Analysis Overview
Threat Level: Known bad
The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
Wannacry
Troldesh, Shade, Encoder.858
Deletes shadow copies
Modifies RDP port number used by Windows
Drops file in Drivers directory
Downloads MZ/PE file
Sets service image path in registry
Reads user/profile data of web browsers
Loads dropped DLL
Impair Defenses: Safe Mode Boot
Checks BIOS information in registry
Drops startup file
UPX packed file
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Enumerates connected drives
Checks installed software on the system
Sets desktop wallpaper using registry
Drops file in System32 directory
Boot or Logon Autostart Execution: Authentication Package
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Checks processor information in registry
Modifies system certificate store
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Modifies data under HKEY_USERS
Uses Volume Shadow Copy WMI provider
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Modifies registry class
Interacts with shadow copies
Modifies Internet Explorer settings
Suspicious behavior: LoadsDriver
Suspicious behavior: EnumeratesProcesses
Script User-Agent
Kills process with taskkill
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Enumerates system info in registry
NTFS ADS
Uses Volume Shadow Copy service COM API
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-07-23 15:02
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-23 15:02
Reported
2024-07-23 15:11
Platform
win10-20240404-en
Max time kernel
442s
Max time network
551s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit.exe" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Troldesh, Shade, Encoder.858
Wannacry
Deletes shadow copies
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDDDFC.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDDE13.tmp | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Boot or Logon Autostart Execution: Authentication Package
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Notification Packages = 73006300650063006c00690000000000 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Lsa\Authentication Packages = 6d007300760031005f00300000000000 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_291f12bd323b3ff3\netl1e64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_c9c15e7d233d6d5d\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_abe96c8dcb5b0eac\netwlv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_c82335b6cfcf830c\msdri.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_356b66ad47b23393\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_3bab30cbbbda44a6\netax88179_178a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_1496862836cc181d\kdnic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc64.inf_amd64_6c303885965f99b8\netbc64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_5a2c95e8a5a2ec07\netk57a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_72ff1ba7dcda290d\netr28x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_932e3738220f305c\netr28ux.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_68ba6e09a25225a9\rndiscmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_08f6d3fc478987f0\wceisvista.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_6174f7431c31c88b\netwew00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_ec0c19c95c819b82\net8185.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_df3530655ab60648\netelx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_387464037c2d56cf\net7800-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_64dc8ea3097dbbbf\rtwlanu_oldic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_23f53da2fc1e1be5\netrtwlanu.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_383eaad9c343710d\netwmbclass.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_f3d0d8bd79ab9a02\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_5abd56c57baea010\rtux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_8d2331ef1f1a08cd\netmyk64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_c5a42cdc1adb9ade\usbnet.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_9968491cd13abd17\ykinx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1c63x64.inf_amd64_4d6630ce07a4fb42\netl1c63x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_95255160f12fc865\c_net.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_0e1cf7c50ca4ffaa\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_d271ba5a9c993ac3\netathr10x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\SETB127.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ded518ad79c316ac\net819xp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_abcfd585de0a3e55\netwbw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_f38e8e643baa98b9\netvchannel.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_0d70dfdd3a576529\netrtwlane.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\SETB127.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5d49cc27a6d05e5c\net1ic64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_621ce01db587a93c\net9500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Configuration.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.UICommon.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-environment-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.SecureString.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Algorithms.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.X509Certificates.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Windows.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XPath.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-handle-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.Concurrent.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemDrawing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Principal.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\D3DCompiler_47_cor3.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Security.Cryptography.Cng.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlSerializer.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.CSharp.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Writer.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\System.Xaml.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Prism.Wpf.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemCore.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Drawing.Common.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Console.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Core.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Channels.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.AeroLite.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.IO.Packaging.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sample.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.IsolatedStorage.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l2-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Native.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\e_sqlcipher.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\UIAutomationClientSideProviders.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.provider.e_sqlite3.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Xml.Linq.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.ThreadPool.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\ELAMBKUP\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WannaCry.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cscript.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\vssadmin.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NoMoreRansom.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\!WannaDecryptor!.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | \??\c:\windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | \??\c:\windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | \??\c:\windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | \??\c:\windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Interacts with shadow copies
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\vssadmin.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} {000214E6-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000134f3e4712ddda01 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662205508444770" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{956AEAEB-8EA2-4BE1-AAD0-3BE4C986A1CC}\ = "ICleanControllerEventsV7" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E32ABD9A-1CBD-44A5-8A62-55D347D3C4F0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3FCAA7C-EA26-43E6-A312-CDB85491DDD8}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31A02CB9-6064-4A3B-BCB4-A329528D4648}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E32ABD9A-1CBD-44A5-8A62-55D347D3C4F0}\ = "ILicenseControllerV7" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EA248A19-F84E-4407-ADD3-8563AFD81269}\TypeLib\ = "{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2870643-0645-41F9-BCCB-F5969386162C}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{32DF4C97-FE35-41AA-B18F-583AA53723A3} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.SPController.1\CLSID\ = "{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94E6A9DF-4AAB-48E7-8A94-65CA2481D1F6} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E1BA0B73-14BD-4C9D-98CA-99355BD4EB24}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{616E9BE3-358B-4C06-8AAB-0ACF8D089931}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0070F531-5D6B-4302-ACA0-6920E95D9A31}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{04F8CDB5-1E26-491C-8602-D2ADE2D8E17A} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2DEBAD4E-3BAF-44F0-9150-BCCCC3801CF9}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{735BE2C0-5A9B-457A-A0A9-4B27FCED2817}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4E0987E3-3699-4C92-8E76-CAEDA00FA44C}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2650A9C4-A53C-4BEF-B766-7405B4D5562B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9442AA1-AEB8-4FB4-B998-BFBC37BA8A99}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EF7DFB76-BA49-4191-8B62-0AC3571C56D7}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A66A096-E54B-4F72-8654-ED7715B07B43}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0C4652FC-FA35-4394-A133-F68409776465} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{964AD404-A1EF-4EDA-B8FA-1D8003B29B10}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71AC94F2-D545-438F-9156-C231B7D94A56}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}\1.0\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4AC5360-A581-42A7-8DD6-D63A5C3AA7F1}\ = "IArwController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0EB1521-C843-47D5-88D2-5449A2F5F40B}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A34647B-D9A8-40D9-B563-F9461E98030E}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3249828-A4B2-4146-A323-EA5FD2F2FC75}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAB53395-8218-47FF-91B7-144994C0AD83}\ = "IAEController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2A0F9375-1809-45ED-AFE0-92852B971139}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD9CB7A5-5C46-4799-A3A4-20FB128E58F1}\ = "ITelemetryControllerV9" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B34A461-332D-479F-B8C4-7D168D650EBD}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{834906DC-FA0F-4F61-BC62-24B0BEB3769C}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1917B432-C1CE-4A96-A08E-A270E00E5B23}\ = "_IAEControllerEventsV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC60FEE4-E373-4962-B548-BA2E06119D54}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\ = "IMWACControllerV13" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E2D56B7B-4B87-45A1-A6D3-5C77035141A6}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A9AE95CF-6463-415A-94AC-F895D0962D30}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6C5B978B-68C9-45C7-9D6E-0BA57A3C7EB2}\1.0\FLAGS | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{172ABF99-1426-47CA-895B-092E23728E8A}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EA248A19-F84E-4407-ADD3-8563AFD81269}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8A574BA8-3535-41F9-AB73-FA93F8A7DC3B}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D88AC9B4-2BC3-4215-9547-4F05743AE67B} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{557ADCF9-0496-46F6-A580-FF8EC1441050}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}\1.0\FLAGS | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDCB7916-7DE8-44C8-BAF6-F1BBB3268456}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff935d89758,0x7ff935d89768,0x7ff935d89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2792 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2800 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4836 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=868 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4932 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4648 --field-trial-handle=1860,i,6921566100329350816,15156650971346761421,131072 /prefetch:8
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\NoMoreRansom.exe
"C:\Users\Admin\Downloads\NoMoreRansom.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xdc,0xe0,0xb4,0xe4,0x7ff935d89758,0x7ff935d89768,0x7ff935d89778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4456 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4632 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5712 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5732 --field-trial-handle=1860,i,8508502405348501547,12642813728100641992,131072 /prefetch:8
C:\Users\Admin\Downloads\WannaCry.exe
"C:\Users\Admin\Downloads\WannaCry.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 224301721747167.bat
C:\Windows\SysWOW64\cscript.exe
cscript //nologo c.vbs
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe f
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im MSExchange*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im Microsoft.Exchange.*
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlserver.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im sqlwriter.exe
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe c
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b !WannaDecryptor!.exe v
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe v
C:\Users\Admin\Downloads\!WannaDecryptor!.exe
!WannaDecryptor!.exe
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\!Please Read Me!.txt
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
C:\Windows\SysWOW64\vssadmin.exe
vssadmin delete shadows /all /quiet
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.0.1677283139\291049546" -parentBuildID 20221007134813 -prefsHandle 1732 -prefMapHandle 1716 -prefsLen 18084 -prefMapSize 231738 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ef4aa16-6bff-4b41-845c-dc7f3ae70f36} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 1804 1347f2eb858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.1.807410276\1599414917" -parentBuildID 20221007134813 -prefsHandle 2268 -prefMapHandle 1820 -prefsLen 19118 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {99bfb423-f1cd-44dd-9646-7a2b507d4ff8} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 2236 1347fc0d258 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.2.1956094967\1788724318" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 19792 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7d38bb3-7cd6-4eaa-9580-1d417a353e08} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3384 134012bc058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.3.1178362875\1306593604" -childID 2 -isForBrowser -prefsHandle 3772 -prefMapHandle 3372 -prefsLen 19980 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9211745-65ef-47b9-83f0-a4228be9341b} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3860 134043a9858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.4.932934728\870705773" -childID 3 -isForBrowser -prefsHandle 3748 -prefMapHandle 4080 -prefsLen 26345 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9fec7be-ed6f-415f-9e7c-204ce761f3fc} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3968 13474330858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.5.1776125480\2107277961" -parentBuildID 20221007134813 -prefsHandle 4724 -prefMapHandle 4720 -prefsLen 27224 -prefMapSize 231738 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2865c31d-c53f-48c9-b08e-f469d1e66949} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 4736 1340572e858 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.6.1605746185\1600781624" -childID 4 -isForBrowser -prefsHandle 3068 -prefMapHandle 3064 -prefsLen 27633 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {871e85bc-35d5-426c-9556-75dca704313e} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3080 13402dc4658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.7.1088478844\1535714405" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 27633 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f55c70ff-69c2-41f2-9a48-448d50c513e8} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 5088 13402dc3158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.8.601667458\389695286" -childID 6 -isForBrowser -prefsHandle 5296 -prefMapHandle 5300 -prefsLen 27633 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13fc8a07-6996-4a33-8384-4ae0cb625b0d} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 5380 13402dc3758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4708.9.1601438873\190229618" -childID 7 -isForBrowser -prefsHandle 5752 -prefMapHandle 5748 -prefsLen 27712 -prefMapSize 231738 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f78f3bf-f13e-483c-895c-e583b3c82fde} 4708 "\\.\pipe\gecko-crash-server-pipe.4708" 3884 13405953a58 tab
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000178" "Service-0x0-3e7$\Default" "000000000000017C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\Windows\system32\taskkill.exe
Taskkill /f /im NoMoreRansom.exe
C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe" --ContextScan "C:\Users\Admin\AppData\Local\Temp\mb_7051.tmp"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"Malwarebytes" --ContextScan
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" --ContextScan
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
ig.exe secure
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
ig.exe secure
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
ig.exe secure
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.21:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| SG | 76.73.17.194:9090 | tcp | |
| N/A | 127.0.0.1:50092 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| N/A | 127.0.0.1:50231 | tcp | |
| AT | 86.59.21.38:443 | tcp | |
| US | 8.8.8.8:53 | 170.117.168.52.in-addr.arpa | udp |
| DE | 131.188.40.189:443 | tcp | |
| US | 8.8.8.8:53 | 189.40.188.131.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| GB | 142.250.187.228:443 | www.google.com | tcp |
| GB | 142.250.187.228:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.46:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| NL | 52.142.223.178:80 | tcp | |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| N/A | 127.0.0.1:51993 | tcp | |
| N/A | 127.0.0.1:51996 | tcp | |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.120.5.221:443 | prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.192.238.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:9050 | tcp | |
| N/A | 127.0.0.1:9150 | tcp | |
| US | 8.8.8.8:53 | malwarebytes.com | udp |
| US | 192.0.66.233:80 | malwarebytes.com | tcp |
| US | 8.8.8.8:53 | malwarebytes.com | udp |
| US | 192.0.66.233:80 | malwarebytes.com | tcp |
| US | 8.8.8.8:53 | malwarebytes.com | udp |
| US | 192.0.66.233:443 | malwarebytes.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 23.20.223.21:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.223.20.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| GB | 143.244.38.136:443 | plausible.io | udp |
