c3d48034c6b4f1e7e95aa193dd429d26f298f5b6c5b049ad0b484

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 139a4f192fe26572f3140317723dddf1
SHA1 4095b3b2daf2fe465cb397613adaa0efc2314e11
SHA256 3adebb25a87c2915bb6c9c6890d471cd0ed1b4d181343174afa018acfb8164c0
SHA512 d16fda9be8ada270beac0f7eead198d0cec5f4071e994a9942f92829169de532109b6618c4cf93b5c0147857c7609aa720f59469415673795718af55aba2c013

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 bb65eac96b5a51c5d210b790d95273ea
SHA1 24186c18938515381de9cbaa71aea8064486fafa
SHA256 2aede8606ec3713fd4dceb7979aa069125d65f17f289c4a6b860a23cfe6dbba4
SHA512 235a16c9b118318aa61728ab0e71556aa1ce739100959f22627e8d80c9d2b4f591c46bb7a8cb15c58776208e6cbaa7c2e170060646defdb8c56021801b640453

memory/3348-423-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3348-429-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3348-431-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3348-432-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3348-433-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2864-438-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6893A5~1\state

MD5 73edc80553a992d4df5cb76574bfc057
SHA1 9507c289688ce34c186d8536f6758c4d2411cea3
SHA256 5e04a16cca601cc9fa4050c97d08e28fe4a7ed45829cce1ee997949b0f178c47
SHA512 3a753b66281311dd5e05d88c8ec152b1cd1040078953df756cc5c0fd18acce52306aa7c6dee1d54c48164cd964eeb7d31a95f8326d331931a2e4893dde549089

memory/2864-442-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2864-443-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 675cb66bf44402292c9f513e881cfb31
SHA1 d386b8b985974dbcc333a5b4c4d6b249a7ba649a
SHA256 d34eda46ca4c4455ea9ab8434b3306eabebe0fe1eb4742d10d0d7e3294e31025
SHA512 9891cdfc97ffdb629392f22423daa9026265bf38db0728263a3ce41e2357a25e50577cf81ca79570915dd0fe4e43facdfd97b3165e3fdd80b4d6d3c910aa4c06

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 3315f26db87bf6fcfd969a5de46bfc89
SHA1 25dcdbcdae15486b260352197f9c6b9636774096
SHA256 25f7f9ddb26a79b195e6a091c9b5ade4cb6850d010aadbc5e2e3cceb89de8bb8
SHA512 02a0d675703eb96c4bb06da42c2699d5e64066adb23deb7cea521834325ce1869f16dff93ea2431351dabcd6f2e697d8ff23c34d1f7b4840f97d8bd2abb8a23d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

MD5 6df0f3cb315cfa215394466aa8273e2b
SHA1 f6781b67f93b79ba101d21831161c4aefcf6d374
SHA256 2089944673c7da38e47450e19b6b34026bd5dad71bd75c14178a1ed0c40679b8
SHA512 40dfb94a0efc0457c68b85c027d50059a29191964c4df20edc490ec359a5b33fec80d6ffb59326e2570ae7c27aa9f1b241da555bd8deeebabb7d3415ebd651e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

MD5 e88b407e3c819d8f38fe7a34d2e938d5
SHA1 5f7cb1fb2b649564d5534198b640eeb66979bf42
SHA256 2ec924aa2c5348cb6ad64ff2294848cd8823503b444729ff88be9e456daf2c7b
SHA512 6e2bb214c2f697b8147e95d308a37b9747c14cb533bbbfa49376cee6204354945ce1a602e81dee70a14dab58fb15f793affcac331d4698427ffddc9c119e7ce2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

MD5 af3520adb8c7e6f67e7c7da194a32e24
SHA1 16ab88aae466c87481927d8e69706674dfb0e811
SHA256 5aab39176d2e4bd06372565ec4fe5c3eed4714317115790582198681ca9de8b7
SHA512 2a10475088d6732968592c66ff450ad9613513ad0334649c3177e842eecb95d6c4e69cab8fe0cff13bd4bf6a5d474a7d4df7705e00f778396a1ee09e7f7abfa8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

MD5 a251bd5bd0f9fdcbeedbb4280970e8f6
SHA1 d2e18e6e8a678430a2fc3a10f0bd26978fb30148
SHA256 103d554fb38adeececae80efafbc10b086c3b72055d14258088c191c487dc87f
SHA512 d329706c40bf1e129f2bbed4a2a15714e9b38f93f08fa965712fdebc1f9b7be6b7400c2f825fe4a9b439a93d418ac2006fb3aa3ba5b723a779eb1b202f108ef4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13366220639005718

MD5 cd731d817d1611bebde2bd986d0d78e0
SHA1 6aaab055849519bafda6938df16cd9923c40c06b
SHA256 80e36412c20f23a166ab85091d059111c46a28bfdf3c9d29d13cadd19b0622e1
SHA512 90dbdc609befc282bc41442dcba87100813e6113d089342c5749f71d2ac17e34f86185ae331a905bfd3bc5b7a75ae63e912d86324852610cb9a0266873e55293

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

MD5 b5416451ec10c81cb0410300f6ea7a12
SHA1 fbe7b5e068a10edd86f9ec43a126af2f451628cf
SHA256 7bc4a9f908217010a03f85dcb06c20b0061a49141eb2884b4598269bd70b722a
SHA512 339ddcf3ddf0bffbbc04ec9f433b59d3d690d8900334edcac8b34c926fa0e7a376f10650af02ff1ae06e57cfaedaff12ee6032857d8a84f90d69e21857f2fd5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

MD5 506692155858158cd125773c45b1c101
SHA1 1c7a72ed0265a8eaf8195f93dd03d49ce1b182ad
SHA256 391d80c1987e4fae635892485333d94fbb084e3d8f9b8d79390c9ab27ae6a2eb
SHA512 40aafc3476fd830d7193ec3c4dcab58e8ea55dd8548423b2cfccd8ed7a291c9225d50520539c71f731e0e0921821214dab47f491435d46cb3fb75000d7905408

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

MD5 d17055b51cec14cb018e6aa10a98e9fd
SHA1 d3f508921fe48abc2ab550ad4d9a9a3886ead6d9
SHA256 e535c616720789f0a742258114db1ca4be4928bdbc5c76e0750dc2b3f975e933
SHA512 500f2c05638d19092c2d6a39ed963522a4b8db2980713f25e6098af1a082d64ef3f6a9c570856d3445014d99f9c7e7c4837bbf107d348c2f8cf4287db4e740ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

MD5 9eec3d37df00766427ee5be1e990d8e0
SHA1 7b5eadd2346f56237ef9fc380cfe6d3c40e929e2
SHA256 31aa2d41d78218545e01d91cd41df68af1897a4d09249f183868141d12fa576c
SHA512 e59e2cb955c3ed6bf46b619f0c324e8aed83318ee2163a2aeb6d605464e18f5bb4ace70fe7ae56189035601c2714273b05170291196e7d04d8c66bc2e1806b00

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

MD5 b8a2c92dbdb8a26ab937f5e5095e6ab0
SHA1 9edfa62403a89c918de31188df62beb1e3bbdf38
SHA256 75a0797e1caa93c4d4356ba91921fdbb8f7f501ec758d37e592ec56ecda2ac80
SHA512 f3b97ceb891567d7835c4165d8df6a7266cee0e43020ddabc043cfe1a47b968506f68f34bf41862a8982be95aa118976634ae4bb8cbb31d55a9825a44ae07895

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

MD5 9041f452f6c15b11086a33b25102fc2c
SHA1 883895ed97a42a25870dbb3b2300aa8233fbfb68
SHA256 9c79bcf689b78247bca0177ebdd87c6a5805c0b859e294927472627879bac033
SHA512 7eb8137c3fb9299713dda6842facee36f14e3811c2cac570147da01b3c88806d44e491a03aa0e795cd0f7219bbe64bf3cff2bcf6301ee12d56b6664356f990f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

MD5 d9eb7e06eb54bcb944f4fbbc1d317cf1
SHA1 8b7a97921cfbc09168b0add779c73ccf62d537a1
SHA256 365e8a4b9b8759efba13f06c04b89b89da733323555f1c9cc649994afd0b2ab0
SHA512 3ef2f01893df8b8deaab67a484e970933728a75b019bce065930c7cb56076caa484457ec107170e24700c676d77cd4b4c16b2000be15016a205c5971131a5adc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

MD5 a46006f9c22672d82f2a3faf299f9837
SHA1 4e73e716a2051c7ba810b82b905df54463633c16
SHA256 43aefc97b2ae5539c93b1aa13b4b4d94d652ea1b866b820c17b1868037afb121
SHA512 cd62744ea5abb4057cf9cd96a0981876ed3de31893f8897d3ef374bdd53094dcbbd2775bb6ba2c8144924575081d9055d86733eac4ebe9ec7b3453739ecf6c1c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

MD5 462ac7a6623fc7f2830603a80c11d58d
SHA1 ad32f9bba8b7bfbff861e9856e19dd117366512c
SHA256 37fcb82ee8d04a9cec263f85c8f6b88b8800c12d45480484ffae79c90f8b1846
SHA512 2205a58383eee9e1af265fa93d27299cf2f01281c0b02eb091180a5e0790ec2112282f5ee03b851fe5e4bb91ae7e160a4607706b91f32a641b760aa799a368d1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00000a

MD5 53179cfa9bf8486d72444dfca7a0ae82
SHA1 e509dbbb367eda74210e6a3565a7cbcac0d22969
SHA256 0afc9b9f917c36112aec1dfa511cc60a29866de8125ffeddd7da7edb9d3dc53e
SHA512 4db84694ec23bb86e34c422357f7e5cc443abcd9280236c78e11ce102bdfb15b4bf592809b9ee0ce682930f615c440e7bd1aa2191c25f1d588af4a417fe1b9d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

MD5 e368622f7c7e068a36f03b2311b342c7
SHA1 be15b905ab4bd19c5a56a4788dcdbcc23b9923b9
SHA256 4f2001bf5b000c1bb0a838c37cebabbeb5cfa85cadcb8ab745ac80c29341a209
SHA512 64a53e1592cbe33d6fa04f3a562af7bc0d01771ee34dbeadac59678f5825d510d97235dbb87ffde3def257ac159ceebe146dd880e88b994be622adb1550ea218

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

MD5 2820f05e19ea6d91d23c2e437d8edfb6
SHA1 b80b040631240a8f14b0a53d832c23f6040cb23a
SHA256 e06997efc0ccc6efdefb40468dd6eb2ffc5d2320bb3ed76034b1a1cc0041a09b
SHA512 dfffdbf4c00c592ae6699d99b773e634dbb479d891190a5210617f02687dd239e365f96f1dd8c1daa534867678799598a27285f6cd4f80c9b1e534fd2ee33650

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

MD5 83747281a62f17abc9e81e4fe4628d18
SHA1 3fb6d5f3642c2433fb8b77aa5c99e2d7726f3f07
SHA256 efb533f1ea0f0ea8be20be6887748b1558c835439024577acb84f2859332a0f0
SHA512 f434445f095d0124963019c21a00475baaf48f7c3855130ebbadf4105ef6f680322e704b142e9af1bb7ba84381dd6926866a678e3ab918e126339b3917116bab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