| US | 8.8.8.8:53 | 136.38.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| GB | 143.244.38.136:443 | plausible.io | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | fastly-tls12-bam.nr-data.net | udp |
| US | 8.8.8.8:53 | fastly-tls12-bam.nr-data.net | udp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 44.233.181.83:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 83.181.233.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 3.210.101.178:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 178.101.210.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.45:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 45.46.156.108.in-addr.arpa | udp |
| US | 3.210.101.178:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.45:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 34.227.118.143:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 143.118.227.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 34.227.118.143:443 | holocron.mwbsys.com | tcp |
| US | 52.205.202.43:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 43.202.205.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 34.227.170.7:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.223.144.176:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 7.170.227.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.144.223.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 50.17.158.69:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 69.158.17.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 24.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| GB | 108.156.46.32:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | 32.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.223.144.176:443 | telemetry.malwarebytes.com | tcp |
| US | 34.223.144.176:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 50.17.158.69:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | ocsp.trust-provider.com | udp |
| US | 172.64.149.23:80 | ocsp.trust-provider.com | tcp |
| US | 8.8.8.8:53 | crl.trust-provider.com | udp |
| US | 172.64.149.23:80 | crl.trust-provider.com | tcp |
| US | 8.8.8.8:53 | www.intel.com | udp |
| GB | 23.194.11.2:80 | www.intel.com | tcp |
| US | 8.8.8.8:53 | certificates.intel.com | udp |
| GB | 2.20.12.77:80 | certificates.intel.com | tcp |
| US | 8.8.8.8:53 | 2.11.194.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| DE | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | 77.12.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 172.64.149.23:80 | crt.sectigo.com | tcp |
| US | 8.8.8.8:53 | blitz.mb-cosmos.com | udp |
| US | 3.85.46.175:443 | blitz.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 175.46.85.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 34.223.144.176:443 | telemetry.malwarebytes.com | tcp |
| US | 34.223.144.176:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 50.17.158.69:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 34.227.118.143:443 | holocron.mwbsys.com | tcp |
| US | 50.17.158.69:443 | sirius.mwbsys.com | tcp |
Files
\??\pipe\crashpad_4180_OIIJINITHGGRQCPT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f8851643-a6f9-4157-aaf6-87d962be576e.tmp
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | ff473f2934e3c8eef257f684ddce4684 |
| SHA1 | fa61f247a5bed4c9ed2b320f437d49fd5306539f |
| SHA256 | 76ca41d207ef5e15f6ace9129b04295ef524ac3291c9bdc279833b8ba1276830 |
| SHA512 | a15cc5fa922231e1a704b701fcc6a8e615d258a8ace71d0399bb854f15483340558a742987d8eeecb17a4ec34ac63da3ecbcfa079a73d319d12bb14e3b111ef5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d9ab2cd7ebdc8bd95215175cd1bb343c |
| SHA1 | 8d89f71073ef12565067794c6f8fc52bb7ad7796 |
| SHA256 | 5bab20ae9905f47710f0033aa365b6de2b489b1a113fa1406798c98da148fc4c |
| SHA512 | af54829a4cff563335bf7bd26dad59edc8e8b4e73bdb0aa73986dd4f15a42d0d2b608bfef9f70cd532594dfd37db02ca0e817db689b94d77bd60779de246d7c7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bc10c1636bec6c5c029fbba89b96b5db |
| SHA1 | 7cbfeda552bd8797cfd350dc1dc191af2cc4bdc7 |
| SHA256 | 4ffbea3ba1921c7ce4d8299c570dd64c3fe453ca74ec174f09c0a7868aad2deb |
| SHA512 | 6c639f78ddaae28426b7dea4af7dfaf67cac6287089f5fc905accf21e81c1f6cc2c2683d836a718891e883bfea601811fc469b84e605cd2825752e2c9a7acd8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 48c95f975b4c0f56586dbc7e0dca6966 |
| SHA1 | 617f007d5abe96acf24d2e3e0c24c2be14573783 |
| SHA256 | 1d562991f5ebf49550a2c7e513f92b8f8526b7232d1a60479cce85b3d8231009 |
| SHA512 | 5e32f8814c6e2351e0fdf685a7b4d609adcb2ad92736f561a5eba8620077b45dcfdecb72667440c5e8fcf0aa0d3a967a63a18ca615dd16fe000d1644d372b7cc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 54663603038e4d8499b1de15184d27fb |
| SHA1 | c6a9699c56ca216f8234ca6a29a111bb0cb609fd |
| SHA256 | 08b9c91231436f07807061557f5aa0c02aaca796dc0ea485a9c6dd6bec4c96fd |
| SHA512 | e0a507abcfea79f4ad32054dd5d2cc8996d3249744a4f6fdefa7413bb2cc3cf5280603577f2a95989709eb47a3ca7f00ec29eb2234555d29787ee0d4dc976992 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 28b02816ebbf31e9dd24b03e73aa4940 |
| SHA1 | 72278c93ad657440a83a86060bc82127709f4b46 |
| SHA256 | ef2a6d00c78c41ee4349bfc83de3b0d1687659ffce545f739af7b098ff49404d |
| SHA512 | bed0f3ec6f60d69d757b651c8cdfd82c4145b39e3387c11bb3352ece1a027fdd565e5bfe8248f58295b4c8d4658fc1c8a02b2d450737052f701ffdb5e7e163ad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e483172a09703d8b12818806a66eeed6 |
| SHA1 | aeeb13f4c6cddb55e1e249a09d685484427a0597 |
| SHA256 | 80eaead6b6078b8f9fc4682344787a436ed2e481617997fe471c9b952a47e465 |
| SHA512 | 2ab04ae9f73c8594651bc576482882920c0dcca7e8d36b32511acca4a4acd3e9fac9bc68a3fcb10522c16df3dd2cf2427a967ef24308e36ca667f200d1b268f3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 784322abadef5e971b06da7f398aae5e |
| SHA1 | 5f097d33ef7788571d717ed0239ee9defe151bc9 |
| SHA256 | 3e8dd7ced2d7ae076db16d28ea1fb70d64db0884cd0c75daa22f8727fb96e0d2 |
| SHA512 | 4cc55bef35cff849252f90cf7a78bbd18015c65bab38747ab8f8b39625261dc748ebc2a3bf18cf548cd0cd205f10c437d45568ed07b87defebe03e5c2f57f9d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d387442e0a8fbb414343071003fb0274 |
| SHA1 | afc070035370f67d1a71cc348a39e6467554f7ed |
| SHA256 | d71f220dc74d4a1ef0539c728784c75a4420dccfb754770d2dc8f50afa9b3bb5 |
| SHA512 | 23fc516fd8d24ba8d4b36d8c9c49659ab6e50405532a81a0012b063d2d6a3b9f714f067c0a305e02b2cd8a9626becb5b59b7c23d10b908c54445b27eb46edc2a |
C:\Users\Admin\Downloads\NoMoreRansom.exe
| MD5 | 63210f8f1dde6c40a7f3643ccf0ff313 |
| SHA1 | 57edd72391d710d71bead504d44389d0462ccec9 |
| SHA256 | 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f |
| SHA512 | 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 49f9e1dfff4401a96d9b45008b70480a |
| SHA1 | 9864717a73e16af05b33c98b27c81dae1ae97ea9 |
| SHA256 | ea8b231b0bd687822696e98b362ba946fcaad654bfe65a75ca58c457806021a2 |
| SHA512 | 77b25ea5f5f3373804bd3f965c27b2fa238fcf73f002bf5f13ee3730e59d0e644ced4f28593bee80116190143d7b8e42d417647e1f92c1e5bff6790d52dddf92 |
memory/3348-297-0x0000000002100000-0x00000000021CE000-memory.dmp
memory/3348-298-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3348-299-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3348-300-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3348-301-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3348-303-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 187fda534acc28b05af553b68543d663 |
| SHA1 | 121ce8bd71005cdfea2046a50b65479e00481e88 |
| SHA256 | a9b683dfcd9e3b7f042adf124ffbecc5453596678dd6d00a24582b0e6516fa87 |
| SHA512 | 658874c880b284b2a93585a4d018aa24119dd49ca23cbbc3d0ed1a3651273f7aaf0dc77d9fec0c0e91bee984ceb4ce51a02cbd47843ee8e4a3eedb7b34a1228d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | df22a731c050b83872e9dbc7c8e7cfaa |
| SHA1 | 9a725bbaff46a2c356d7309f84aac888aaf25e2c |
| SHA256 | 1b072d6431dbb6e191c6f019a51cf5bde28035ce91d6ee8bfa214a83ecfdb97e |
| SHA512 | 01bdaa742e83f2773855b1212dda484dbb3b9fc70708a33527aef61e9d508c37a2154ea1ace539d4bfdda983603e1930bc763c6c0c812983ffc1a0fb6d453f71 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d174.TMP
| MD5 | 353294f926842f4c3cbdbab262478ba1 |
| SHA1 | 3d2ba1f4528bf396b1229360d48bb7d82b5f932a |
| SHA256 | 53bace17abeab68d9076894834ae11d7282436768541960ce7e0ccc0486a5209 |
| SHA512 | 5687cb78b0fda82b869a9983c5b6c85511e210e9a4be80bc98ec781777d67ccd6012386788bac32f791d43dd191eaa454c73e6c1dce7ac211145a2587829ff0f |
memory/3348-326-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 28567e67300fef5104c2d3924cce16ca |
| SHA1 | 01e8767cb641bb705b0f388d8c8ed2e2fc978b8f |
| SHA256 | d8c5b4fff847344338ff9aa26bfd950d1645aceec4b25ad614bec5e06c804e8f |
| SHA512 | 5de6ece94bfcb7210a1de2740a03a47e8e3e594de74aa628b3245786ede46c091533350d2d6478a47e919eb9ee16edff00473678dc527f2ab6a27008c0620427 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a7ce5f267babb5659c70d06bcc0f9937 |
| SHA1 | 3c4a9d2210481a807b0acb1c0687d93b632c30f7 |
| SHA256 | 68923ba991e2b01c2a438edc1f9f587d50623ee53f639c52b5b88acdf4e36059 |
| SHA512 | cc384a5c74e404aacfe9edd57b904fcabe796e7b688880c36eba8138d2b8532d2ebc008bbb5c3d48034c6b4f1e7e95aa193dd429d26f298f5b6c5b049ad0b484 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 139a4f192fe26572f3140317723dddf1 |
| SHA1 | 4095b3b2daf2fe465cb397613adaa0efc2314e11 |
| SHA256 | 3adebb25a87c2915bb6c9c6890d471cd0ed1b4d181343174afa018acfb8164c0 |
| SHA512 | d16fda9be8ada270beac0f7eead198d0cec5f4071e994a9942f92829169de532109b6618c4cf93b5c0147857c7609aa720f59469415673795718af55aba2c013 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | bb65eac96b5a51c5d210b790d95273ea |
| SHA1 | 24186c18938515381de9cbaa71aea8064486fafa |
| SHA256 | 2aede8606ec3713fd4dceb7979aa069125d65f17f289c4a6b860a23cfe6dbba4 |
| SHA512 | 235a16c9b118318aa61728ab0e71556aa1ce739100959f22627e8d80c9d2b4f591c46bb7a8cb15c58776208e6cbaa7c2e170060646defdb8c56021801b640453 |
memory/3348-423-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3348-429-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3348-431-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3348-432-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/3348-433-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-438-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\6893A5~1\state
| MD5 | 73edc80553a992d4df5cb76574bfc057 |
| SHA1 | 9507c289688ce34c186d8536f6758c4d2411cea3 |
| SHA256 | 5e04a16cca601cc9fa4050c97d08e28fe4a7ed45829cce1ee997949b0f178c47 |
| SHA512 | 3a753b66281311dd5e05d88c8ec152b1cd1040078953df756cc5c0fd18acce52306aa7c6dee1d54c48164cd964eeb7d31a95f8326d331931a2e4893dde549089 |
memory/2864-442-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-443-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 675cb66bf44402292c9f513e881cfb31 |
| SHA1 | d386b8b985974dbcc333a5b4c4d6b249a7ba649a |
| SHA256 | d34eda46ca4c4455ea9ab8434b3306eabebe0fe1eb4742d10d0d7e3294e31025 |
| SHA512 | 9891cdfc97ffdb629392f22423daa9026265bf38db0728263a3ce41e2357a25e50577cf81ca79570915dd0fe4e43facdfd97b3165e3fdd80b4d6d3c910aa4c06 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
| MD5 | bc6142469cd7dadf107be9ad87ea4753 |
| SHA1 | 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c |
| SHA256 | b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557 |
| SHA512 | 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 3315f26db87bf6fcfd969a5de46bfc89 |
| SHA1 | 25dcdbcdae15486b260352197f9c6b9636774096 |
| SHA256 | 25f7f9ddb26a79b195e6a091c9b5ade4cb6850d010aadbc5e2e3cceb89de8bb8 |
| SHA512 | 02a0d675703eb96c4bb06da42c2699d5e64066adb23deb7cea521834325ce1869f16dff93ea2431351dabcd6f2e697d8ff23c34d1f7b4840f97d8bd2abb8a23d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 6df0f3cb315cfa215394466aa8273e2b |
| SHA1 | f6781b67f93b79ba101d21831161c4aefcf6d374 |
| SHA256 | 2089944673c7da38e47450e19b6b34026bd5dad71bd75c14178a1ed0c40679b8 |
| SHA512 | 40dfb94a0efc0457c68b85c027d50059a29191964c4df20edc490ec359a5b33fec80d6ffb59326e2570ae7c27aa9f1b241da555bd8deeebabb7d3415ebd651e6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
| MD5 | e88b407e3c819d8f38fe7a34d2e938d5 |
| SHA1 | 5f7cb1fb2b649564d5534198b640eeb66979bf42 |
| SHA256 | 2ec924aa2c5348cb6ad64ff2294848cd8823503b444729ff88be9e456daf2c7b |
| SHA512 | 6e2bb214c2f697b8147e95d308a37b9747c14cb533bbbfa49376cee6204354945ce1a602e81dee70a14dab58fb15f793affcac331d4698427ffddc9c119e7ce2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
| MD5 | af3520adb8c7e6f67e7c7da194a32e24 |
| SHA1 | 16ab88aae466c87481927d8e69706674dfb0e811 |
| SHA256 | 5aab39176d2e4bd06372565ec4fe5c3eed4714317115790582198681ca9de8b7 |
| SHA512 | 2a10475088d6732968592c66ff450ad9613513ad0334649c3177e842eecb95d6c4e69cab8fe0cff13bd4bf6a5d474a7d4df7705e00f778396a1ee09e7f7abfa8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links
| MD5 | a251bd5bd0f9fdcbeedbb4280970e8f6 |
| SHA1 | d2e18e6e8a678430a2fc3a10f0bd26978fb30148 |
| SHA256 | 103d554fb38adeececae80efafbc10b086c3b72055d14258088c191c487dc87f |
| SHA512 | d329706c40bf1e129f2bbed4a2a15714e9b38f93f08fa965712fdebc1f9b7be6b7400c2f825fe4a9b439a93d418ac2006fb3aa3ba5b723a779eb1b202f108ef4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13366220639005718
| MD5 | cd731d817d1611bebde2bd986d0d78e0 |
| SHA1 | 6aaab055849519bafda6938df16cd9923c40c06b |
| SHA256 | 80e36412c20f23a166ab85091d059111c46a28bfdf3c9d29d13cadd19b0622e1 |
| SHA512 | 90dbdc609befc282bc41442dcba87100813e6113d089342c5749f71d2ac17e34f86185ae331a905bfd3bc5b7a75ae63e912d86324852610cb9a0266873e55293 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | b5416451ec10c81cb0410300f6ea7a12 |
| SHA1 | fbe7b5e068a10edd86f9ec43a126af2f451628cf |
| SHA256 | 7bc4a9f908217010a03f85dcb06c20b0061a49141eb2884b4598269bd70b722a |
| SHA512 | 339ddcf3ddf0bffbbc04ec9f433b59d3d690d8900334edcac8b34c926fa0e7a376f10650af02ff1ae06e57cfaedaff12ee6032857d8a84f90d69e21857f2fd5b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
| MD5 | 506692155858158cd125773c45b1c101 |
| SHA1 | 1c7a72ed0265a8eaf8195f93dd03d49ce1b182ad |
| SHA256 | 391d80c1987e4fae635892485333d94fbb084e3d8f9b8d79390c9ab27ae6a2eb |
| SHA512 | 40aafc3476fd830d7193ec3c4dcab58e8ea55dd8548423b2cfccd8ed7a291c9225d50520539c71f731e0e0921821214dab47f491435d46cb3fb75000d7905408 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | d17055b51cec14cb018e6aa10a98e9fd |
| SHA1 | d3f508921fe48abc2ab550ad4d9a9a3886ead6d9 |
| SHA256 | e535c616720789f0a742258114db1ca4be4928bdbc5c76e0750dc2b3f975e933 |
| SHA512 | 500f2c05638d19092c2d6a39ed963522a4b8db2980713f25e6098af1a082d64ef3f6a9c570856d3445014d99f9c7e7c4837bbf107d348c2f8cf4287db4e740ef |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 9eec3d37df00766427ee5be1e990d8e0 |
| SHA1 | 7b5eadd2346f56237ef9fc380cfe6d3c40e929e2 |
| SHA256 | 31aa2d41d78218545e01d91cd41df68af1897a4d09249f183868141d12fa576c |
| SHA512 | e59e2cb955c3ed6bf46b619f0c324e8aed83318ee2163a2aeb6d605464e18f5bb4ace70fe7ae56189035601c2714273b05170291196e7d04d8c66bc2e1806b00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
| MD5 | b8a2c92dbdb8a26ab937f5e5095e6ab0 |
| SHA1 | 9edfa62403a89c918de31188df62beb1e3bbdf38 |
| SHA256 | 75a0797e1caa93c4d4356ba91921fdbb8f7f501ec758d37e592ec56ecda2ac80 |
| SHA512 | f3b97ceb891567d7835c4165d8df6a7266cee0e43020ddabc043cfe1a47b968506f68f34bf41862a8982be95aa118976634ae4bb8cbb31d55a9825a44ae07895 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 9041f452f6c15b11086a33b25102fc2c |
| SHA1 | 883895ed97a42a25870dbb3b2300aa8233fbfb68 |
| SHA256 | 9c79bcf689b78247bca0177ebdd87c6a5805c0b859e294927472627879bac033 |
| SHA512 | 7eb8137c3fb9299713dda6842facee36f14e3811c2cac570147da01b3c88806d44e491a03aa0e795cd0f7219bbe64bf3cff2bcf6301ee12d56b6664356f990f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
| MD5 | d9eb7e06eb54bcb944f4fbbc1d317cf1 |
| SHA1 | 8b7a97921cfbc09168b0add779c73ccf62d537a1 |
| SHA256 | 365e8a4b9b8759efba13f06c04b89b89da733323555f1c9cc649994afd0b2ab0 |
| SHA512 | 3ef2f01893df8b8deaab67a484e970933728a75b019bce065930c7cb56076caa484457ec107170e24700c676d77cd4b4c16b2000be15016a205c5971131a5adc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
| MD5 | a46006f9c22672d82f2a3faf299f9837 |
| SHA1 | 4e73e716a2051c7ba810b82b905df54463633c16 |
| SHA256 | 43aefc97b2ae5539c93b1aa13b4b4d94d652ea1b866b820c17b1868037afb121 |
| SHA512 | cd62744ea5abb4057cf9cd96a0981876ed3de31893f8897d3ef374bdd53094dcbbd2775bb6ba2c8144924575081d9055d86733eac4ebe9ec7b3453739ecf6c1c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 462ac7a6623fc7f2830603a80c11d58d |
| SHA1 | ad32f9bba8b7bfbff861e9856e19dd117366512c |
| SHA256 | 37fcb82ee8d04a9cec263f85c8f6b88b8800c12d45480484ffae79c90f8b1846 |
| SHA512 | 2205a58383eee9e1af265fa93d27299cf2f01281c0b02eb091180a5e0790ec2112282f5ee03b851fe5e4bb91ae7e160a4607706b91f32a641b760aa799a368d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\f_00000a
| MD5 | 53179cfa9bf8486d72444dfca7a0ae82 |
| SHA1 | e509dbbb367eda74210e6a3565a7cbcac0d22969 |
| SHA256 | 0afc9b9f917c36112aec1dfa511cc60a29866de8125ffeddd7da7edb9d3dc53e |
| SHA512 | 4db84694ec23bb86e34c422357f7e5cc443abcd9280236c78e11ce102bdfb15b4bf592809b9ee0ce682930f615c440e7bd1aa2191c25f1d588af4a417fe1b9d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
| MD5 | e368622f7c7e068a36f03b2311b342c7 |
| SHA1 | be15b905ab4bd19c5a56a4788dcdbcc23b9923b9 |
| SHA256 | 4f2001bf5b000c1bb0a838c37cebabbeb5cfa85cadcb8ab745ac80c29341a209 |
| SHA512 | 64a53e1592cbe33d6fa04f3a562af7bc0d01771ee34dbeadac59678f5825d510d97235dbb87ffde3def257ac159ceebe146dd880e88b994be622adb1550ea218 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
| MD5 | 2820f05e19ea6d91d23c2e437d8edfb6 |
| SHA1 | b80b040631240a8f14b0a53d832c23f6040cb23a |
| SHA256 | e06997efc0ccc6efdefb40468dd6eb2ffc5d2320bb3ed76034b1a1cc0041a09b |
| SHA512 | dfffdbf4c00c592ae6699d99b773e634dbb479d891190a5210617f02687dd239e365f96f1dd8c1daa534867678799598a27285f6cd4f80c9b1e534fd2ee33650 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
| MD5 | 83747281a62f17abc9e81e4fe4628d18 |
| SHA1 | 3fb6d5f3642c2433fb8b77aa5c99e2d7726f3f07 |
| SHA256 | efb533f1ea0f0ea8be20be6887748b1558c835439024577acb84f2859332a0f0 |
| SHA512 | f434445f095d0124963019c21a00475baaf48f7c3855130ebbadf4105ef6f680322e704b142e9af1bb7ba84381dd6926866a678e3ab918e126339b3917116bab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
| MD5 | 8a10dfdbd0b4dd412bacdc804ad311e4 |
| SHA1 | dda452a04c4cf60c4bbf711b83d9419647710b3b |
| SHA256 | f5b7f81db92843d229636808069c45345a30ca0b3ef78850ca2eb8145307ea7b |
| SHA512 | cac381859db03e735dceee3e82a2e18b948c24618c252d1325d1280702c6eb80c63bd19b9ea34d69c5130b210e03f30ef58a824f04f1e6372c3dc11c52b5c6f0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
| MD5 | 90209af76e40066e5f9c34810a5a6a78 |
| SHA1 | 0525ab63b5d64405b6733cb870fb0b285a2d8329 |
| SHA256 | 8eea921e1c256c1f613a11d3c77eb0eff9351ca54657fe1f53aaac4b54e50dd1 |
| SHA512 | 2e4d3ab501bb5b37048c5bdfd977479e7d5ae80d5042d2890e754e131c3d9079bd0acb6fc88d69d5b72cd1b4de7a646920d66852ff5ac34d68308ccb09fe6f6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | eeb01e8810f464dfb58d3f992d455595 |
| SHA1 | 51b6aa353f38d4220f19e2203fc7d41ef95f72a3 |
| SHA256 | a2233e8c6bd6df5ad16e6a927b81a95c0af709ac433aaeb18ceff5586506f4a0 |
| SHA512 | fc813974a7e2da64f258f021e8ce054877e26fb03c74a2ed6a8c0a027b64130648556d821004bc798e4365b0ec4ece0abe6e9ed225e2526cb210a3ac3479503d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | b48f9b6693fd4e5bc26fc0395a1c93e4 |
| SHA1 | 1b5a434cd4cf458ab5632d5bfc2337ee0d04368a |
| SHA256 | 93b222c847f56010091e9ccb433ce28f1ea1d79e761e65a634bcfdb2b0e2e8f9 |
| SHA512 | cf3c7085f1954ccdfb2703f3497254a2834b51fa1d6afa64d5da183e019fb514f7b89dd5aa572f29b899235013ced54ada11448e21cc1f28134725c7d2b7f808 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
| MD5 | b6c279cea58c8348b0349b5b35a63e1f |
| SHA1 | f9802ace299fb537d29ea8e2314013844a49882c |
| SHA256 | f446381f98b80cc02c985218659f5e81773eeb48cff155e6662c02591adde0c4 |
| SHA512 | 5c5ccc092edf878beb2be0b73b0e22a8db0486cd6498cba7c0924f495fe8299b5c255e67721af231819aa8bff3cc3f14657fa30b5cf4f486cb50109765ceb819 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
| MD5 | cf2f76b2ed4b9cc749a0b362cefcbe2a |
| SHA1 | 7418ef65eec293f9ff0e85751a69fc703806151c |
| SHA256 | b3efa07003e01084f34a8f71ae3dedc0949038c2fb6961967cdafaa39c1c783c |
| SHA512 | 561b0641fe87d4ffa0b3b919cf4aa6d2471adc87c58a0b8da00737460394c76efeac688b913129697240f4efe66bf7243b29903bc8035515791d7839801119a9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