MD5 8a10dfdbd0b4dd412bacdc804ad311e4
SHA1 dda452a04c4cf60c4bbf711b83d9419647710b3b
SHA256 f5b7f81db92843d229636808069c45345a30ca0b3ef78850ca2eb8145307ea7b
SHA512 cac381859db03e735dceee3e82a2e18b948c24618c252d1325d1280702c6eb80c63bd19b9ea34d69c5130b210e03f30ef58a824f04f1e6372c3dc11c52b5c6f0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

MD5 90209af76e40066e5f9c34810a5a6a78
SHA1 0525ab63b5d64405b6733cb870fb0b285a2d8329
SHA256 8eea921e1c256c1f613a11d3c77eb0eff9351ca54657fe1f53aaac4b54e50dd1
SHA512 2e4d3ab501bb5b37048c5bdfd977479e7d5ae80d5042d2890e754e131c3d9079bd0acb6fc88d69d5b72cd1b4de7a646920d66852ff5ac34d68308ccb09fe6f6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

MD5 eeb01e8810f464dfb58d3f992d455595
SHA1 51b6aa353f38d4220f19e2203fc7d41ef95f72a3
SHA256 a2233e8c6bd6df5ad16e6a927b81a95c0af709ac433aaeb18ceff5586506f4a0
SHA512 fc813974a7e2da64f258f021e8ce054877e26fb03c74a2ed6a8c0a027b64130648556d821004bc798e4365b0ec4ece0abe6e9ed225e2526cb210a3ac3479503d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

MD5 b48f9b6693fd4e5bc26fc0395a1c93e4
SHA1 1b5a434cd4cf458ab5632d5bfc2337ee0d04368a
SHA256 93b222c847f56010091e9ccb433ce28f1ea1d79e761e65a634bcfdb2b0e2e8f9
SHA512 cf3c7085f1954ccdfb2703f3497254a2834b51fa1d6afa64d5da183e019fb514f7b89dd5aa572f29b899235013ced54ada11448e21cc1f28134725c7d2b7f808

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

MD5 b6c279cea58c8348b0349b5b35a63e1f
SHA1 f9802ace299fb537d29ea8e2314013844a49882c
SHA256 f446381f98b80cc02c985218659f5e81773eeb48cff155e6662c02591adde0c4
SHA512 5c5ccc092edf878beb2be0b73b0e22a8db0486cd6498cba7c0924f495fe8299b5c255e67721af231819aa8bff3cc3f14657fa30b5cf4f486cb50109765ceb819

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

MD5 cf2f76b2ed4b9cc749a0b362cefcbe2a
SHA1 7418ef65eec293f9ff0e85751a69fc703806151c
SHA256 b3efa07003e01084f34a8f71ae3dedc0949038c2fb6961967cdafaa39c1c783c
SHA512 561b0641fe87d4ffa0b3b919cf4aa6d2471adc87c58a0b8da00737460394c76efeac688b913129697240f4efe66bf7243b29903bc8035515791d7839801119a9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

MD5 e51826eb697636b160e9a165d70ed74d
SHA1 53f7525c5ee8eb300dfac5fc6765cdd62e440e17
SHA256 9ff2809111f5f505588581b68f74bbd72db1e9234cac93798809550df80467c1
SHA512 8fc0380d49a0935c3180eb9e887e667da18494c2b02874ce8f6c5ec8fc39aea534b123bf980131f1f1f8e0e559f4ed5b8eaf5fe9d70800235c61c7c6927f863e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

MD5 255a58a6b01f6084504f4148a99836c5
SHA1 bd3f1dc9aa15da2d0820b341026de230d2d6753a
SHA256 f5fe0eddf49eea28e29543f7aeba3360627843ee62faf722a7cc105e591767ed
SHA512 e342afec7f5c05f610b9166143bac1069af29b7e4f560dc2ff98e217d966dbb0bc01d1dade376e289ae9e4a9615254602f8e5fd62f180a4e25219d5f8acec53f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

MD5 9eae63c7a967fc314dd311d9f46a45b7
SHA1 caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf
SHA256 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d
SHA512 bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

memory/2864-502-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 d070a10d789f716bf8de725711926c6a
SHA1 d94986cb23630db3283744281a6ca9e294a0e99a
SHA256 ebd708427f094c6bfef59ded0557e298f2bcea468510b1d6f945d2651a522c77
SHA512 897e1d1abe1d588be75b71664a765b6bbc371c7753ebf70a84b0b4c14bdae48017e4806ba19b3cd7743e96587ee4b0dd61b0723297378509d44270e5b2a91ae3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e8be540c2b6aa3fd05cdbce1c5c8fee6
SHA1 4e0277d2199238aa44cbcde1409307f900e73e88
SHA256 21553b66d1ce26ad818eca5d935a84dac39ae81c3b936d87a5662d4cd313fc85
SHA512 edf7881c5593121a393a7d3a7ee9442146f0d524d38fd982ce37820b1fe6a034c6e72cf4d712e8a08ab64fdcdb4ebc71ec817a792ef321704e9d9ad9fca70c8a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 03b25fb24d7b7cb4cca8e221c5e72c94
SHA1 99644cd405d264543318b32b29a0791ed91e8e42
SHA256 af81a5fdc6d111624db773be9f5ecec9f73aa24ecc33bba83c9bf6daac88846f
SHA512 3d6246c07a943d2f2a743c77c249d48356dd9d2239283c749805f3686380c06558147082456f2656b27c1eeb984302aab2667d594d4fa76897e4e976e4d795d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 19f6dd314e8107268fe856b2c22c25eb
SHA1 a9791b5d86ecb465b5d581a29415bf995cac7334
SHA256 92015da750e601f6d716434cf9d89feea01edf949b20112866ea5f453a665159
SHA512 40129d1e3ef03644d90376c3d4615f918a338f0602cfaa7b8df2164c6b7b5429db8181be0b02a6705e58416bfe7b909d949f32a6d64c2c33d1fdb09b13475f33

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 2089e05a22271d3fc9a7e639244e4178
SHA1 eaf2bf50066afa3d307dad7b72bc5724702f74ee
SHA256 05320402edc48066858d25446c9462f85e8da8ca3fab955036527d5bdb41e680
SHA512 fd18bac143793fc1161dce6fa004b5f9debe60969ed032d42b3ffa436e3f25d4ca4454c7db50ae3f508d03262d6f54f9886b2cf0b6ada4a6ae9e2769e9d96f42

memory/2864-604-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 2489c3eb1da4df2084ed53d0147c5520
SHA1 01679c9c6fde73a330bb6bfaf04b482d5f3cf05c
SHA256 feecf73304ec7f3a02e7316da3771dfa2ee7d2a9e7e233be7da682a09549ed7e
SHA512 8d11d7e5cfa8e621992fbb1d099225186ad6e5026624fb89b49918daa1e05af0676b053d7e2110e64de9186136a3ef5b70daa2b5f79697e515f95079b91c0a92

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 57b9d7bb591d9cf9a8192b9ee3418418
SHA1 20c7f881514ed7d1ca8dcd400281ae6fc5bde679
SHA256 c837fe2972ce07a03fc973bb9c52a792025bcc3bc3a6704fd1bf4244b27105ca
SHA512 701110e5878c0b58af1b5369fefbffb0863e93c08a9afdf9d14e51e421c885c945e6df45cff1fa7e7e05ba1f28ba17e1a54eb28e7c59418820f47771f98ccbf5

memory/2864-642-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 b826ba7d1c3f07443ea446f57ad12253
SHA1 1d0aa7fb0d788d1642e07f70b9be1cf8095b1805
SHA256 cc9534b0390fb27e6366c1034dcce9602e322df42deb6f40017a336379f35dcf
SHA512 871e6ed85a2b0af82039628543e12b7224839c56014475584c30afd9cadabb9a8b42d0c49ff60afc9cfa5bf729b4a5dc51b3294ee2e1144427a0a58ac96b68fe

memory/2864-671-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Downloads\WannaCry.exe

MD5 5c7fb0927db37372da25f270708103a2
SHA1 120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256 be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512 a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f9c065cbe39b227a4d9a7889de85afaa
SHA1 3f2fe84acd3ff5ae0fe703b0f8a0db2bdda51830
SHA256 f561e228be22fb19ec482f6178929a9398c6f95bb8d1306ef182f7150443927e
SHA512 a278006b7869ea05c7a08d510f59d6f2a4c2b6de8672c661c9c08f165d2d9cf0e056a0182a3dba61c5d91c140433219123205c3827a99f60b9c7f47a5f444272

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ad9de94082846719a3e264645c75a036
SHA1 9dfe929881c98cfea7fc09582acb0c27996ed429
SHA256 5617fdcaf85f1f499dc3a9d917254f612122642c3d79a49cbd4f882df277a1dd
SHA512 44bfa40ce4896fc47aa421d40c93dd6aaebf9c9a32589f328a30134958ce9d868f67e77fa9fc967fa5589289768b7ef7ca3bd515b51e81cb0f9fc0322a6aa813

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ac7a7d94a18fd9639bb616aef29de58b
SHA1 06102259309c9b849f188264ff6ee9e3bda33395
SHA256 96a4d3a0db11c8133d88716a780e680f1b06a58a7406ab23e2692a9e669b8fe6
SHA512 ccc8b78d541755c72630ed164b91e99938e5ba2c2db789e090d71a1e7144b7574001b09ab2cb5e10b77fa38a4889d4511c31660e70803d986dc6d5e9fc1c2f36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 101c80964f7ffe70a708312299b16116
SHA1 873fdb9747376ff9bfb1f5bda51d7a7b3795ec2a
SHA256 45cd3d05c4cdf1db36995b24a5763cd7d6d272b38b448b49d3e0e61da63f75a4
SHA512 7745ce55d240c89a87c12a396a167abc1330da07919128d6a2b98c6f8d1bab7b1cd10f48d3e0829c56a36bc25535f97cd02c7177843b8e2920cb9ff7b6bef421

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 137bbde72fb4db4fd36023efec4c2cbe
SHA1 907c1e41d718d532141f7c6c0754f3fbf0f3d5bc
SHA256 09bc012a067223e5fb59670408d8033923ea9170de7b72fb74123c2718a678ce
SHA512 05308442359018829c0cceda34107661db85bb14d35bc86c316a0b8199fa51fa18db47a3b4263df3e923fc2badfb3c1d57cfe612f975823a92da4dd38736ad18

memory/2864-794-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2864-795-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2864-796-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/4148-803-0x0000000010000000-0x0000000010012000-memory.dmp

C:\Users\Admin\Downloads\u.wry

MD5 cf1416074cd7791ab80a18f9e7e219d9
SHA1 276d2ec82c518d887a8a3608e51c56fa28716ded
SHA256 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA512 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

C:\Users\Admin\Downloads\!Please Read Me!.txt

MD5 afa18cf4aa2660392111763fb93a8c3d
SHA1 c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA512 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk

MD5 fc80ae0abe7ba42a6a05c272491a178c
SHA1 109216d831a5915a03dfd451101fd04d08ababaa
SHA256 6f9971cb6feef154afaa13bcc94ee724dd7a2011594ea96d7f123999fdcccffa
SHA512 a84d87a66ce5447eb805fdadd9d0e236830d3454dd2c618eeddc81045a5e4f74b77805cf202a57169f19215f2beb647f81c03584e417ff6a1d24d9cffd212941

memory/2864-2139-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2864-2155-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2864-2157-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2864-2158-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 f6714ef234f08729d0f272a1e0c8e68f
SHA1 36299cfce384f938a8e7e4d400f464347e3d1892
SHA256 d4bf857f85faaddfe5df3a28f9f27e3aac98b5483fce5e435b52f36f16ff7363
SHA512 278ec8f8ffd6afe58a4eecae80f7d228d2a10db46e30c061e9ca6e803c00f9b6735369ed8586710b0fed57a0096a4c9c71df722ca2e519554022729be69b1eef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\search.json.mozlz4

MD5 41d220d4783f67d2b57beec20c135229
SHA1 6e97765e77920b6010fac2cb4abf1e3cea106541
SHA256 5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc
SHA512 dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

MD5 7d1d7e1db5d8d862de24415d9ec9aca4
SHA1 f4cdc5511c299005e775dc602e611b9c67a97c78
SHA256 ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda
SHA512 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\9178c08b-19a1-439a-8ae1-72b70e6a4cdc

MD5 fe2c1538be31ffdce7866b4030d8be4e
SHA1 7158ac5144a233a24da6e6a77babd4b8e0733c73
SHA256 af1591b1fb2d082cf2ea3063946ecd6cac34c8d6dea32bcd06a2943f58ae62e0
SHA512 cace48fc504e4bef10acf833c9965cb6e93b425b496dcac458f721ab32df6751cbe13f8d5511cc13abc0481fcf602dbd10d5a668ae48f3a566b703f75d6c6017

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\53eea0cc-2675-40f2-a224-02a25659b59b

MD5 f6c905b7eaf72e0d9df260c54733291b
SHA1 5db760e4e6b2cd69f5ffc8ef32533589ac113722
SHA256 c605e2085a2624570ccf87d11e9307a95308ffd0b41eb82465e241212b72ccef
SHA512 a2b87309217ec4dec14db15523c6d97510049b3efd9a8ecd1d681ff03fb0b08573a0f3d0557c81025c84c21fff90a5fba2e12109fc6dc72a2575a02d55ce6560

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\extensions.json.tmp

MD5 5f1daa4869d7403f3e013e87d303328e
SHA1 3c587828576b69a1a4d7de4fadeccac1c526e4f2
SHA256 4df13e37161ce1ebd9bbfaa80a279d93af966c9549be8046f1f129a8613a1c5f
SHA512 9dda4871dc98795c9c7bf59da30356f079c028c9d385b917ce84cff7fbe550c69d164f0df99eaee36a9a846b4ff6e6cb22c8d5f8aa5da17ad2b9ac1f7160f893

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

MD5 12305b0f1d32218c8a118050586c82ad
SHA1 c64b0f6a3352b31f125beb457c58a0509a23e7c6
SHA256 3a7a6c4d482070ae8e6f1f0673ca9d024a3aac1c69cee659f39d1e2e6b2f2195
SHA512 79430f1e623ce28df4facdd67f85ef93a8a90c58260379469142624ce4d0cf43e04874d66296e33c7c73b2456da12b45b15154b7fbbbe38291bd3111f5271f23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\activity-stream.discovery_stream.json.tmp

MD5 26dabaaab2fd56ea7110457a1dab6303
SHA1 6dc9a0821f3243152be6cac88e9fdd44b80283ac
SHA256 e5dd18674f6e44c301c739f2f1bae0ade6bf00c9f37464ae0a133411c9265fc8
SHA512 1dae16562d8358695fa0b82db2761091590cfa3073e0ba60838314a277502b2d20dccb6555ed98a8d932adb3307d442bd8bb521919614dd2a98e6b6bf5bf0823

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

MD5 629716c7b9d66936634c9e02372c7d16
SHA1 45d6ef2c1de2d0289897576d86ef0c1fa4d83541
SHA256 6b4de2f6eb6c5cb23ba5d65b231b5b53b335608fd1be916b5210325b8eb9ae1f
SHA512 7223acbd28a29d2b4132a846b370d68beff82e457eb10ca5705de016d13748e2b365a6de9f96703fc3855bb5a491495a5ffb2bad125ca9aae101819be028e80a

memory/2864-2355-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 7f868e557b098795d645df9ea302427f
SHA1 001f3306144559b4049a8ab139b4139f51e59c0e
SHA256 b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5
SHA512 56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 a5a9236a1045a891e4d7174514a1489e
SHA1 e1e66865c8156d87ead1a8e368896ad2932781cc
SHA256 6e6c8d3173b41e501df4e43883be21c80ccb4a75a0278f45f36ca62a0f9fe6e0
SHA512 7ef1bee4b36cbecd43749b01cb8b1d7941e0d45982e0c7ccf8b414e8087f93b80212d26130efd3a1e1e4f194a808f11b7b9d1f6d3b175c118d1156d9cba54689

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\key4.db

MD5 3d81dc70f89c9fdcf4a463bb68c5d54e
SHA1 50e1c2189d7156e966f7ee3e5a297b3e0ce2102e
SHA256 7d644d13a67b104bfd6c7e5d1e42fc2a7990756b320fe9e02553262f4210ff2a
SHA512 2ffc6ec10250f864b47008319c08c24d1e8f7eb49e5518a09cf9f660e8fb80b89320f5ab22fe4b4874fefe0891334f76e97d8f6e81a157402928ee4c82978004

memory/2864-2404-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 f3457064f400e3fe9a51907da15c2176
SHA1 569aad9c02e9fd15fedbecd5021e86875d621e9a
SHA256 b1a5b50d75834257dc2aa8b7d62d4f7e1fbaa1b048e03cc448bb3167a617dbbb
SHA512 81222270fde7aee8d6b5725bc2958c1b18ac8860b698b725ca354d9d39228947aa290884bb052ad355a7952ca32550c5e81a08e0016bbbcf8aac7aa28a299b85

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 4962cb318057a9e455657a3fd1165dc2
SHA1 549cb4556b00e958a2936146370152c9633711e8
SHA256 950b756a97bdef18cb835646cbc01027db4ed16d1b04f6620410f27c2466b3d0
SHA512 87a8e2c1f5f34a2d2e71300e7fb2ebf862592654c1f1a52285b1612d8d0b8578ee6c1fac65fcc62b0f72a7f41fe2d726b33aa1de63882dffed80e74bed867f5c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\19673

MD5 7654941dea907f7ff19a70dcbf50e5bc
SHA1 b98e9dd3daf3f2633d6d3118651ff2c6cdbf4b10
SHA256 3166724be45c3c5287d69c3d12ccde0ca1a4fea8d6178bbeece85510ddcd6724
SHA512 6bc0bd25a10e590b1986130fc3fc83ad657553a082559fdcc073655e94aa205cafe1bb20c97e4b390a94eafed4234edf4f36a852729dd47ad307073f10957050

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12391

MD5 5ff55510a6d88b1b4f45e1b8835300ba
SHA1 b9a4226c8a13930a49b738c273af2b80080556fd
SHA256 d9341930fc008c70fd3322cd4f6b09c92bb8d84696e35210845a0755300bb31b
SHA512 3b5ddabbdb4232465b55c2b6229ed2f1bf059bcd3d868d5cad28826fee097ef28627f9636ef24fa9b156ad8182bd139c5e16403b70e59582511ef3167d402063

memory/2864-2560-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\Downloads\MBSetup.7HA88FKR.exe.part

MD5 a12dc3ba25a19b5e999d7ef2e9c3a8cc
SHA1 8ec6ab9e35b497dc7dd26ad14429cdbf6e532ddb
SHA256 e3b4af98aec1e4e097b75b3d1826dc28b92aa81491ff11136b415360ebfd7552
SHA512 36e38a47cebf187a943ead10cf83fd9d7fe59f6075b3424cea159f2626d39bdecf9834a64df366160f10d50ca8b503d249de8de8acf949494496951bb9f1f415

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 59b911e8363a53be0b5bc8dd98c536d7
SHA1 880eddd38f68700b7abfd6879bb4d00782480979
SHA256 e1387da56b4a0ee13fb693100b6a4ee2dc88b3baaea238295af236380f6199cc
SHA512 db58b4939ee89b125f28b24e8cf562cd83979988282926da586d9d6db5ae1b5080e6f92508176cea89da2bda8d8174b99622030e686856dda76a3ed3f82dfb97

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9528e9b792332e911d5cd2209d1a4ff5
SHA1 27d7da0e60a819df0f76f37e14d31de5f6a7b819
SHA256 d8d4d3f99bbf8cb02e886fadac0519310317e167d1a071206f92e26c29c9652c
SHA512 9421a570794faafd2769de4cc1d6d03cb26425a3cde120d773c441ed9b93ef9ba439ccaccaf8642408aa61784643dcf163e95c5373edfe6276942856ea4b73fa

memory/2864-2617-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

MD5 5b11470a2b4b95332e7627be5830b04f
SHA1 8c10072f4a052e41159c1e11bab142b7cdf4b5dc
SHA256 746aaf20bc6d025e2d2b596052bbbd8d00ab42ea4b9093a84b0d83ef5ef7e1ad
SHA512 e6c58aefbb6fa0cf8b058c292cd41b7908cb2f8f0f7e50f79668d2a821433de74084619ea5f696a3a1c46d0b1f2962678a2b87e1eefd9cd926cee36a62b37200

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

MD5 555bee2e04305eba65a406478aca9b32
SHA1 2c8a1f5290e23e7b2d173c4ead497301debf2c60
SHA256 26896a93d22077be8147b9c0ea352b72ff59bd53a636d0072166e3d201d8d43d
SHA512 272699ba704921099f90f64e3178d86da80ad0ce077473f82ef5c9f4ac111480829f6611dbff1cfdaeaf4d24b916760c89d67fdd5ddd01f1161dab39046683c0

memory/2864-2721-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2864-2722-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2864-2727-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\7z.dll

MD5 3430e2544637cebf8ba1f509ed5a27b1
SHA1 7e5bd7af223436081601413fb501b8bd20b67a1e
SHA256 bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa
SHA512 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

memory/2864-2921-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll

MD5 3143ffcfcc9818e0cd47cb9a980d2169
SHA1 72f1932fda377d3d71cb10f314fd946fab2ea77a
SHA256 b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7
SHA512 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\MBAMService.exe

MD5 c02dea5bcab50ce7b075c8db8739dbe1
SHA1 d1d08a208e00567e62233a631176a5f9912a5368
SHA256 c264dd072a5c7954667804611bcc8a0708125ed907b1cf2f8f86434df1a125dd
SHA512 74bb2b82d0d2bad4e26138304d4e4ad6379acf19f8aa13aacc749901e7381281d59720d7bfc3c6df0c835d805f134ed08fcde47a79c4c5384a92abeaa4c89f4c