| MD5 | e51826eb697636b160e9a165d70ed74d |
| SHA1 | 53f7525c5ee8eb300dfac5fc6765cdd62e440e17 |
| SHA256 | 9ff2809111f5f505588581b68f74bbd72db1e9234cac93798809550df80467c1 |
| SHA512 | 8fc0380d49a0935c3180eb9e887e667da18494c2b02874ce8f6c5ec8fc39aea534b123bf980131f1f1f8e0e559f4ed5b8eaf5fe9d70800235c61c7c6927f863e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
| MD5 | 255a58a6b01f6084504f4148a99836c5 |
| SHA1 | bd3f1dc9aa15da2d0820b341026de230d2d6753a |
| SHA256 | f5fe0eddf49eea28e29543f7aeba3360627843ee62faf722a7cc105e591767ed |
| SHA512 | e342afec7f5c05f610b9166143bac1069af29b7e4f560dc2ff98e217d966dbb0bc01d1dade376e289ae9e4a9615254602f8e5fd62f180a4e25219d5f8acec53f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
| MD5 | 9eae63c7a967fc314dd311d9f46a45b7 |
| SHA1 | caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf |
| SHA256 | 4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d |
| SHA512 | bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8 |
memory/2864-502-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d070a10d789f716bf8de725711926c6a |
| SHA1 | d94986cb23630db3283744281a6ca9e294a0e99a |
| SHA256 | ebd708427f094c6bfef59ded0557e298f2bcea468510b1d6f945d2651a522c77 |
| SHA512 | 897e1d1abe1d588be75b71664a765b6bbc371c7753ebf70a84b0b4c14bdae48017e4806ba19b3cd7743e96587ee4b0dd61b0723297378509d44270e5b2a91ae3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e8be540c2b6aa3fd05cdbce1c5c8fee6 |
| SHA1 | 4e0277d2199238aa44cbcde1409307f900e73e88 |
| SHA256 | 21553b66d1ce26ad818eca5d935a84dac39ae81c3b936d87a5662d4cd313fc85 |
| SHA512 | edf7881c5593121a393a7d3a7ee9442146f0d524d38fd982ce37820b1fe6a034c6e72cf4d712e8a08ab64fdcdb4ebc71ec817a792ef321704e9d9ad9fca70c8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 03b25fb24d7b7cb4cca8e221c5e72c94 |
| SHA1 | 99644cd405d264543318b32b29a0791ed91e8e42 |
| SHA256 | af81a5fdc6d111624db773be9f5ecec9f73aa24ecc33bba83c9bf6daac88846f |
| SHA512 | 3d6246c07a943d2f2a743c77c249d48356dd9d2239283c749805f3686380c06558147082456f2656b27c1eeb984302aab2667d594d4fa76897e4e976e4d795d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 19f6dd314e8107268fe856b2c22c25eb |
| SHA1 | a9791b5d86ecb465b5d581a29415bf995cac7334 |
| SHA256 | 92015da750e601f6d716434cf9d89feea01edf949b20112866ea5f453a665159 |
| SHA512 | 40129d1e3ef03644d90376c3d4615f918a338f0602cfaa7b8df2164c6b7b5429db8181be0b02a6705e58416bfe7b909d949f32a6d64c2c33d1fdb09b13475f33 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 2089e05a22271d3fc9a7e639244e4178 |
| SHA1 | eaf2bf50066afa3d307dad7b72bc5724702f74ee |
| SHA256 | 05320402edc48066858d25446c9462f85e8da8ca3fab955036527d5bdb41e680 |
| SHA512 | fd18bac143793fc1161dce6fa004b5f9debe60969ed032d42b3ffa436e3f25d4ca4454c7db50ae3f508d03262d6f54f9886b2cf0b6ada4a6ae9e2769e9d96f42 |
memory/2864-604-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 2489c3eb1da4df2084ed53d0147c5520 |
| SHA1 | 01679c9c6fde73a330bb6bfaf04b482d5f3cf05c |
| SHA256 | feecf73304ec7f3a02e7316da3771dfa2ee7d2a9e7e233be7da682a09549ed7e |
| SHA512 | 8d11d7e5cfa8e621992fbb1d099225186ad6e5026624fb89b49918daa1e05af0676b053d7e2110e64de9186136a3ef5b70daa2b5f79697e515f95079b91c0a92 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 57b9d7bb591d9cf9a8192b9ee3418418 |
| SHA1 | 20c7f881514ed7d1ca8dcd400281ae6fc5bde679 |
| SHA256 | c837fe2972ce07a03fc973bb9c52a792025bcc3bc3a6704fd1bf4244b27105ca |
| SHA512 | 701110e5878c0b58af1b5369fefbffb0863e93c08a9afdf9d14e51e421c885c945e6df45cff1fa7e7e05ba1f28ba17e1a54eb28e7c59418820f47771f98ccbf5 |
memory/2864-642-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b826ba7d1c3f07443ea446f57ad12253 |
| SHA1 | 1d0aa7fb0d788d1642e07f70b9be1cf8095b1805 |
| SHA256 | cc9534b0390fb27e6366c1034dcce9602e322df42deb6f40017a336379f35dcf |
| SHA512 | 871e6ed85a2b0af82039628543e12b7224839c56014475584c30afd9cadabb9a8b42d0c49ff60afc9cfa5bf729b4a5dc51b3294ee2e1144427a0a58ac96b68fe |
memory/2864-671-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\Downloads\WannaCry.exe
| MD5 | 5c7fb0927db37372da25f270708103a2 |
| SHA1 | 120ed9279d85cbfa56e5b7779ffa7162074f7a29 |
| SHA256 | be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844 |
| SHA512 | a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | f9c065cbe39b227a4d9a7889de85afaa |
| SHA1 | 3f2fe84acd3ff5ae0fe703b0f8a0db2bdda51830 |
| SHA256 | f561e228be22fb19ec482f6178929a9398c6f95bb8d1306ef182f7150443927e |
| SHA512 | a278006b7869ea05c7a08d510f59d6f2a4c2b6de8672c661c9c08f165d2d9cf0e056a0182a3dba61c5d91c140433219123205c3827a99f60b9c7f47a5f444272 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ad9de94082846719a3e264645c75a036 |
| SHA1 | 9dfe929881c98cfea7fc09582acb0c27996ed429 |
| SHA256 | 5617fdcaf85f1f499dc3a9d917254f612122642c3d79a49cbd4f882df277a1dd |
| SHA512 | 44bfa40ce4896fc47aa421d40c93dd6aaebf9c9a32589f328a30134958ce9d868f67e77fa9fc967fa5589289768b7ef7ca3bd515b51e81cb0f9fc0322a6aa813 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ac7a7d94a18fd9639bb616aef29de58b |
| SHA1 | 06102259309c9b849f188264ff6ee9e3bda33395 |
| SHA256 | 96a4d3a0db11c8133d88716a780e680f1b06a58a7406ab23e2692a9e669b8fe6 |
| SHA512 | ccc8b78d541755c72630ed164b91e99938e5ba2c2db789e090d71a1e7144b7574001b09ab2cb5e10b77fa38a4889d4511c31660e70803d986dc6d5e9fc1c2f36 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 101c80964f7ffe70a708312299b16116 |
| SHA1 | 873fdb9747376ff9bfb1f5bda51d7a7b3795ec2a |
| SHA256 | 45cd3d05c4cdf1db36995b24a5763cd7d6d272b38b448b49d3e0e61da63f75a4 |
| SHA512 | 7745ce55d240c89a87c12a396a167abc1330da07919128d6a2b98c6f8d1bab7b1cd10f48d3e0829c56a36bc25535f97cd02c7177843b8e2920cb9ff7b6bef421 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 137bbde72fb4db4fd36023efec4c2cbe |
| SHA1 | 907c1e41d718d532141f7c6c0754f3fbf0f3d5bc |
| SHA256 | 09bc012a067223e5fb59670408d8033923ea9170de7b72fb74123c2718a678ce |
| SHA512 | 05308442359018829c0cceda34107661db85bb14d35bc86c316a0b8199fa51fa18db47a3b4263df3e923fc2badfb3c1d57cfe612f975823a92da4dd38736ad18 |
memory/2864-794-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-795-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-796-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/4148-803-0x0000000010000000-0x0000000010012000-memory.dmp
C:\Users\Admin\Downloads\u.wry
| MD5 | cf1416074cd7791ab80a18f9e7e219d9 |
| SHA1 | 276d2ec82c518d887a8a3608e51c56fa28716ded |
| SHA256 | 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df |
| SHA512 | 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5 |
C:\Users\Admin\Downloads\!Please Read Me!.txt
| MD5 | afa18cf4aa2660392111763fb93a8c3d |
| SHA1 | c219a3654a5f41ce535a09f2a188a464c3f5baf5 |
| SHA256 | 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0 |
| SHA512 | 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b |
C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk
| MD5 | fc80ae0abe7ba42a6a05c272491a178c |
| SHA1 | 109216d831a5915a03dfd451101fd04d08ababaa |
| SHA256 | 6f9971cb6feef154afaa13bcc94ee724dd7a2011594ea96d7f123999fdcccffa |
| SHA512 | a84d87a66ce5447eb805fdadd9d0e236830d3454dd2c618eeddc81045a5e4f74b77805cf202a57169f19215f2beb647f81c03584e417ff6a1d24d9cffd212941 |
memory/2864-2139-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-2155-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-2157-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-2158-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | f6714ef234f08729d0f272a1e0c8e68f |
| SHA1 | 36299cfce384f938a8e7e4d400f464347e3d1892 |
| SHA256 | d4bf857f85faaddfe5df3a28f9f27e3aac98b5483fce5e435b52f36f16ff7363 |
| SHA512 | 278ec8f8ffd6afe58a4eecae80f7d228d2a10db46e30c061e9ca6e803c00f9b6735369ed8586710b0fed57a0096a4c9c71df722ca2e519554022729be69b1eef |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\search.json.mozlz4
| MD5 | 41d220d4783f67d2b57beec20c135229 |
| SHA1 | 6e97765e77920b6010fac2cb4abf1e3cea106541 |
| SHA256 | 5d1881e74d76b95bad59439bb5c7676258a4ae6b6d853074e93b5247cf1715dc |
| SHA512 | dc30ddc4c8cfe598de5e24bc88cebbe4256fbb21a0b1db6c2ec15311053e7d8be6a93a0bcfcfd8a02543f8b9cf9b15a5840154b272a2df71d59d7dfd80984ac0 |
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json
| MD5 | 7d1d7e1db5d8d862de24415d9ec9aca4 |
| SHA1 | f4cdc5511c299005e775dc602e611b9c67a97c78 |
| SHA256 | ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda |
| SHA512 | 1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\9178c08b-19a1-439a-8ae1-72b70e6a4cdc
| MD5 | fe2c1538be31ffdce7866b4030d8be4e |
| SHA1 | 7158ac5144a233a24da6e6a77babd4b8e0733c73 |
| SHA256 | af1591b1fb2d082cf2ea3063946ecd6cac34c8d6dea32bcd06a2943f58ae62e0 |
| SHA512 | cace48fc504e4bef10acf833c9965cb6e93b425b496dcac458f721ab32df6751cbe13f8d5511cc13abc0481fcf602dbd10d5a668ae48f3a566b703f75d6c6017 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\53eea0cc-2675-40f2-a224-02a25659b59b
| MD5 | f6c905b7eaf72e0d9df260c54733291b |
| SHA1 | 5db760e4e6b2cd69f5ffc8ef32533589ac113722 |
| SHA256 | c605e2085a2624570ccf87d11e9307a95308ffd0b41eb82465e241212b72ccef |
| SHA512 | a2b87309217ec4dec14db15523c6d97510049b3efd9a8ecd1d681ff03fb0b08573a0f3d0557c81025c84c21fff90a5fba2e12109fc6dc72a2575a02d55ce6560 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\extensions.json.tmp
| MD5 | 5f1daa4869d7403f3e013e87d303328e |
| SHA1 | 3c587828576b69a1a4d7de4fadeccac1c526e4f2 |
| SHA256 | 4df13e37161ce1ebd9bbfaa80a279d93af966c9549be8046f1f129a8613a1c5f |
| SHA512 | 9dda4871dc98795c9c7bf59da30356f079c028c9d385b917ce84cff7fbe550c69d164f0df99eaee36a9a846b4ff6e6cb22c8d5f8aa5da17ad2b9ac1f7160f893 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 12305b0f1d32218c8a118050586c82ad |
| SHA1 | c64b0f6a3352b31f125beb457c58a0509a23e7c6 |
| SHA256 | 3a7a6c4d482070ae8e6f1f0673ca9d024a3aac1c69cee659f39d1e2e6b2f2195 |
| SHA512 | 79430f1e623ce28df4facdd67f85ef93a8a90c58260379469142624ce4d0cf43e04874d66296e33c7c73b2456da12b45b15154b7fbbbe38291bd3111f5271f23 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 26dabaaab2fd56ea7110457a1dab6303 |
| SHA1 | 6dc9a0821f3243152be6cac88e9fdd44b80283ac |
| SHA256 | e5dd18674f6e44c301c739f2f1bae0ade6bf00c9f37464ae0a133411c9265fc8 |
| SHA512 | 1dae16562d8358695fa0b82db2761091590cfa3073e0ba60838314a277502b2d20dccb6555ed98a8d932adb3307d442bd8bb521919614dd2a98e6b6bf5bf0823 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 629716c7b9d66936634c9e02372c7d16 |
| SHA1 | 45d6ef2c1de2d0289897576d86ef0c1fa4d83541 |
| SHA256 | 6b4de2f6eb6c5cb23ba5d65b231b5b53b335608fd1be916b5210325b8eb9ae1f |
| SHA512 | 7223acbd28a29d2b4132a846b370d68beff82e457eb10ca5705de016d13748e2b365a6de9f96703fc3855bb5a491495a5ffb2bad125ca9aae101819be028e80a |
memory/2864-2355-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 7f868e557b098795d645df9ea302427f |
| SHA1 | 001f3306144559b4049a8ab139b4139f51e59c0e |
| SHA256 | b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5 |
| SHA512 | 56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | a5a9236a1045a891e4d7174514a1489e |
| SHA1 | e1e66865c8156d87ead1a8e368896ad2932781cc |
| SHA256 | 6e6c8d3173b41e501df4e43883be21c80ccb4a75a0278f45f36ca62a0f9fe6e0 |
| SHA512 | 7ef1bee4b36cbecd43749b01cb8b1d7941e0d45982e0c7ccf8b414e8087f93b80212d26130efd3a1e1e4f194a808f11b7b9d1f6d3b175c118d1156d9cba54689 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\key4.db
| MD5 | 3d81dc70f89c9fdcf4a463bb68c5d54e |
| SHA1 | 50e1c2189d7156e966f7ee3e5a297b3e0ce2102e |
| SHA256 | 7d644d13a67b104bfd6c7e5d1e42fc2a7990756b320fe9e02553262f4210ff2a |
| SHA512 | 2ffc6ec10250f864b47008319c08c24d1e8f7eb49e5518a09cf9f660e8fb80b89320f5ab22fe4b4874fefe0891334f76e97d8f6e81a157402928ee4c82978004 |
memory/2864-2404-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f3457064f400e3fe9a51907da15c2176 |
| SHA1 | 569aad9c02e9fd15fedbecd5021e86875d621e9a |
| SHA256 | b1a5b50d75834257dc2aa8b7d62d4f7e1fbaa1b048e03cc448bb3167a617dbbb |
| SHA512 | 81222270fde7aee8d6b5725bc2958c1b18ac8860b698b725ca354d9d39228947aa290884bb052ad355a7952ca32550c5e81a08e0016bbbcf8aac7aa28a299b85 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 4962cb318057a9e455657a3fd1165dc2 |
| SHA1 | 549cb4556b00e958a2936146370152c9633711e8 |
| SHA256 | 950b756a97bdef18cb835646cbc01027db4ed16d1b04f6620410f27c2466b3d0 |
| SHA512 | 87a8e2c1f5f34a2d2e71300e7fb2ebf862592654c1f1a52285b1612d8d0b8578ee6c1fac65fcc62b0f72a7f41fe2d726b33aa1de63882dffed80e74bed867f5c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\19673
| MD5 | 7654941dea907f7ff19a70dcbf50e5bc |
| SHA1 | b98e9dd3daf3f2633d6d3118651ff2c6cdbf4b10 |
| SHA256 | 3166724be45c3c5287d69c3d12ccde0ca1a4fea8d6178bbeece85510ddcd6724 |
| SHA512 | 6bc0bd25a10e590b1986130fc3fc83ad657553a082559fdcc073655e94aa205cafe1bb20c97e4b390a94eafed4234edf4f36a852729dd47ad307073f10957050 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12391
| MD5 | 5ff55510a6d88b1b4f45e1b8835300ba |
| SHA1 | b9a4226c8a13930a49b738c273af2b80080556fd |
| SHA256 | d9341930fc008c70fd3322cd4f6b09c92bb8d84696e35210845a0755300bb31b |
| SHA512 | 3b5ddabbdb4232465b55c2b6229ed2f1bf059bcd3d868d5cad28826fee097ef28627f9636ef24fa9b156ad8182bd139c5e16403b70e59582511ef3167d402063 |
memory/2864-2560-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\Downloads\MBSetup.7HA88FKR.exe.part
| MD5 | a12dc3ba25a19b5e999d7ef2e9c3a8cc |
| SHA1 | 8ec6ab9e35b497dc7dd26ad14429cdbf6e532ddb |
| SHA256 | e3b4af98aec1e4e097b75b3d1826dc28b92aa81491ff11136b415360ebfd7552 |
| SHA512 | 36e38a47cebf187a943ead10cf83fd9d7fe59f6075b3424cea159f2626d39bdecf9834a64df366160f10d50ca8b503d249de8de8acf949494496951bb9f1f415 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 59b911e8363a53be0b5bc8dd98c536d7 |
| SHA1 | 880eddd38f68700b7abfd6879bb4d00782480979 |
| SHA256 | e1387da56b4a0ee13fb693100b6a4ee2dc88b3baaea238295af236380f6199cc |
| SHA512 | db58b4939ee89b125f28b24e8cf562cd83979988282926da586d9d6db5ae1b5080e6f92508176cea89da2bda8d8174b99622030e686856dda76a3ed3f82dfb97 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9528e9b792332e911d5cd2209d1a4ff5 |
| SHA1 | 27d7da0e60a819df0f76f37e14d31de5f6a7b819 |
| SHA256 | d8d4d3f99bbf8cb02e886fadac0519310317e167d1a071206f92e26c29c9652c |
| SHA512 | 9421a570794faafd2769de4cc1d6d03cb26425a3cde120d773c441ed9b93ef9ba439ccaccaf8642408aa61784643dcf163e95c5373edfe6276942856ea4b73fa |
memory/2864-2617-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4
| MD5 | 5b11470a2b4b95332e7627be5830b04f |
| SHA1 | 8c10072f4a052e41159c1e11bab142b7cdf4b5dc |
| SHA256 | 746aaf20bc6d025e2d2b596052bbbd8d00ab42ea4b9093a84b0d83ef5ef7e1ad |
| SHA512 | e6c58aefbb6fa0cf8b058c292cd41b7908cb2f8f0f7e50f79668d2a821433de74084619ea5f696a3a1c46d0b1f2962678a2b87e1eefd9cd926cee36a62b37200 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 555bee2e04305eba65a406478aca9b32 |
| SHA1 | 2c8a1f5290e23e7b2d173c4ead497301debf2c60 |
| SHA256 | 26896a93d22077be8147b9c0ea352b72ff59bd53a636d0072166e3d201d8d43d |
| SHA512 | 272699ba704921099f90f64e3178d86da80ad0ce077473f82ef5c9f4ac111480829f6611dbff1cfdaeaf4d24b916760c89d67fdd5ddd01f1161dab39046683c0 |
memory/2864-2721-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-2722-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/2864-2727-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\7z.dll
| MD5 | 3430e2544637cebf8ba1f509ed5a27b1 |
| SHA1 | 7e5bd7af223436081601413fb501b8bd20b67a1e |
| SHA256 | bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa |
| SHA512 | 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d |
memory/2864-2921-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\MBAMService.exe
| MD5 | c02dea5bcab50ce7b075c8db8739dbe1 |
| SHA1 | d1d08a208e00567e62233a631176a5f9912a5368 |
| SHA256 | c264dd072a5c7954667804611bcc8a0708125ed907b1cf2f8f86434df1a125dd |
| SHA512 | 74bb2b82d0d2bad4e26138304d4e4ad6379acf19f8aa13aacc749901e7381281d59720d7bfc3c6df0c835d805f134ed08fcde47a79c4c5384a92abeaa4c89f4c |
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\dbclspkg\MBAMCoreV5.dll
| MD5 | 0ccbda151fcaab529e1eeb788d353311 |
| SHA1 | 0b33fbce5034670fbd1e3a4aeac452f2a2ae16eb |
| SHA256 | 2a6ac5a8677bd1b410420183169b9ca9ec87dbb78ce0f11ebac2bfa022df7c70 |
| SHA512 | 1bf9b8849b27491ecadfb4caf4e61926f9a0a8479c247a2281ba2d7c1ae0587251330ee29cc053630047e279ef6b52d3a125e21144b9688f1328f101bfc3c2e9 |
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\servicepkg\srvversion.dat
| MD5 | b302673116414c7c4cc5428d0e50e7e5 |
| SHA1 | 14c56a67d0f3e4f6c7e92146ead787d722b1e89e |
| SHA256 | 2bab6e8554a9f52106e43711b3d1c10b6e1125c9900e67cfab642b0e6be9ded3 |
| SHA512 | 156db182d8d577eb570b6871b044a067e9f70316d0c5167c3127c6b60c368a26f125771b2411a219de39c2c14d2aaeef5dadc2eaeaa7228a4576fe62b2548a99 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 7860e3970ea0b5feca1d717352d8f5b2 |
| SHA1 | 3e983bfc91cfa0db588b48cc8eb5bdb139a989a9 |
| SHA256 | 6838db5da53801d4c6e11a5a2f736ef241e18a973cf058805ea8e1818ddace22 |
| SHA512 | 5f34d0a53df82b9383b11eaddb3e90495d7c5d51a8ad9911c51057e5234d5ead11861538b106e4f8f43a90cd416f7198a7e67d46261f2135518b5b221672d644 |
C:\Windows\Temp\MBInstallTemp533b5607490511efbc3f524829b8d7a9\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | 0b674601f7b05d903b1fd9240dcab05e |
| SHA1 | 967d0951906268c1de5338c22c8f717a6842c37c |
| SHA256 | 993410fed220fad8d480d612bd871002bc5999430cca7b43d96bf6dc7ad1a611 |
| SHA512 | f421035305f6caf745c5c4b0a72cfb6495c13317cc5eed2de3f55fb5329b2874bc0bb399562c9d0763d6230c22dba09fc43f1f64c8d77438ecd86cce1d780ee8 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 829cdd2d01dbe1db331c6214885e467d |
| SHA1 | e75e6d16d28aa14e6238c94d7d86a4a38e721f73 |
| SHA256 | be8cbc1cc2329547ed35698747891665a695b9e23d9b87af5d76779c41305990 |
| SHA512 | e97b5a30859d1cd1bddbfebd1b3f4f20b9a23cbf3f112b44c2113e4a35d6973d38d70931bffb9391fba18bc78260bd4ceb88fba04061590092e8e5217c43b836 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | af9d749e8f8e93b2fe4f5f2c779ce931 |
| SHA1 | effd3262ef93bef60f0c623fb5593c253d2563e6 |
| SHA256 | 41df710e7e9550f190c46465b5c733fae9a80174ca2de04c7af7eab153e8b3e0 |
| SHA512 | cd4b8c61e7aa832748f3fa2c2cc78541a7bb550e6daaee0344294e1a1b4c8cb49e32486f44e1cb49024d1a50546830ba857301ec821b73806dc06f41149724e7 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\SETB128.tmp
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\Windows\System32\DriverStore\Temp\{2d76896d-fbe2-9a41-a1b8-8c2ccba350db}\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | f1366e6bd47eef5bf6c35a748602e05f |
| SHA1 | 255e2d4448f8149c1ce346583374c4b957f80c46 |
| SHA256 | e0ed3597aa2e07f04cab7ab59f976cb76858e33e9e3cdebf491334584d53e17c |
| SHA512 | bfb2be48117d94e2aa8633d1a3b677dd11be1be32fa34e1da323464d2ac0fac387812d6e5f9b908c64bf8bebd30599efd5984af6f9b31de96de59a7c32117873 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 3b1533aac527fd1d15fc4ddf551f78e0 |
| SHA1 | 6a83b510c7217a4577ce0bd2c3b5898d8b87539f |
| SHA256 | fec165fe5939264da3f6dcf484eae8ed797bf94c0ead8f9178a80ba5c1107c77 |
| SHA512 | 1528df156bbbaa464f6ef813d07d3e5ca1902b1deee84ee70c592c7ee967b25850d1e01a4e42eb0c1b2359f4ae82d99f38f22a4535283133d058be95bc239260 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 7fff430483b39e7d2be6e06fe3ae133d |
| SHA1 | fbbd183e94201dfb6dde3b834361dc6e2f97300f |
| SHA256 | a8bae890a45d19aa0ae1de0d85f94c349efec5043a7618b44124456532e82e59 |
| SHA512 | 3800f3213e77016f8ab25f6eca27314aa46303c51913aed2b6e1c950e66fccbaa94c1bd2c8367e0c8ec8c5681ef0e3ba785147e0770d60bc8a463cc9d066b74e |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 1574da875bc847410cd6fa7574fa41ff |
| SHA1 | 1a8eff22bbefa3c3648f75a3ca4dcf41964777a7 |
| SHA256 | 11610243d59ce9ee76814c902395703ae8fdcbf9c663a852bb58159637687aeb |
| SHA512 | 6c008a0d5d165202986423a7bf399c73f8b5281b2310a082999c1e58a283085a3918ea2115a7ef917a9f871f8f55ad397e8d99a79e297ad54faa2488f7de0bc8 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 0bd4c739301e0d04cf680b6f07488a7c |
| SHA1 | c06e1e49002d6b4eecd9cc2f1e6265d9b588bee0 |
| SHA256 | dd008cfa5990f2687c64ce7cfef63faf4fa3ce659f8fb1d3d43a2c2e9e9681c6 |
| SHA512 | 1e2c64b55676d166a7305466c4c853b1cd941fa9cfd7d8625de29576f5a0ae209da56e8f7c5234b554708998dc96bab8f9c68d317560f6a62982c2d51ba949b6 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | f57b6ec8959b38d0b7a6ef72b01e5f05 |
| SHA1 | 60824c8e88991fa2d1ee021a9b5f7cb4f0ef8a2a |
| SHA256 | 4e5f7a20efa242d9a095a663b90b813d8888bf02e9d97d2c9ce636b710b9ad84 |