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\dbclspkg\MBAMCoreV5.dll

MD5 0ccbda151fcaab529e1eeb788d353311
SHA1 0b33fbce5034670fbd1e3a4aeac452f2a2ae16eb
SHA256 2a6ac5a8677bd1b410420183169b9ca9ec87dbb78ce0f11ebac2bfa022df7c70
SHA512 1bf9b8849b27491ecadfb4caf4e61926f9a0a8479c247a2281ba2d7c1ae0587251330ee29cc053630047e279ef6b52d3a125e21144b9688f1328f101bfc3c2e9

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\srvversion.dat

MD5 b302673116414c7c4cc5428d0e50e7e5
SHA1 14c56a67d0f3e4f6c7e92146ead787d722b1e89e
SHA256 2bab6e8554a9f52106e43711b3d1c10b6e1125c9900e67cfab642b0e6be9ded3
SHA512 156db182d8d577eb570b6871b044a067e9f70316d0c5167c3127c6b60c368a26f125771b2411a219de39c2c14d2aaeef5dadc2eaeaa7228a4576fe62b2548a99

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 7860e3970ea0b5feca1d717352d8f5b2
SHA1 3e983bfc91cfa0db588b48cc8eb5bdb139a989a9
SHA256 6838db5da53801d4c6e11a5a2f736ef241e18a973cf058805ea8e1818ddace22
SHA512 5f34d0a53df82b9383b11eaddb3e90495d7c5d51a8ad9911c51057e5234d5ead11861538b106e4f8f43a90cd416f7198a7e67d46261f2135518b5b221672d644

C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

MD5 0b674601f7b05d903b1fd9240dcab05e
SHA1 967d0951906268c1de5338c22c8f717a6842c37c
SHA256 993410fed220fad8d480d612bd871002bc5999430cca7b43d96bf6dc7ad1a611
SHA512 f421035305f6caf745c5c4b0a72cfb6495c13317cc5eed2de3f55fb5329b2874bc0bb399562c9d0763d6230c22dba09fc43f1f64c8d77438ecd86cce1d780ee8

C:\Program Files\Malwarebytes\Anti-Malware\version.dat

MD5 829cdd2d01dbe1db331c6214885e467d
SHA1 e75e6d16d28aa14e6238c94d7d86a4a38e721f73
SHA256 be8cbc1cc2329547ed35698747891665a695b9e23d9b87af5d76779c41305990
SHA512 e97b5a30859d1cd1bddbfebd1b3f4f20b9a23cbf3f112b44c2113e4a35d6973d38d70931bffb9391fba18bc78260bd4ceb88fba04061590092e8e5217c43b836

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 af9d749e8f8e93b2fe4f5f2c779ce931
SHA1 effd3262ef93bef60f0c623fb5593c253d2563e6
SHA256 41df710e7e9550f190c46465b5c733fae9a80174ca2de04c7af7eab153e8b3e0
SHA512 cd4b8c61e7aa832748f3fa2c2cc78541a7bb550e6daaee0344294e1a1b4c8cb49e32486f44e1cb49024d1a50546830ba857301ec821b73806dc06f41149724e7

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\SETB128.tmp

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 f1366e6bd47eef5bf6c35a748602e05f
SHA1 255e2d4448f8149c1ce346583374c4b957f80c46
SHA256 e0ed3597aa2e07f04cab7ab59f976cb76858e33e9e3cdebf491334584d53e17c
SHA512 bfb2be48117d94e2aa8633d1a3b677dd11be1be32fa34e1da323464d2ac0fac387812d6e5f9b908c64bf8bebd30599efd5984af6f9b31de96de59a7c32117873

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 3b1533aac527fd1d15fc4ddf551f78e0
SHA1 6a83b510c7217a4577ce0bd2c3b5898d8b87539f
SHA256 fec165fe5939264da3f6dcf484eae8ed797bf94c0ead8f9178a80ba5c1107c77
SHA512 1528df156bbbaa464f6ef813d07d3e5ca1902b1deee84ee70c592c7ee967b25850d1e01a4e42eb0c1b2359f4ae82d99f38f22a4535283133d058be95bc239260

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 7fff430483b39e7d2be6e06fe3ae133d
SHA1 fbbd183e94201dfb6dde3b834361dc6e2f97300f
SHA256 a8bae890a45d19aa0ae1de0d85f94c349efec5043a7618b44124456532e82e59
SHA512 3800f3213e77016f8ab25f6eca27314aa46303c51913aed2b6e1c950e66fccbaa94c1bd2c8367e0c8ec8c5681ef0e3ba785147e0770d60bc8a463cc9d066b74e

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

MD5 1574da875bc847410cd6fa7574fa41ff
SHA1 1a8eff22bbefa3c3648f75a3ca4dcf41964777a7
SHA256 11610243d59ce9ee76814c902395703ae8fdcbf9c663a852bb58159637687aeb
SHA512 6c008a0d5d165202986423a7bf399c73f8b5281b2310a082999c1e58a283085a3918ea2115a7ef917a9f871f8f55ad397e8d99a79e297ad54faa2488f7de0bc8

C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

MD5 0bd4c739301e0d04cf680b6f07488a7c
SHA1 c06e1e49002d6b4eecd9cc2f1e6265d9b588bee0
SHA256 dd008cfa5990f2687c64ce7cfef63faf4fa3ce659f8fb1d3d43a2c2e9e9681c6
SHA512 1e2c64b55676d166a7305466c4c853b1cd941fa9cfd7d8625de29576f5a0ae209da56e8f7c5234b554708998dc96bab8f9c68d317560f6a62982c2d51ba949b6

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 f57b6ec8959b38d0b7a6ef72b01e5f05
SHA1 60824c8e88991fa2d1ee021a9b5f7cb4f0ef8a2a
SHA256 4e5f7a20efa242d9a095a663b90b813d8888bf02e9d97d2c9ce636b710b9ad84
SHA512 6812bd852a3f73c0d51614ca393c298c4147952ce4c066e9bcdeab2eb409654b33dd75639f73d411701fe97d7239c601fd9dc37ca8a05d8f7110af6a8ce2a906

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

MD5 b3a22a26174066a1e12c432b31cb077d
SHA1 670b32a59284a60dcc99f945277c47172f84607f
SHA256 48f408f2944970ef8464cd87c77779323825b7bcd921f06a2406c15dce68fc56
SHA512 47d2533813194d7066f03365c4dd15e63a16d313d419c1188738f60ebb49c4efb594f3c66333daf039ca3e6501ca71a9ed54140bccd4afbae8f6b663b66314dc

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

MD5 015a876591dc3e66749f2ce074ccf2b4
SHA1 1ae93ae81013fe7cffbb8e02289f40b6ae09bd0a
SHA256 d42e60a73b6b149de9b1ebc2bae038f5dff19daab4c9d6330901e965dfc1daf8
SHA512 2da065c5be0496c7a55a23885ace2710061f73c7906ad6d3c9d7a0ed58039c3b0cfabb8137d7e8ef288a810b63a714397093f0e1d0e58510db149affbb539659

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

MD5 d94ffeb3c87c18339024648cd7b00204
SHA1 e5fcfc0ecdc58362a9a2760fa0e3a93c5e81c542
SHA256 78b5bc7f75458b6fd63f816e63cf64dab063ea28ee85037860fa7fa791257b35
SHA512 4aff140452c640c15251339649653e04907f2ad47610832e6c2573e87bbffdef15ea33d05bb0ddc756feae0fb376c22aa1149be43582ab70a27edc4b401cd9cc

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

MD5 2f7423ca7c6a0f1339980f3c8c7de9f8
SHA1 102c77faa28885354cfe6725d987bc23bc7108ba
SHA256 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55
SHA512 e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

MD5 546d9e30eadad8b22f5b3ffa875144bf
SHA1 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d
SHA256 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f
SHA512 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

MD5 447572836c3e2ba887f9bd6dfccbcec8
SHA1 59b5bfb0333c5bcf9ed3df5a420908e95ccb5e48
SHA256 54e27b08258db35b3dda138f1ccbfee05700b80e239b31bdffcb43f73f812ca5
SHA512 931470199a52a7d693fef23334956340b8b5307ce0169e493e10ccd4b8a7b7d82c52768700a2b879e2082ddafd70718cfc6fea68cc41123011724e24160b0942

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

MD5 f802ae578c7837e45a8bbdca7e957496
SHA1 38754970ba2ef287b6fdf79827795b947a9b6b4d
SHA256 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b
SHA512 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

MD5 10f23e7c8c791b91c86cd966d67b7bc7
SHA1 3f596093b2bc33f7a2554818f8e41adbbd101961
SHA256 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc
SHA512 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

MD5 ffe5a249402aecd1d0b141012ef5b3cf
SHA1 9fe9b21390d35a0f82097fddaf1ee18e91fd2f2d
SHA256 1acc1c8c918e0ac6cdb4fc41d96339959d42a71947a02f573686ee091606ac57
SHA512 1f7427472ca3f8a9abf06d761595fadca59b77ccea93477e6d71546a1385d654817cb356585dc05499ef87f61c504511399620852e95a46601f31fc6fa05f2d7

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

MD5 956b145931bec84ebc422b5d1d333c49
SHA1 9264cc2ae8c856f84f1d0888f67aea01cdc3e056
SHA256 c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3
SHA512 fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

MD5 aef4eca7ee01bb1a146751c4d0510d2d
SHA1 5cf2273da41147126e5e1eabd3182f19304eea25
SHA256 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f
SHA512 d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

MD5 c7be7238baabf60cdc6cea9a6923932e
SHA1 94ebb92cf1bb586edfc0ef24384e205a7b105ee0
SHA256 3a9f14409eafed68d6b653b25a5145bd008caf05fe70cfd5497c4932c86e235b
SHA512 08ee7df3bdc1e73e2527655f19e4367d414850d456fea4755bd80caba322b3b1ef744e44cdfeef70dd7ad86d4398c94f0fc3a34843c37061d5c02a29df9470c6

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

MD5 f4cdcd8beedb419a1f7d490637cc99c6
SHA1 be532b22c5a3f32991aac0ddfc1b45da1a56c3df
SHA256 f973879ceb82076b6357d47f4c80382e766b388ac2bf088803ee10e0cd861782
SHA512 d86e34c0451763736ddbb078e90cab561357b4816540d5f688702fab4999c2d07719eae047581c89d8dd33b451e9e13ffa0a57dee2feefd13992f2eb18f8df0d

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

MD5 a8e4820e175f7d9c0f37c4f63bdf44bc
SHA1 e0aa265a99ceb65255ead59d54ab2e044c7f63ef
SHA256 4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b
SHA512 68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

MD5 98ec07ea3fa7c465d9c2313dc3cd02df
SHA1 ee83ed39daac0455a7d3edb9640889b5c7c9f063
SHA256 7333bb7e81f5e80bab0db9ee1986f4f2427cd9e063c5ccd1094fc7e52199a085
SHA512 0be837e6e186d5b85004094279e516224a55b81c12cfc4b368f10b1e626caffd84a3e1811029fb6bff289b30bf11fba495ce8a9ea6deddc2915cb284c4c9a12a

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

MD5 5b41dd0854cb72af6ed577845f90219d
SHA1 bcc21ab1fdaf1a8c17aeac4066c71b6b1c62fcc7
SHA256 0522cc557d2c96457a07009faa40dffc414da8f27f5aebd953448a6dc255210f
SHA512 c1eb45a5708bf892644a8bb3c016a59fb26401e879335a29d0c879f37db604679e5abcc59bffd8163c9ff3e76c783e98dff701943ad1ee99915e04ee87b55755

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

MD5 1f10ffba6db639931ca0b86e9b6ab942
SHA1 dcbcf08c6441e1d4b826cd0235b79fcbb7bf76bd
SHA256 256490cfee92dcefec376b02b905ab374f796962e2f5b74928f638c9ec56cd11
SHA512 4f04ecf5ab724bbf71a17f01357c87f870caa640bae4f0048eb7e360627d50dcd931d4179de86d15e73b3451f5a4042d985cca1d7af58ee1129df78a46a1bb69

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

MD5 ad5afe7fe3eac12a647f73aeb3b578bf
SHA1 29c482e6b9dd129309224b51297bff65c8914119
SHA256 7d2c7bc745e07d54f1c26c06d7438eb40ec6f5d17dfa15928b67d447f4c63747
SHA512 5be9f8384cc22bb7d69d8e532e7025675db16777b2d01ca1819a6e3d8c7daaaaa23d842d338d55d74eb9973e230a8f9a11ce7524667fee09b18fbdcb5a49289f

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 88fe3a51178fc67b1df4efe423269489
SHA1 204e314b796f0369f8d83fdd061e0f96ecca3d33
SHA256 ecffdcd3d294c2e2fac49a8dcb74192e8450764f69dfe873ce070d1a27a7e888
SHA512 c7bf00d0e72a0f9dc186f00d312a0c4eed865302eddaddabe15bdd56d90530c1d1005a6f7951c72b1b4a894876261bfeb38e617437f333e394c6f34be9823ce3

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 dd6e1914b430907e0115f64321281296
SHA1 df10e904648af79b5234f86a6ce63b164ae2825c
SHA256 d73f067ab89afc9c25eab331c12c028eaad421dc74c7c2c3a4114aed14bed56b
SHA512 67b9cd1df22a3929d57f5f349f625e62e0f5104a0bac070ec1802fad155a52bfd2836689637a71f81d6b7ec8c62232352e6ef3b98f8f38e0bea03a452e0ebd00

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 c94e0377f32e5b87e83df764238ada1e
SHA1 70d92f185b2875aeedb971c3baf0b80f54999f07
SHA256 4d925d0c125daf550d3bf265b27a78f059d61fcc72e91a422a597dd3e881983d
SHA512 3941b8c320ff8647672e213b6c093d8c7e4d8285c3f0a7915b7bea48deb3e8d6e9938825835d7913adb4d4e4e9161379ac6cf2734bf6f4f5ff94aa81fc809ecc

memory/2864-5665-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 60ce966be1e1063f3996807af427fc22
SHA1 595ec24247d6c05d645fb6284e63bb47023866fb
SHA256 e6bc3212350e6ef84575f37f25fa5d855e1d6d0d8ef205b8424a38c4bc9b88f2
SHA512 c25c5a2313ab098d007dcbf21085c1db57b98423bf2ce212e37a42098969c3e19d36a2b826e4bd994e9c1a402a872cac32e42f6935ac1487d606a84e494e9b88

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 ef58d3693a1b9a715cac0142f8410c81
SHA1 fb132c4a1075d90738da3ab083e8454eadf59f79
SHA256 ec48dffe6e2631232e246f014c7c8a10aeb57ee03b6773f1de3bf2cdd13070fd
SHA512 9a351d7260e0f6051c959c522292e8be1bacbf3f27cda615f95ea97df8cbc64c2d8202d3526784d95957ab3f922cc5e43d002b8db0f1e7a3ea8a1a1295678990

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

MD5 246a1d7980f7d45c2456574ec3f32cbe
SHA1 c5fad4598c3698fdaa4aa42a74fb8fa170ffe413
SHA256 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147
SHA512 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf

MD5 d87c2f68057611e687bdb8cc6ebea5b8
SHA1 27b1311d3b199e4c22772fa1b7ea556805775d37
SHA256 ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8
SHA512 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat

MD5 ddb20ff5524a3a22a0eb1f3e863991a7
SHA1 260fbc1f268d426d46f3629e250c2afd0518ed24
SHA256 5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a
SHA512 7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 bdac4e567cdb36edc7ea84c6a2b6c8eb
SHA1 6c9eb36e314ad9b37331240f3ac0ec683d5aca19
SHA256 c290842b83fb929e0fad02e58c92b9299fb795d3aff9920426cd2c4993844e14
SHA512 9c636d556a5cfec91bb58003296f76b9c2fd7f911e63c28312b1247fd19e0543ddd4fc2d8ee421255718e4c279a15d428636d1d9170d2227a11b1892921d33af

C:\Windows\System32\catroot2\dberr.txt

MD5 42786f5049f76f55ad3f5557ea0ef6f5
SHA1 cfe8c264a48b7d954159014c2c7c463c78cc18a1
SHA256 99b562f0f23510841cb84e7e0e03a4ae2638227c268679d76f8d1fcb84c32edb
SHA512 b66412cb7f858e2c606ee87b17691567d2200495105f2f1dee12f9a5fbf3810cd760c688862a828f8c48219c84a336c2e7374f16f67f011bed8ccf5097e27149

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 5afd2004a33602d59814bcf8674c02ac
SHA1 60beb851c365c5370ee3418ff5fa2c5bb049a987
SHA256 a14ce5ee38efa6255a033b353130e27c3e51a350354afcb24af49d54d2d726cf
SHA512 dde6d0bf05f5f582f1c41c8837f34058c835e9bf6262f1f11862e4dfeaa447d716732d5354a92e34486060826d959468399eb7b562915945b8818b0d88966e01

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 22a02eed3faaa6c46abb366725276b6b
SHA1 cd9ef80c21b3d008f833c0dd8d90305d223bc9bc
SHA256 57c2a78856b2b61d887d57f18d3ff5b88486f806cda586bd4b20599b86cea8bb
SHA512 c18ba01524c620fc299121d95cc4cd8938fcd29a4bba6f9db7899b3844900df85b7e766da6ba9466ad41f360096e2f082bc0f194bbce3fd174419df5f684204a

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 6a033b90249f748e05075d999559e68b
SHA1 c9b53c32a6cd9baa77332d42c151dccd421e4dd8
SHA256 3df7440f8bb6ef42b9d3775f19bf076e0a776fc74bf18bacbb5cfc4cd4040b2e
SHA512 0210a6793ebcef6525cf64821f14e96d85ab91d49fb246f2b9a3771e0bea075c6b4eccb7d0962a7b0b97f37460736435c99326e97cef8bd8dd8c3275f7f8ae0c

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 722aae23b50ff9cd7ab51d9ff4832e34
SHA1 1be99e0ec30c8b8975d5749555df5d63b7b6a6f6
SHA256 9828e9e7968854203eaf9f8dbf7d1b0a1c32c4047baaded0918c59367466d562
SHA512 702d5bb436a9a9aeb705e838ab826b30710e05bfe5748c1ec0cf614747fcfe4d768c95c2d31eab2aaaa9bb2bfafbeecc983dab7e656c06b47e9700dd34068b45

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 05ce85cd96671f2b8f5ae79a1cf1fe3c
SHA1 bda4818e0df8ed5221fe1062f47e84775ef18301
SHA256 6f175e79fecd0b19ff84036872669c5311b8e993f798d47a18c7b375bd39abed
SHA512 76f6bf4b2f1cb4a82d0914d3e8252af947f226746d08859593829c885816461593cfa2889ccd2b101d9c78d61257630859b3d62566c8772b2d0465ce6996510d

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 6bac428852061a367a3da88685be7d29
SHA1 92fca8e820b01c34911ac3b593ecf493d336e4d3
SHA256 3e88183b46d0401cd7f7dc378faf1172f839f3e6a276eb2034c716249a488294
SHA512 834acea064e3692ad81de6a2e474d78b2c65479c94fe249c836c57428d624e899d05678839ceeb8ebc94c321b0304564bcbdbde899c47f0f1f72b3efaee7422d

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 0c2a34b0787abb58c38c887a48cd9c1a
SHA1 fa3936620c4c0f25cb463f50cf5eada8c2b97c38
SHA256 4791e54991ed125d5a1ccb48e5b524298386ddcb4f82e68ef11ec97b03b7aaa9
SHA512 87cdbe409495376bb9a146e5bda0ec1a904aa65611054df248a64af94fcebf14b751379b36939affa17ca0c8d8a1187532d4c48336cfad4f7f32e2e364e96eee

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 2675f84a11fd42f8dcb69dd9176187db
SHA1 488daa1260f9972925363c04420957c6257374ac
SHA256 3c05388425469ff1c35dec847c089f89ad5c51c55d606ebf9265aa0920168f26
SHA512 e22531392b29de6ed2b76691b21e37eb3f639b77c5604cff3f792f87e25ab901d06802f1fd109be27b6d2eeae42e2ddf16c4c8456d88a50e68257fc2a86cefa2

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 a9a5c97c591b6b837822d2cebb5be09d
SHA1 5e1d2317759f1b96cbd3595bf8eeb066ebeb4f38
SHA256 21c5bddbf9d81e0250f889618cacedce443b7d3f815fdcc65858e3d4c264e614
SHA512 5f30f07287218a994e8c2f70179248bc984f406d199da5ca302f44852fb38b1f06dcfa57947ca5a124b179d889eb8053b92ace2cd35999324d78986e692baeaa

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 4a4d260e9c0c745226082b51c6a58b50
SHA1 77b399f57ef1d07d466b3e223b8424e072cf05d3
SHA256 b48407f6f9cbcf93217954ee923d277893326e2099b358caab910a17622a9659
SHA512 b0a48ee3d7b69737b792a099ed39744a2ad084dc1350f4601dcbf1e41e46ce879b523a354077f59d19a8b8ff87954fd20a21f7cd7304166eb4a8ccf604e6f048

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak

MD5 aaaee8fd568e2b93149cee22152e50e4
SHA1 e9aafed5f48538d6b99fb624933bc5f8c12a54a8
SHA256 20b8c8bb08507e947b93414b98a483cdea370cd05a6e214d76e15e6242930e81
SHA512 bd709b302320fffa041b25da6f58fbe0e31f7aa4bdba929c2ac9873820efa06b67c21324acba4446b23f39e3e836acaaa453b2d8eaff19d92b22f90ca073dee3

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 931f992db084d665de9d0af8b04743b3
SHA1 ac142ab4939b0c0b5b79115294d401ccfe82bade
SHA256 b80ad3f903e97574fa91d3fcecc8df83c7359bfd7116519dfe591fdb731c80f8
SHA512 4e31cee58a50b2082ef6dc0b88a0ffc4a9d473429299f4e4448c53d8dc98bc7d458f175160fbdf5220a8bcae8ea13c6e13eb1a9d328206f207932582881608ce

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 1f13779e0e07c21451c1b35326cd0ed5
SHA1 82683b4da88ac48a12cd291d41d2e4e76fac7483
SHA256 e7785097b7b3acb151769b742a4da73324d91800ca0e361513d427a52c97adb6
SHA512 66c8d1e56d52e39c46adbf824d6864b98720b1b6103a119e39134ca57b87b5021a457966b37dad6f2a310cd51b77ffae92ffb9291783538c3faea49d1598657d