| SHA512 | 6812bd852a3f73c0d51614ca393c298c4147952ce4c066e9bcdeab2eb409654b33dd75639f73d411701fe97d7239c601fd9dc37ca8a05d8f7110af6a8ce2a906 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | b3a22a26174066a1e12c432b31cb077d |
| SHA1 | 670b32a59284a60dcc99f945277c47172f84607f |
| SHA256 | 48f408f2944970ef8464cd87c77779323825b7bcd921f06a2406c15dce68fc56 |
| SHA512 | 47d2533813194d7066f03365c4dd15e63a16d313d419c1188738f60ebb49c4efb594f3c66333daf039ca3e6501ca71a9ed54140bccd4afbae8f6b663b66314dc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | 015a876591dc3e66749f2ce074ccf2b4 |
| SHA1 | 1ae93ae81013fe7cffbb8e02289f40b6ae09bd0a |
| SHA256 | d42e60a73b6b149de9b1ebc2bae038f5dff19daab4c9d6330901e965dfc1daf8 |
| SHA512 | 2da065c5be0496c7a55a23885ace2710061f73c7906ad6d3c9d7a0ed58039c3b0cfabb8137d7e8ef288a810b63a714397093f0e1d0e58510db149affbb539659 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | d94ffeb3c87c18339024648cd7b00204 |
| SHA1 | e5fcfc0ecdc58362a9a2760fa0e3a93c5e81c542 |
| SHA256 | 78b5bc7f75458b6fd63f816e63cf64dab063ea28ee85037860fa7fa791257b35 |
| SHA512 | 4aff140452c640c15251339649653e04907f2ad47610832e6c2573e87bbffdef15ea33d05bb0ddc756feae0fb376c22aa1149be43582ab70a27edc4b401cd9cc |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | 447572836c3e2ba887f9bd6dfccbcec8 |
| SHA1 | 59b5bfb0333c5bcf9ed3df5a420908e95ccb5e48 |
| SHA256 | 54e27b08258db35b3dda138f1ccbfee05700b80e239b31bdffcb43f73f812ca5 |
| SHA512 | 931470199a52a7d693fef23334956340b8b5307ce0169e493e10ccd4b8a7b7d82c52768700a2b879e2082ddafd70718cfc6fea68cc41123011724e24160b0942 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | f802ae578c7837e45a8bbdca7e957496 |
| SHA1 | 38754970ba2ef287b6fdf79827795b947a9b6b4d |
| SHA256 | 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b |
| SHA512 | 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | ffe5a249402aecd1d0b141012ef5b3cf |
| SHA1 | 9fe9b21390d35a0f82097fddaf1ee18e91fd2f2d |
| SHA256 | 1acc1c8c918e0ac6cdb4fc41d96339959d42a71947a02f573686ee091606ac57 |
| SHA512 | 1f7427472ca3f8a9abf06d761595fadca59b77ccea93477e6d71546a1385d654817cb356585dc05499ef87f61c504511399620852e95a46601f31fc6fa05f2d7 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 956b145931bec84ebc422b5d1d333c49 |
| SHA1 | 9264cc2ae8c856f84f1d0888f67aea01cdc3e056 |
| SHA256 | c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3 |
| SHA512 | fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | c7be7238baabf60cdc6cea9a6923932e |
| SHA1 | 94ebb92cf1bb586edfc0ef24384e205a7b105ee0 |
| SHA256 | 3a9f14409eafed68d6b653b25a5145bd008caf05fe70cfd5497c4932c86e235b |
| SHA512 | 08ee7df3bdc1e73e2527655f19e4367d414850d456fea4755bd80caba322b3b1ef744e44cdfeef70dd7ad86d4398c94f0fc3a34843c37061d5c02a29df9470c6 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | f4cdcd8beedb419a1f7d490637cc99c6 |
| SHA1 | be532b22c5a3f32991aac0ddfc1b45da1a56c3df |
| SHA256 | f973879ceb82076b6357d47f4c80382e766b388ac2bf088803ee10e0cd861782 |
| SHA512 | d86e34c0451763736ddbb078e90cab561357b4816540d5f688702fab4999c2d07719eae047581c89d8dd33b451e9e13ffa0a57dee2feefd13992f2eb18f8df0d |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | a8e4820e175f7d9c0f37c4f63bdf44bc |
| SHA1 | e0aa265a99ceb65255ead59d54ab2e044c7f63ef |
| SHA256 | 4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b |
| SHA512 | 68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | 98ec07ea3fa7c465d9c2313dc3cd02df |
| SHA1 | ee83ed39daac0455a7d3edb9640889b5c7c9f063 |
| SHA256 | 7333bb7e81f5e80bab0db9ee1986f4f2427cd9e063c5ccd1094fc7e52199a085 |
| SHA512 | 0be837e6e186d5b85004094279e516224a55b81c12cfc4b368f10b1e626caffd84a3e1811029fb6bff289b30bf11fba495ce8a9ea6deddc2915cb284c4c9a12a |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 5b41dd0854cb72af6ed577845f90219d |
| SHA1 | bcc21ab1fdaf1a8c17aeac4066c71b6b1c62fcc7 |
| SHA256 | 0522cc557d2c96457a07009faa40dffc414da8f27f5aebd953448a6dc255210f |
| SHA512 | c1eb45a5708bf892644a8bb3c016a59fb26401e879335a29d0c879f37db604679e5abcc59bffd8163c9ff3e76c783e98dff701943ad1ee99915e04ee87b55755 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 1f10ffba6db639931ca0b86e9b6ab942 |
| SHA1 | dcbcf08c6441e1d4b826cd0235b79fcbb7bf76bd |
| SHA256 | 256490cfee92dcefec376b02b905ab374f796962e2f5b74928f638c9ec56cd11 |
| SHA512 | 4f04ecf5ab724bbf71a17f01357c87f870caa640bae4f0048eb7e360627d50dcd931d4179de86d15e73b3451f5a4042d985cca1d7af58ee1129df78a46a1bb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | ad5afe7fe3eac12a647f73aeb3b578bf |
| SHA1 | 29c482e6b9dd129309224b51297bff65c8914119 |
| SHA256 | 7d2c7bc745e07d54f1c26c06d7438eb40ec6f5d17dfa15928b67d447f4c63747 |
| SHA512 | 5be9f8384cc22bb7d69d8e532e7025675db16777b2d01ca1819a6e3d8c7daaaaa23d842d338d55d74eb9973e230a8f9a11ce7524667fee09b18fbdcb5a49289f |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 88fe3a51178fc67b1df4efe423269489 |
| SHA1 | 204e314b796f0369f8d83fdd061e0f96ecca3d33 |
| SHA256 | ecffdcd3d294c2e2fac49a8dcb74192e8450764f69dfe873ce070d1a27a7e888 |
| SHA512 | c7bf00d0e72a0f9dc186f00d312a0c4eed865302eddaddabe15bdd56d90530c1d1005a6f7951c72b1b4a894876261bfeb38e617437f333e394c6f34be9823ce3 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | dd6e1914b430907e0115f64321281296 |
| SHA1 | df10e904648af79b5234f86a6ce63b164ae2825c |
| SHA256 | d73f067ab89afc9c25eab331c12c028eaad421dc74c7c2c3a4114aed14bed56b |
| SHA512 | 67b9cd1df22a3929d57f5f349f625e62e0f5104a0bac070ec1802fad155a52bfd2836689637a71f81d6b7ec8c62232352e6ef3b98f8f38e0bea03a452e0ebd00 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | c94e0377f32e5b87e83df764238ada1e |
| SHA1 | 70d92f185b2875aeedb971c3baf0b80f54999f07 |
| SHA256 | 4d925d0c125daf550d3bf265b27a78f059d61fcc72e91a422a597dd3e881983d |
| SHA512 | 3941b8c320ff8647672e213b6c093d8c7e4d8285c3f0a7915b7bea48deb3e8d6e9938825835d7913adb4d4e4e9161379ac6cf2734bf6f4f5ff94aa81fc809ecc |
memory/2864-5665-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 60ce966be1e1063f3996807af427fc22 |
| SHA1 | 595ec24247d6c05d645fb6284e63bb47023866fb |
| SHA256 | e6bc3212350e6ef84575f37f25fa5d855e1d6d0d8ef205b8424a38c4bc9b88f2 |
| SHA512 | c25c5a2313ab098d007dcbf21085c1db57b98423bf2ce212e37a42098969c3e19d36a2b826e4bd994e9c1a402a872cac32e42f6935ac1487d606a84e494e9b88 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | ef58d3693a1b9a715cac0142f8410c81 |
| SHA1 | fb132c4a1075d90738da3ab083e8454eadf59f79 |
| SHA256 | ec48dffe6e2631232e246f014c7c8a10aeb57ee03b6773f1de3bf2cdd13070fd |
| SHA512 | 9a351d7260e0f6051c959c522292e8be1bacbf3f27cda615f95ea97df8cbc64c2d8202d3526784d95957ab3f922cc5e43d002b8db0f1e7a3ea8a1a1295678990 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
| MD5 | 246a1d7980f7d45c2456574ec3f32cbe |
| SHA1 | c5fad4598c3698fdaa4aa42a74fb8fa170ffe413 |
| SHA256 | 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147 |
| SHA512 | 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
| MD5 | d87c2f68057611e687bdb8cc6ebea5b8 |
| SHA1 | 27b1311d3b199e4c22772fa1b7ea556805775d37 |
| SHA256 | ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8 |
| SHA512 | 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
| MD5 | ddb20ff5524a3a22a0eb1f3e863991a7 |
| SHA1 | 260fbc1f268d426d46f3629e250c2afd0518ed24 |
| SHA256 | 5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a |
| SHA512 | 7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | bdac4e567cdb36edc7ea84c6a2b6c8eb |
| SHA1 | 6c9eb36e314ad9b37331240f3ac0ec683d5aca19 |
| SHA256 | c290842b83fb929e0fad02e58c92b9299fb795d3aff9920426cd2c4993844e14 |
| SHA512 | 9c636d556a5cfec91bb58003296f76b9c2fd7f911e63c28312b1247fd19e0543ddd4fc2d8ee421255718e4c279a15d428636d1d9170d2227a11b1892921d33af |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 42786f5049f76f55ad3f5557ea0ef6f5 |
| SHA1 | cfe8c264a48b7d954159014c2c7c463c78cc18a1 |
| SHA256 | 99b562f0f23510841cb84e7e0e03a4ae2638227c268679d76f8d1fcb84c32edb |
| SHA512 | b66412cb7f858e2c606ee87b17691567d2200495105f2f1dee12f9a5fbf3810cd760c688862a828f8c48219c84a336c2e7374f16f67f011bed8ccf5097e27149 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 5afd2004a33602d59814bcf8674c02ac |
| SHA1 | 60beb851c365c5370ee3418ff5fa2c5bb049a987 |
| SHA256 | a14ce5ee38efa6255a033b353130e27c3e51a350354afcb24af49d54d2d726cf |
| SHA512 | dde6d0bf05f5f582f1c41c8837f34058c835e9bf6262f1f11862e4dfeaa447d716732d5354a92e34486060826d959468399eb7b562915945b8818b0d88966e01 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 22a02eed3faaa6c46abb366725276b6b |
| SHA1 | cd9ef80c21b3d008f833c0dd8d90305d223bc9bc |
| SHA256 | 57c2a78856b2b61d887d57f18d3ff5b88486f806cda586bd4b20599b86cea8bb |
| SHA512 | c18ba01524c620fc299121d95cc4cd8938fcd29a4bba6f9db7899b3844900df85b7e766da6ba9466ad41f360096e2f082bc0f194bbce3fd174419df5f684204a |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 6a033b90249f748e05075d999559e68b |
| SHA1 | c9b53c32a6cd9baa77332d42c151dccd421e4dd8 |
| SHA256 | 3df7440f8bb6ef42b9d3775f19bf076e0a776fc74bf18bacbb5cfc4cd4040b2e |
| SHA512 | 0210a6793ebcef6525cf64821f14e96d85ab91d49fb246f2b9a3771e0bea075c6b4eccb7d0962a7b0b97f37460736435c99326e97cef8bd8dd8c3275f7f8ae0c |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 722aae23b50ff9cd7ab51d9ff4832e34 |
| SHA1 | 1be99e0ec30c8b8975d5749555df5d63b7b6a6f6 |
| SHA256 | 9828e9e7968854203eaf9f8dbf7d1b0a1c32c4047baaded0918c59367466d562 |
| SHA512 | 702d5bb436a9a9aeb705e838ab826b30710e05bfe5748c1ec0cf614747fcfe4d768c95c2d31eab2aaaa9bb2bfafbeecc983dab7e656c06b47e9700dd34068b45 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 05ce85cd96671f2b8f5ae79a1cf1fe3c |
| SHA1 | bda4818e0df8ed5221fe1062f47e84775ef18301 |
| SHA256 | 6f175e79fecd0b19ff84036872669c5311b8e993f798d47a18c7b375bd39abed |
| SHA512 | 76f6bf4b2f1cb4a82d0914d3e8252af947f226746d08859593829c885816461593cfa2889ccd2b101d9c78d61257630859b3d62566c8772b2d0465ce6996510d |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 6bac428852061a367a3da88685be7d29 |
| SHA1 | 92fca8e820b01c34911ac3b593ecf493d336e4d3 |
| SHA256 | 3e88183b46d0401cd7f7dc378faf1172f839f3e6a276eb2034c716249a488294 |
| SHA512 | 834acea064e3692ad81de6a2e474d78b2c65479c94fe249c836c57428d624e899d05678839ceeb8ebc94c321b0304564bcbdbde899c47f0f1f72b3efaee7422d |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 0c2a34b0787abb58c38c887a48cd9c1a |