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 6dd1e4f66466ea85a38da2170392c479
SHA1 6a6b5050cbad4a57eeabb87c838b625f747f1062
SHA256 04a96c3ff573aec4bbee699302b16534dc9383cfa6ac1f693f2a843d942d90ba
SHA512 cf32e33b0ddf9fbebdc22194561a9e5c5458918de2363f95b7433266661a4b1ea8ea14a3128f0cb12c135d0377a181001559445bd116416800f06e71da014f8a

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 2780d98006db3916a09b61dcddaba5b6
SHA1 af3179befdff8989d8d7c1cae4772cd5b79311ef
SHA256 5177947ffef05c5ef8a2ffc21e48a3b96867d9ac40e9c5a778ed58d67f7b13ea
SHA512 8c8bcef31746172813b012a9e02ad43e95711fbc330b3b376304914b4b2b8bd20977ee88cc53d72c1a9ff4482f9cb20d7dffd365433b433bc42580b68f81289f

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 da4a8fa290909f50b2bc3dda945a9e37
SHA1 8f71c63b272a71c8ad8d9aba52fd8122d5a4f841
SHA256 f211e2c195d585f70370862a14469b4f40d3853d57f7764e9c8517949ebf06ae
SHA512 a6bb53642588fea611a14ff9ec753dde69007b01d17f625e440f5aa038a5404f865e448f7beab433a26eee688d29f02c2fdb6143513586b47c35e7f63e084106

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 8b861c610997a4e54dd752a42569e433
SHA1 6b74974880ae7ccfa16f7370d32acac29cc688c3
SHA256 302a69e46dffa6397eb1e6ef3c2db842af58729a20f3794d99157068f0d486fa
SHA512 5f7b3e4b6c810a7ca430035d0039ce1ddcaa3bf7373cea9f8b2589b14a6a819ec49798a0c2f4acaa458d29da1524ac3dc9453df20807a2ab2a1a7e35bcb91c75

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 38106f40333dae9b19c06eb90d7dc41b
SHA1 cc94c6212616d34511570b6346fc469ee8590d3d
SHA256 60df04898edcf7ed4e81a17531d07d73d0beee01aa350bd4c1d0179ece6b5c71
SHA512 df41f0e2e0d566359117f2ca0214b2dde11af78f6a9cbd8b429f2d736ef34ff8a28e0a2952b97a397dcce73ff275642508f30a4594de908d17207c0f9e5b7c9a

C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

MD5 dfd900def4742b3565bc9aa63ec11af5
SHA1 c1cefc356045ccf20ebc98f6c48b2a85f0d32465
SHA256 eae4a33cfa155a9f5f520816b42dc4f4012d5c7c916dc756b3de025a3062a461
SHA512 bb2b4daa121dab894ad036648eff6f81e9be97840b4be7ba54b7df0383cf863b157d6088814a0d63c7523751f8c68d9b5c1f247512d7587348750c1b71ef3b3e

memory/2864-6553-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/212-6554-0x000001F0901B0000-0x000001F090573000-memory.dmp

memory/2864-8019-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 44909cd55e90b817a41e37ef00a4d43a
SHA1 7bfc33af8254a861b5b57f59554fac6633d3bd17
SHA256 2ab14b1b9e8619ef75a715706b542c5cacb7194d76fa30b052ade0e49ec21ae9
SHA512 56d367ccfd938243ada94000f868c09107def03907faae023d604ed6c688e10d9257afdfafa5f4147201309af907a8fdb988917691da08aa252e824d8a1f2d56

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 a9df9144c470f0b11d101bfd5a4c5b44
SHA1 b4b42bc83246eb355709d3a53457273f40cc24c3
SHA256 5e3f836975f277e01f1f73728becd2d4c22883ef5ffa3ec718a7c2e7b17f4ef9
SHA512 26cdf8da2108dc81d3567d1fd8f9a606609bc88425e57a94463580eaf107fcbd940d44a5773f3aa9b701c984597ed954a225ac7fc2c5d1c9ef7fe629a4d7d136

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 c988f3145c795cc9e9bcd2eecee8c265
SHA1 55585f24866c3374ca6ee3ad1ca647edaec5e9ed
SHA256 2856e99fea05df42936f0e6cba646d37bf822b742d28da84dddc98127a6ae3f3
SHA512 6b61de24651a2c8a2c64e61774b965328a2e118dcfb4e856b07fbf4955663d6391cbb8e9d200a6b4e7455e33485111ce4f57619abf669fb7abd2e6ee7e5bfe9b

memory/212-8126-0x000001F0901B0000-0x000001F090573000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

MD5 52c4aa7e428e86445b8e529ef93e8549
SHA1 72508ba29ff3becbbe9668e95efa8748ce69aa3f
SHA256 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63
SHA512 f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 51dc127d0929df4e1c0258874ce6a852
SHA1 08752ae56524cd4f1197f77fea30a986187569fd
SHA256 76475124d660d7fa8e922f49bd0cee34ee5e0e2fad2cbf90d4d3f64928183379
SHA512 9f8f56007fe23853d4df6599a0b0afb0bfff85c338dac2a973ae23446f21a814311462ade387e30240278386bf4a3a71ce7e970ee2aca55c5b209df310ebdb39

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

MD5 7708a5e3933e1b612254a862264480ba
SHA1 6105629ce9db4b41a9794ee8c24c7b2d3610f4ea
SHA256 10230809ebd35191829bd21d88b7ffdc480a6e12f0a607eeb37d24a0d7246f58
SHA512 9db50f4d798b728b50f0ddce587e76a33ea25176fd244fe0a913a173efbab157ba8a61e892f3018a727709871864b09a1d903e7efd7eb44e08dc961cc859ff96

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 4f5925832df3e00261ac0f9839c5b3f9
SHA1 d4bbd597870bf96bc85cb80f56554a779756ed29
SHA256 21d09ba3594f2f02f5686cc4f27feed5f46253793fc208557e56100ba52d98e5
SHA512 54cc60860459ce4093a1951c5f586dc0bc304e4902c896a1d340cbac1089a9184fc2821bb1fbdbf5b73a7c8c1a396fd2178c3edf89a1e55171598ad82e3eb572

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 bb5f157b15e68f90cc0fae92003b2313
SHA1 5a0858bb5e3ef95af0035ffe90b3e96347bc75da
SHA256 75465290029de744491f34e892aff26fde43b40bdbd43b2c9f86b84e606bed63
SHA512 72bcc3b6c81609f4abb294c5020e39ee141a6c0a0be8c05314c5e4b1f5c914c7800b9e692f7a9ef039a653df682712db79cc1416927f4a2a1fed6ce92b2f3613

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 9e42d0e805d03a1fdfbea7069868b292
SHA1 334b0d88c4853b68ccbe9f5888891ece72048fdd
SHA256 a40c05fd220c4c30df7d5c3263091dc281c51eb4cc0fe88dd479eb0fe7860b41
SHA512 21d9a2eb40d0ece8710112f40cd0c930653b110327dd772249d99c170ac081d10eb6f700621de717da6ea3c16e9c28cc896b3b6ca78c5333a6f3c1b0f6a439e9

memory/5668-8196-0x0000000000E90000-0x000000000107B000-memory.dmp

memory/212-8249-0x000001F0901B0000-0x000001F090573000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 879aa8d5c0f702601b9c3855b51a857c
SHA1 28d6e816f649fd24914c029439d713d9530dbc9d
SHA256 8943c5cceca83516213683cd2b191833f4024cf1915596af31ae022f25f5b224
SHA512 65b330ce2bfd3fa29b291a2e8c265153340eebe499aff9aaf81f919ddfeeaa9868fd4f23aabddb6e4bd06b63822c84b880527e69f095f4419d86b5cc4c2e8a40

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 8b95cad5bd213af4d4a5acb0cfcb5a57
SHA1 3f25bc6784eb2f821697552bba1f66ac335f2d1f
SHA256 fbdb65c68d7d7e480d376d8688431536ad6e2499306d5c6e9bb29843b67b872f
SHA512 547b9d12319b83dcbedfcfbfcafb58a991acdfad09cb46d98a9c6cef08f5bc1c5509fa1b82a5cab8a846584ff675d548a7a58791b49021b527662f6b0b3b7c21

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 b75768682e2b0b6e04d06843d00c64b8
SHA1 ad4362f16917deeca5e5fc2525812d65d2b0a683
SHA256 4bb02ad7571402312dd2d0d79f3e54c9765b675187ca1ef03b5740047353c4c4
SHA512 ab201e4cbeaa31471ec6ae1884facead1839755df36981da4d3fcfd33b3e407512b0f4fe32e612fe84de58903f6964fcaf330b6ae75f48ea31c607fa27d2db3f

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7e1582fa-4905-11ef-a797-524829b8d7a9.json

MD5 66f5fe23a7a406a36fa171cee40b03fc
SHA1 ee1921cc59eda760a1534095c95cc181938b3f8a
SHA256 612b110d02898f2379010579c222e1267c2cc3a6640e520bded74edcb186803a
SHA512 a61b564383a140fab17b0c35e8200d05c4002f49d0a9e4b96c259d8395189e96920cfeb745bd5aff4b5f182cba49237bf0979a32c303458556f9d12ed2027b1c

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883d96be-4905-11ef-b75a-524829b8d7a9.quar

MD5 dfcaa804f636a1177b1c052a961d2f97
SHA1 726380dde1aff3a06daf78d90cdc59de40de6abc
SHA256 8518b54a5f0657cdb865f59755b3d5dcaf689f2ea4e38fb847b4fb3ce9d814fe
SHA512 5d8e472849f7adcd04f6cc27005e6cf35778f5fb27d6999405bad372813469094bddf05acc8aaddec8568b5e844b14780a70669dfea5c283efc8c7ebe6c453b0

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 c3a562655f959a8ca709d3f2e28bfdaa
SHA1 6358665fc4944b78fe566726f1e2a84936feb5cf
SHA256 42e9d95cf695adf623f0f6557a5c359d399a2a262305e4739a08d4ac40ec9a53
SHA512 51cf932798147c831214de6a5684fab1430df34e1a5f2e109f847a8efb70b59b9b8b4e30ca64385d5771e764b29f4bd62475403c5b7fb29a1a1aebd87e10aa93

memory/212-8454-0x000001F0901B0000-0x000001F090573000-memory.dmp

memory/3740-8463-0x00000000010B0000-0x000000000129B000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak

MD5 ab0e082f74ea5a1ae2834c507742c776
SHA1 002d1fd8d7528fd27c7b9641369d2e4671a899ca
SHA256 a5143a02bc940e607f8559e103da3f920930cf070983949b6dc8d240158ab1b9
SHA512 dadc6c2b3b4458b58a71b74920f7aec49a4161bc6e5f583354fa2ea47574c42b63e90cba0668937fe2ec3ad1288317dda3a6da02035ee90134c610351527ee82

C:\Windows\System32\drivers\MbamChameleon.sys

MD5 7764c438ad9a4f024d60c77b82f2721f
SHA1 64e478e83bde2965216a37f283beb2695997b69d
SHA256 3f51a3149e6a79cd71fcb1451660196b6ba59c3b687736f59b24e5dab425d73c
SHA512 bbbac97b950d20621ae396a7f8ba8ec990ad056e2180bfa10d11b4eaccf3680e8830d652b7972bae52826535bfc68ae8c1e4ee93071c954ec7f8dbc7a6dcfd84

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 5d5e4d6a967ee9ba97158ecb9eb51917
SHA1 18368cbef733d4dcdaed4e0c31d30aba5a06db65
SHA256 28f5cd9e0dd8570abd28ef8e09782e34e52f6dbcb5ca6c0b5765f929a985943b
SHA512 832e854629feb747c945e9269bc104fdaed89447bdc82e08f0735ff0c44606f32907d26dc25cdb7f290a96d4a63a6c89b2652006eb85e3916e6544a3b9bb86e1

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 408ea34427d98b195716b3e2147b9977
SHA1 8d29195a36cba652a958b457dbf133fc94b5486e
SHA256 5b743a7acb4e39b9ca14b3072a1cd18d812c614676cf8faa5b512325f2f32e4c
SHA512 765a9fc13e9e604388759c19db775e7b07ea750185942272a3332a1bc92d2ad229929381c84480823e915a4c6adce38b86835910a35048f76f084998fea9bc30

memory/212-8577-0x000001F0901B0000-0x000001F090573000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 7380f49da28275d8ccaa67f9563a1384
SHA1 e176d97f99b7c5a3c1bf969822d9af59a850c404
SHA256 f3afe6a049d6824937c006758696b00a62d9503f8dcfd669dfe276f950731221
SHA512 fa9076bba71d74ca09c739c7482898135d58171ed81aa8366c79de711d9402b7c8fc3f126e34ad8ebeed1b5c069b6c43488a0ff8044aafeb43aa5ab3c7419a1f

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 199754b9c24acf917d822226deb786ff
SHA1 d11c2674b5a5c55cd87d697ce42e4ca77246387b
SHA256 4a7eb1b052988633fd42ce8ac89196bdaf4d79a8446082d44a395ef6c0a8f72e
SHA512 da18146701b45cd66ae188afcd0c94381674c97e7ab555ba8240d219284e7e31dcf360057ba40fa05ec9a28dc640746478b425c9da15b984e3d6c94047643fd7

C:\ProgramData\Malwarebytes\MBAMService\AMECls

MD5 9dc9a4291ee36515baed0d478395015c
SHA1 10fafa2fe7174d7ab2bc12c131438769523ac462
SHA256 10b00d62be39099833360d12ac37c352f1e16be0f5e98c7004433b55b3d40ab3
SHA512 b63c995b4b03dd49d688d2ff8056f05e11a58606be8e2ccef6c67765a905ceef28d274d7da9e2fea3a2aa86c938d225e45a3cfe626806f5b87fe4afa1782ca15

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\884bee9e-4905-11ef-83db-524829b8d7a9.data

MD5 c90c374b8990073b36615281d7aba1e7
SHA1 bc23b1966083ce713a195d0e1d1a8b96de44ca99
SHA256 9102c609db9d0a012305e422c27014138c154dff0f1c3b0dc9d6e2d8312aaa28
SHA512 4f4d774c189065b9f96a0411a0dc90adbc0175f9cf94b327ad84f8e99c0f50cd2a300cfe04b0b85d4d05103f21035b7eeadaf4d1ea980f1517382a8bb11ddab3

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\88484578-4905-11ef-9dd7-524829b8d7a9.data

MD5 91423b0e2b0f09cf3dc1b43ea9366bd1
SHA1 a0c86027a1c7a698abaa439e2fd40f91c5bf3d7a
SHA256 9410c905a76b0acc6d1b87730d734042282485308eaa8b41e9e5fcc1ae92f063
SHA512 220e5333f5cb516fa669791a91690a9432adb27f5003d8e1daee3152f6edd2331fd38de53986a9e34c50c0418fc9834956da6a83bb4da6dd18243ced95709edc

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\884278b4-4905-11ef-8bad-524829b8d7a9.data

MD5 a469b854c80ba3abf0f497b96c30db3e
SHA1 080fb58e67a5e581e7b786671810ba7120283078
SHA256 36c1dd7dfbe1c264d410876b5030acb6eba9534eca6e30c982e37e7af64007a1
SHA512 1148c67722e73d1c67dd515846e61e85e85efb4af790a305b432f799208563a772a892230a6d2abea6255904b0d7a11fc269ce49dab94ed9193809bdf20cdc17

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883c5e70-4905-11ef-a34b-524829b8d7a9.data

MD5 c8680284ae65c49e8055249cee21f555
SHA1 264fd812ccba9f7f3189c02f8fc9d77ad42912be
SHA256 4a804fded871aa8ec6e85581cf9619a7d6f47c640b5d3fa97b8a20b952e8d2e0
SHA512 8537dc993a71a9aec6aeae9f1893df55f90e487542eaf861fe8dc723160dbd603d39f59025dcd5a1c1f9bfab64e3099549f1f9ac45f0a5ee3be00cbb3a058d2d

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\8834bd50-4905-11ef-9ee4-524829b8d7a9.data

MD5 c8dd4b16d2535dd3c1b0e4f428803d54
SHA1 b35b6263be4edb00f11f0c918037ebef77c0d3cd
SHA256 1af0f43d95efa5c2b2fcce1295a4f6ed28534049144ba853e91b5c569c6f4128
SHA512 b45ec2648e551fc6ed10bcf51e69181f7843e6817392ab925cfceb5fd1af8facce033301ab2348042d4986dcab7361713049558c208a149a19c6c4fd437c36d0

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 16cd70c4dfbcdcee862c303b558dfbaa
SHA1 a5954c743bc0a33d2686f20918f1f9f368b3cc79
SHA256 0a1fae52408e4efbad9c009bf7c89d66bb73358c918bd8c496fd5fb58e6c494c
SHA512 6ebb1800be12f01f393638e9a097ff43f94a2479e81373c9073964fb167971d05f5e475cd955ea37be77c71fad030a244bd7eb7145cc8148d1293a698a3bd6a4

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\884a1998-4905-11ef-9c92-524829b8d7a9.data

MD5 90b35b8238fa08e364a9feea71b8684a
SHA1 d20b1e3da7cb748e4eba4cefd3a76b60917d3901
SHA256 0c38ba88dc27877126c4f45668d9a23a806e42270f2e6c1be892f89166bf34f1
SHA512 28bfe52a28a5c25bbc1b49457b69a92c5f90f3f8eb7cf047b36284470b7b8c505727635921c257901cca8423323d9eadebc34fc40f34cd8ff2656ada12c27d6c

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\8845fafc-4905-11ef-90d9-524829b8d7a9.data

MD5 e3ac7462fedd1a8d0367ff63748ed41b
SHA1 3e3a71872f63234d2f67c2584a40a3cab44528e9
SHA256 246e5f9ddf24f39d6cbcf4d2db6926a89a59096a77cd08be58d53af4b52aa30f
SHA512 6293f2eb90ad8935af774b61dad79a68f071dc7370b359c96080042873337d08667b452a3c33f3968a4077739fdc5f25af685de45012bbdc3635cdcd743dda77

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883ecf0c-4905-11ef-806c-524829b8d7a9.data

MD5 f69c5b9388b8fac595ac738072c7f319
SHA1 69fd1aeebd618cf49fddabdf1c0fa62d99a457c9
SHA256 a8fac82f70bf9ba311b58c8e6d6aac8c6787d7a45cd9a40668ae0f58ceb97d8e
SHA512 eb23fca9bc7e0c93bf7814613abc8a861b3155df88b40d59c994c9366564fd74aa2df2b4a41df5e6bc257de7ed9eb33ddd771b720f7c4b80518447c99d36d82a

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883ab0b6-4905-11ef-9f96-524829b8d7a9.data

MD5 2bbdaba7b0f0a74800b4550761c76780
SHA1 6b81739a63acf6ee3cf6878b7b0db166353d55f9
SHA256 1007a752d1ca8aa20af7dbbee783505d9a214d5e58eb395102be86506a4e2855
SHA512 e7533815577ae622b2a361d0908067c93671e9004c2502ef7c94e90851cf9cc8f4a49ea07ba48df68a2f32363f72418e47b54e4921147f607a9635c47bf30bce

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\853e396e-4905-11ef-9d99-524829b8d7a9.data

MD5 4e93f2e337d03a822160daf774105c27
SHA1 1b4cac4b3427fa13f084c69eba36cb538407695b
SHA256 d7bd772b07c7fa6315bdc87da573a3f014f3e9f2c8f780b1948c9bdaa5acde8c
SHA512 ad7de156bcf12dcbb78d66932b1dbfc03afea8649395b541021180d665b1209755b1a7ecc3d22038e800b3e98dd2000f1ae66e96dd830e3a3fb36920c57b2204

C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat

MD5 006508dc55f978eabab1747caf088637
SHA1 cbe2d8173553c6cec670c591f5f393cd1b4de643
SHA256 bd3e3da3e8c1a7b596a94257b7caf7a3c24d9ce27fdae2de365f20a66e99ea68
SHA512 8b608286480529f3666f2f4fb74eefe13b61dcbe0afbdccd3131f091a8cd16978c2d258ff64bf644acc34e0efe0205bf45fec45cd566b922777382c82f9cb156

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7e1582fa-4905-11ef-a797-524829b8d7a9.json

MD5 672bdbf7b04a1342efac235676ff82ed
SHA1 0806942c2fb5f397d89be8f48835d91ec7a2b54d
SHA256 a3c5dec2c5f9706c490535326a18ffa8df906efb4382b787029e23737faeadf2
SHA512 6ab2ea0e33347bf8bdb782486f21d2e25e34804fb073faf55d89e28da96f95468ae941ef70b158b95031a3a4b0c345848b4984131a34fcf5fec75f46d33b14ed

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\8849568e-4905-11ef-85bb-524829b8d7a9.data

MD5 1f5a29ca1ce49e669f0a14b4533db40b
SHA1 cdf1d8ffd9fdbe7a88891f9956f2ebf720044df8
SHA256 8d63a0c323204afdcb401e096659d9554158a10b82df6d73cad95e4973f1f496
SHA512 8f0149e3bb43a8f42604f41b33ea597cb12837e94ae82ac0c5e72e29b3f5782af36fe8f9542b43287cb3d92ea54bedcae5d504cf4371edd65cc1fa25e6925495

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\88449b94-4905-11ef-bb6b-524829b8d7a9.data

MD5 1490a4128dcc99b7565699b05c525741
SHA1 1022241ebe309fb175e78119c850926263953827
SHA256 84a1195ffcc725d03593d204bb8abc91e2e405c881090fdbed2f0997f8d03b03
SHA512 7e5f241152cbe2081a63f0e72cd63ea1e3c69f34839b1c21cc307acbfe52521a519fd03bbf49e0e0b9050bffafb04fec603dfce786713ca2a954c50b515b87e0

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883d96be-4905-11ef-b75a-524829b8d7a9.data

MD5 cdd10dcb6c0330ab9221978023579050
SHA1 78bda2185c498d3ac87bb8c8ad942beb600cc549
SHA256 4a8124a739590abd4ca6a742da8cd2380a3a3802c33d38938c58c8eff5102422
SHA512 68ff9937d0a65c4c2ceb0766699c7089cd9f78563b0db5f993b4558382892e2324ff750b00cb67e86146ccc4658770cc4160eb3abe322beb8e7d6568a516bb15

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883818d8-4905-11ef-91f7-524829b8d7a9.data

MD5 3216402bae707772ae82cb46f3461e9b
SHA1 b0b950cf074ff37ab44b74599ae30ecde46bfe4a
SHA256 5639b85c9fc574949d36559004fec380872d8488a35fd0b325f84884bad30bb6
SHA512 4fe9e2c017e39d2e618ca9fdfd3668ee7f5b7a50088b0311543d9115f3740fbbc378c558517e5eda5b07aaddcbe48ab23f3bf1f8f5b1f1fe372f16d40804ae7c

C:\ProgramData\Malwarebytes\MBAMService\AdsInfoCls

MD5 d5d0c54e3400f6ecf55ca66b4d67c8b4
SHA1 85d9c87859696949a52b096af0737deb9cb0d001
SHA256 22fa7bd133cc15691b7e6821ed34bd84f7d91b7163a1561c40a9fa4d387ee1fd
SHA512 daeab7593cd59cbf2f40a64ab3f64b070a0dc27a0fff2780c062786e0546c5960f2f2aa019bd7ebfcd704f17ff8ae26a6cbb6857f76af68b2428b402b41a9059

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D27.tmp

MD5 54dde63178e5f043852e1c1b5cde0c4b
SHA1 a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd
SHA256 f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d
SHA512 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

memory/212-8912-0x000001F0901B0000-0x000001F090573000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 7225d18d04695d1e1cde5cfbddea33ce
SHA1 b4b5fa84e33dffee571cf580d919b462d55fb4e4
SHA256 662e3d275dedbe80b73d060fa26b2ea2ca6f3d555ee207854f3007d3f753f8e2
SHA512 2572bf09ae180a004c3efabbfa38ed6789ed987401ad04975adcefebf2c1332af3baf512f748cfc159d42795e408e21efbc40c6617e4601bfa5f6e5e0a017777

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 9036027c21510e59c1c44cd6021f2cf9
SHA1 f22df4f0101c3dadc61673b8cd621290c016cfef
SHA256 eeb1dd2ab5638b1d5a3297ee4a1e353e588beb970bea302ef6982ef610b4dcb5
SHA512 c575e7c0f08e660e5f83c49bbd1a3f7b8dd1bfdcd4b9158ea71738c81f4f281bf049bcd9667695190661d6560b338583ab9c59336be7f4ab85228615889fda87

memory/212-9123-0x000001F0901B0000-0x000001F090573000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\expapply64.dll

MD5 76a6c5124f8e0472dd9d78e5b554715b
SHA1 88ab77c04430441874354508fd79636bb94d8719
SHA256 d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d
SHA512 35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 9021c640eb5fa544349c29b890232021
SHA1 44a7c92e79b499317abe321bc225b679f4f0172b
SHA256 ae9632122298f218b002f74cb5ed2d6abd8f78732d076c64a068ca5bc13d80c3
SHA512 7905d4fdca5799041f3bc4f2b78c87ce8e17d635cec6c6437fa6812daa3f8bdb207127e43dc018a029b418bcee5c93ddddcd7da7d3e39645ec6c734c5a7029f6

C:\Windows\Temp\TmpCD31.tmp

MD5 3d5c8b9c519ab3000e7391b1993e672e
SHA1 8ba2ec157de29058b9b0fa41633ef08451cbb46d
SHA256 acda88f3697a7d6c511ecc3b8c1a1fb2229ad0a3610f3975d6000c0bca753992
SHA512 0e6b20831483d1df63efa39667b4cfb99013840c436da55f22331f55ca75593cdf6fa038184f93b382557eb684ab9a66f5c758a70c761d57e6a8e9b297d49e80

C:\Windows\Temp\TmpD735.tmp

MD5 e2c2cea2d8d080669041645c19fa6dc0
SHA1 830e578f6d1e42afbe6dc7fa612dae0a5ffecee5
SHA256 b6c225ca10d24f42363b6aedc0ddb0e6fa38aa33b137079617072875b0f856b4
SHA512 393ef977e415d9e0465835269421bfeb8dc634d6af3ba04fd921086f324d789451858586a90f63f6fd89d2d686a032a2b77ace04c4bac1f18370125791e6570c

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 20b8e3dfcbfa0b064ee854f3c62120a9
SHA1 842db20cf9c445ef274e50fe9c225c8e95a8fa26
SHA256 a4af7cb969ae88d93104de44dace1a0d9d1da0a3ff63724fe8eac8211ef1aafa
SHA512 bf74dacb0514b624e563ce28c5f682e682155d93e978b78c3199947b30d77bbcf6b0d2f3924570a3cbe32916961ad40d9b9b8ec811c64f91b05db0fc2e924d16

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 a081f903d9df05d622816f770842e8e1
SHA1 60f34127c2a50318663a1cfa567ee0e40fa375ee
SHA256 e35fc62fa27b6adec3b75ad322a6870b746a4cf684e605a79589726ac95a2571
SHA512 ab7d2ec82f1344edfdcfef90d4ad71889e62a9c11b684bc9242ac993d6d3a62e03958db8c31737331f8d835ae6579ddc5f2997bf9e9fe27d6ee3291c4fba28da

memory/212-9185-0x000001F0901B0000-0x000001F090573000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 22cf0734fcf3ac1df5e828f749cbab3d
SHA1 6a63b01773816fb47535c4c6d5db94189a23b71f
SHA256 925f9dcd05e830dc0bfae26576bb85dc095594c55f9a3c6883f18f3bb2f84664
SHA512 bca40db4f71f9ec702a6e9722295ab0362c3bca0c1132b1ecbed7ee921b9baa2497b89640c2e43507e128474fd470832574bf5ea1748da8625b5e978eb0a8793

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak

MD5 28412bdaa002759cd81dc869c67754dd
SHA1 7647d44391860239fcd6b924f31354187b7b8d3f
SHA256 1ca686b949d9f7d899bfc94dd7500b08c81e22dd738873824e0a1625fd1b74f6
SHA512 d201a353a674a9739b92181fbce42d389a68be877fb67946404e280ba1624fbf179f4e96535c73175234a8dfd8d155f68af9c9aa82ff75c414957367f0efc8c0

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\9637511a-4905-11ef-a7aa-524829b8d7a9.json

MD5 adfaa675f5b8fb69e5156d9c30bd0a37
SHA1 d94aa71d8ac13ff0074d8ec5a7fec53516a48986
SHA256 6f86590f874f10ad2f6eb3079f01fb1c12003d06876aec6800b1eaf9b8b73b07
SHA512 bbfb8c21535350010003ba1b28e83563165c3817069e47e26c2f998414b6ce281624e6fe07180c6a5f6f651378a53caae097a79d836862fac3e1ce6dc6d91950

memory/212-9231-0x000001F0901B0000-0x000001F090573000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 0ad5e73170cdf85771cad820c7fa9f0f
SHA1 54f3017a91e5d4064539aa459fa706dc4ed2ffb1
SHA256 2c6e6c0d2183bced5de886990fddea31e76c2d83901c1a7d05e550b56a450e8a
SHA512 e44541bf310e0f3ca7020696b2a1e80c42c0fea103dccd00160bbfa6b5faeca60540a9991ec5ee804fc7bf85f327653edecdeb61b7612939c1559775c3b2cd6e

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 a607cbcdfe978cc768bccf95e11a36c5
SHA1 83cb67501a535565213085156f09e6690a72ba97
SHA256 1f57a518030abfb5cb9800e04a28c8390d197f013c7ffaf9e72853ec53b77a78
SHA512 8d0741359f09915d8fdc3bb712f5e6c89b2d13a17057a8e02eb2b4984da6f3e1166ea8ffca8dc0e48d7686c73d37df13677175600a97a57e042ca236b13e69c7

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 a0d4b315e1c0c871c399648eb2e51712
SHA1 d8a76d70bd1fc1009a746a922af2bb66a374ce58
SHA256 b28e3c38e6caa6a9c7d18b6972ba4c71415a31eeb61767d2b60bbb0c64a279f9
SHA512 afa1065dc24304ca34f4f7955e1dc0acb0eede9df88ed1bac913a179cd7e8ee090cb72d6befa357ef64af400a2566bed297a451000d807b1bee4026fabd7d1c4

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 55c054c49ccae8bb081c463b277accf2
SHA1 316c58e361e8192e5a78637d20d282ee89408be6
SHA256 a60f6e0e506e6de6b0a899f3533b5406ac6fbd9ee53583faced5e0ca3aaf2a7e
SHA512 9a31bb7c89e40b4569cc9d6675bec262785aeccd9c52ed74108988457b351cc979bca52e89d6a71dc9da3023ab6a5e7ec1e73ef0861ed4d77dd44d5ff9478e10

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\9637511a-4905-11ef-a7aa-524829b8d7a9.json

MD5 0028fe45f652d802f9f4c69d64a025eb
SHA1 d904dee03722950f7271cff04d8ddcccfe3ae191
SHA256 abecbafc8de3a36d8636296d158d2f473c0f5f44bc40d45a621a175b745f19f7
SHA512 d92edbc0444966bb672e082bb01da00b1f927c1a080c0bf04fbe563a7ce2e6c477dde463bba663fa6303c72b5cfa793cc5533065fcd7fc521f4deeb0be80f1db

memory/5148-9382-0x00000000012C0000-0x00000000014AB000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json.bak

MD5 8cd93c0dc096bf4fa52e98dae157f072
SHA1 dfbc195289f00609046e8f09cb9ee74ee553f0b3
SHA256 95ac4c9a93a0d97ce0fb6197dba2e73a44e9d84d06c8db5092289a0774fbf0fa
SHA512 b5db15f26bdeda5527c915c8763c0699f91c25d61791b169fc7c22a80abb68d2918a85a7e557990d1bd5f08241c3d23e0aa3673d225a8e8978178153f55749d6

C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json

MD5 3397ff96808560c55bf62106b2e3c5cc
SHA1 dac26f79562431e98963bc274094c0b61f9685d3
SHA256 ceea558ada2f5a0735248653329d4d57573404f67166af1084e205bb8fb501a2
SHA512 440e107bf847cd13bdeab11b8e54433e3750b45507147552aabf2c24ab56c2338b413f074fd75100d641fc0c51e004f612ba10d0ba44e1514a43a38cb1437e0e

C:\ProgramData\Malwarebytes\MBAMService\Quarantine\853e396e-4905-11ef-9d99-524829b8d7a9.quar

MD5 6c1b984a7f83f8463396f312f734767c
SHA1 ba636e8f6e94bcc0cbe12838715093431de8b57b
SHA256 073baf0eb1bfaf8921fbd45cab34eed0b972c5e3fb79844a2e613d1a22907991
SHA512 168fadd408804b1b2f50842219556356eb485d410b34ad3d564f8bc9602fdc1b5b3359f371356ac25fe5ff145e21f0d1b0e67260082e67e8fc207939d2b459b6