| SHA1 | fa3936620c4c0f25cb463f50cf5eada8c2b97c38 |
| SHA256 | 4791e54991ed125d5a1ccb48e5b524298386ddcb4f82e68ef11ec97b03b7aaa9 |
| SHA512 | 87cdbe409495376bb9a146e5bda0ec1a904aa65611054df248a64af94fcebf14b751379b36939affa17ca0c8d8a1187532d4c48336cfad4f7f32e2e364e96eee |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 2675f84a11fd42f8dcb69dd9176187db |
| SHA1 | 488daa1260f9972925363c04420957c6257374ac |
| SHA256 | 3c05388425469ff1c35dec847c089f89ad5c51c55d606ebf9265aa0920168f26 |
| SHA512 | e22531392b29de6ed2b76691b21e37eb3f639b77c5604cff3f792f87e25ab901d06802f1fd109be27b6d2eeae42e2ddf16c4c8456d88a50e68257fc2a86cefa2 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | a9a5c97c591b6b837822d2cebb5be09d |
| SHA1 | 5e1d2317759f1b96cbd3595bf8eeb066ebeb4f38 |
| SHA256 | 21c5bddbf9d81e0250f889618cacedce443b7d3f815fdcc65858e3d4c264e614 |
| SHA512 | 5f30f07287218a994e8c2f70179248bc984f406d199da5ca302f44852fb38b1f06dcfa57947ca5a124b179d889eb8053b92ace2cd35999324d78986e692baeaa |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 4a4d260e9c0c745226082b51c6a58b50 |
| SHA1 | 77b399f57ef1d07d466b3e223b8424e072cf05d3 |
| SHA256 | b48407f6f9cbcf93217954ee923d277893326e2099b358caab910a17622a9659 |
| SHA512 | b0a48ee3d7b69737b792a099ed39744a2ad084dc1350f4601dcbf1e41e46ce879b523a354077f59d19a8b8ff87954fd20a21f7cd7304166eb4a8ccf604e6f048 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak
| MD5 | aaaee8fd568e2b93149cee22152e50e4 |
| SHA1 | e9aafed5f48538d6b99fb624933bc5f8c12a54a8 |
| SHA256 | 20b8c8bb08507e947b93414b98a483cdea370cd05a6e214d76e15e6242930e81 |
| SHA512 | bd709b302320fffa041b25da6f58fbe0e31f7aa4bdba929c2ac9873820efa06b67c21324acba4446b23f39e3e836acaaa453b2d8eaff19d92b22f90ca073dee3 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 931f992db084d665de9d0af8b04743b3 |
| SHA1 | ac142ab4939b0c0b5b79115294d401ccfe82bade |
| SHA256 | b80ad3f903e97574fa91d3fcecc8df83c7359bfd7116519dfe591fdb731c80f8 |
| SHA512 | 4e31cee58a50b2082ef6dc0b88a0ffc4a9d473429299f4e4448c53d8dc98bc7d458f175160fbdf5220a8bcae8ea13c6e13eb1a9d328206f207932582881608ce |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 1f13779e0e07c21451c1b35326cd0ed5 |
| SHA1 | 82683b4da88ac48a12cd291d41d2e4e76fac7483 |
| SHA256 | e7785097b7b3acb151769b742a4da73324d91800ca0e361513d427a52c97adb6 |
| SHA512 | 66c8d1e56d52e39c46adbf824d6864b98720b1b6103a119e39134ca57b87b5021a457966b37dad6f2a310cd51b77ffae92ffb9291783538c3faea49d1598657d |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 6dd1e4f66466ea85a38da2170392c479 |
| SHA1 | 6a6b5050cbad4a57eeabb87c838b625f747f1062 |
| SHA256 | 04a96c3ff573aec4bbee699302b16534dc9383cfa6ac1f693f2a843d942d90ba |
| SHA512 | cf32e33b0ddf9fbebdc22194561a9e5c5458918de2363f95b7433266661a4b1ea8ea14a3128f0cb12c135d0377a181001559445bd116416800f06e71da014f8a |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 2780d98006db3916a09b61dcddaba5b6 |
| SHA1 | af3179befdff8989d8d7c1cae4772cd5b79311ef |
| SHA256 | 5177947ffef05c5ef8a2ffc21e48a3b96867d9ac40e9c5a778ed58d67f7b13ea |
| SHA512 | 8c8bcef31746172813b012a9e02ad43e95711fbc330b3b376304914b4b2b8bd20977ee88cc53d72c1a9ff4482f9cb20d7dffd365433b433bc42580b68f81289f |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | da4a8fa290909f50b2bc3dda945a9e37 |
| SHA1 | 8f71c63b272a71c8ad8d9aba52fd8122d5a4f841 |
| SHA256 | f211e2c195d585f70370862a14469b4f40d3853d57f7764e9c8517949ebf06ae |
| SHA512 | a6bb53642588fea611a14ff9ec753dde69007b01d17f625e440f5aa038a5404f865e448f7beab433a26eee688d29f02c2fdb6143513586b47c35e7f63e084106 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 8b861c610997a4e54dd752a42569e433 |
| SHA1 | 6b74974880ae7ccfa16f7370d32acac29cc688c3 |
| SHA256 | 302a69e46dffa6397eb1e6ef3c2db842af58729a20f3794d99157068f0d486fa |
| SHA512 | 5f7b3e4b6c810a7ca430035d0039ce1ddcaa3bf7373cea9f8b2589b14a6a819ec49798a0c2f4acaa458d29da1524ac3dc9453df20807a2ab2a1a7e35bcb91c75 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 38106f40333dae9b19c06eb90d7dc41b |
| SHA1 | cc94c6212616d34511570b6346fc469ee8590d3d |
| SHA256 | 60df04898edcf7ed4e81a17531d07d73d0beee01aa350bd4c1d0179ece6b5c71 |
| SHA512 | df41f0e2e0d566359117f2ca0214b2dde11af78f6a9cbd8b429f2d736ef34ff8a28e0a2952b97a397dcce73ff275642508f30a4594de908d17207c0f9e5b7c9a |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | dfd900def4742b3565bc9aa63ec11af5 |
| SHA1 | c1cefc356045ccf20ebc98f6c48b2a85f0d32465 |
| SHA256 | eae4a33cfa155a9f5f520816b42dc4f4012d5c7c916dc756b3de025a3062a461 |
| SHA512 | bb2b4daa121dab894ad036648eff6f81e9be97840b4be7ba54b7df0383cf863b157d6088814a0d63c7523751f8c68d9b5c1f247512d7587348750c1b71ef3b3e |
memory/2864-6553-0x0000000000400000-0x00000000005DE000-memory.dmp
memory/212-6554-0x000001F0901B0000-0x000001F090573000-memory.dmp
memory/2864-8019-0x0000000000400000-0x00000000005DE000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 44909cd55e90b817a41e37ef00a4d43a |
| SHA1 | 7bfc33af8254a861b5b57f59554fac6633d3bd17 |
| SHA256 | 2ab14b1b9e8619ef75a715706b542c5cacb7194d76fa30b052ade0e49ec21ae9 |
| SHA512 | 56d367ccfd938243ada94000f868c09107def03907faae023d604ed6c688e10d9257afdfafa5f4147201309af907a8fdb988917691da08aa252e824d8a1f2d56 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | a9df9144c470f0b11d101bfd5a4c5b44 |
| SHA1 | b4b42bc83246eb355709d3a53457273f40cc24c3 |
| SHA256 | 5e3f836975f277e01f1f73728becd2d4c22883ef5ffa3ec718a7c2e7b17f4ef9 |
| SHA512 | 26cdf8da2108dc81d3567d1fd8f9a606609bc88425e57a94463580eaf107fcbd940d44a5773f3aa9b701c984597ed954a225ac7fc2c5d1c9ef7fe629a4d7d136 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | c988f3145c795cc9e9bcd2eecee8c265 |
| SHA1 | 55585f24866c3374ca6ee3ad1ca647edaec5e9ed |
| SHA256 | 2856e99fea05df42936f0e6cba646d37bf822b742d28da84dddc98127a6ae3f3 |
| SHA512 | 6b61de24651a2c8a2c64e61774b965328a2e118dcfb4e856b07fbf4955663d6391cbb8e9d200a6b4e7455e33485111ce4f57619abf669fb7abd2e6ee7e5bfe9b |
memory/212-8126-0x000001F0901B0000-0x000001F090573000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 52c4aa7e428e86445b8e529ef93e8549 |
| SHA1 | 72508ba29ff3becbbe9668e95efa8748ce69aa3f |
| SHA256 | 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63 |
| SHA512 | f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 51dc127d0929df4e1c0258874ce6a852 |
| SHA1 | 08752ae56524cd4f1197f77fea30a986187569fd |
| SHA256 | 76475124d660d7fa8e922f49bd0cee34ee5e0e2fad2cbf90d4d3f64928183379 |
| SHA512 | 9f8f56007fe23853d4df6599a0b0afb0bfff85c338dac2a973ae23446f21a814311462ade387e30240278386bf4a3a71ce7e970ee2aca55c5b209df310ebdb39 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | 7708a5e3933e1b612254a862264480ba |
| SHA1 | 6105629ce9db4b41a9794ee8c24c7b2d3610f4ea |
| SHA256 | 10230809ebd35191829bd21d88b7ffdc480a6e12f0a607eeb37d24a0d7246f58 |
| SHA512 | 9db50f4d798b728b50f0ddce587e76a33ea25176fd244fe0a913a173efbab157ba8a61e892f3018a727709871864b09a1d903e7efd7eb44e08dc961cc859ff96 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 4f5925832df3e00261ac0f9839c5b3f9 |
| SHA1 | d4bbd597870bf96bc85cb80f56554a779756ed29 |
| SHA256 | 21d09ba3594f2f02f5686cc4f27feed5f46253793fc208557e56100ba52d98e5 |
| SHA512 | 54cc60860459ce4093a1951c5f586dc0bc304e4902c896a1d340cbac1089a9184fc2821bb1fbdbf5b73a7c8c1a396fd2178c3edf89a1e55171598ad82e3eb572 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | bb5f157b15e68f90cc0fae92003b2313 |
| SHA1 | 5a0858bb5e3ef95af0035ffe90b3e96347bc75da |
| SHA256 | 75465290029de744491f34e892aff26fde43b40bdbd43b2c9f86b84e606bed63 |
| SHA512 | 72bcc3b6c81609f4abb294c5020e39ee141a6c0a0be8c05314c5e4b1f5c914c7800b9e692f7a9ef039a653df682712db79cc1416927f4a2a1fed6ce92b2f3613 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 9e42d0e805d03a1fdfbea7069868b292 |
| SHA1 | 334b0d88c4853b68ccbe9f5888891ece72048fdd |
| SHA256 | a40c05fd220c4c30df7d5c3263091dc281c51eb4cc0fe88dd479eb0fe7860b41 |
| SHA512 | 21d9a2eb40d0ece8710112f40cd0c930653b110327dd772249d99c170ac081d10eb6f700621de717da6ea3c16e9c28cc896b3b6ca78c5333a6f3c1b0f6a439e9 |
memory/5668-8196-0x0000000000E90000-0x000000000107B000-memory.dmp
memory/212-8249-0x000001F0901B0000-0x000001F090573000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 879aa8d5c0f702601b9c3855b51a857c |
| SHA1 | 28d6e816f649fd24914c029439d713d9530dbc9d |
| SHA256 | 8943c5cceca83516213683cd2b191833f4024cf1915596af31ae022f25f5b224 |
| SHA512 | 65b330ce2bfd3fa29b291a2e8c265153340eebe499aff9aaf81f919ddfeeaa9868fd4f23aabddb6e4bd06b63822c84b880527e69f095f4419d86b5cc4c2e8a40 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 8b95cad5bd213af4d4a5acb0cfcb5a57 |
| SHA1 | 3f25bc6784eb2f821697552bba1f66ac335f2d1f |
| SHA256 | fbdb65c68d7d7e480d376d8688431536ad6e2499306d5c6e9bb29843b67b872f |
| SHA512 | 547b9d12319b83dcbedfcfbfcafb58a991acdfad09cb46d98a9c6cef08f5bc1c5509fa1b82a5cab8a846584ff675d548a7a58791b49021b527662f6b0b3b7c21 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | b75768682e2b0b6e04d06843d00c64b8 |
| SHA1 | ad4362f16917deeca5e5fc2525812d65d2b0a683 |
| SHA256 | 4bb02ad7571402312dd2d0d79f3e54c9765b675187ca1ef03b5740047353c4c4 |
| SHA512 | ab201e4cbeaa31471ec6ae1884facead1839755df36981da4d3fcfd33b3e407512b0f4fe32e612fe84de58903f6964fcaf330b6ae75f48ea31c607fa27d2db3f |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7e1582fa-4905-11ef-a797-524829b8d7a9.json
| MD5 | 66f5fe23a7a406a36fa171cee40b03fc |
| SHA1 | ee1921cc59eda760a1534095c95cc181938b3f8a |
| SHA256 | 612b110d02898f2379010579c222e1267c2cc3a6640e520bded74edcb186803a |
| SHA512 | a61b564383a140fab17b0c35e8200d05c4002f49d0a9e4b96c259d8395189e96920cfeb745bd5aff4b5f182cba49237bf0979a32c303458556f9d12ed2027b1c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883d96be-4905-11ef-b75a-524829b8d7a9.quar
| MD5 | dfcaa804f636a1177b1c052a961d2f97 |
| SHA1 | 726380dde1aff3a06daf78d90cdc59de40de6abc |
| SHA256 | 8518b54a5f0657cdb865f59755b3d5dcaf689f2ea4e38fb847b4fb3ce9d814fe |
| SHA512 | 5d8e472849f7adcd04f6cc27005e6cf35778f5fb27d6999405bad372813469094bddf05acc8aaddec8568b5e844b14780a70669dfea5c283efc8c7ebe6c453b0 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | c3a562655f959a8ca709d3f2e28bfdaa |
| SHA1 | 6358665fc4944b78fe566726f1e2a84936feb5cf |
| SHA256 | 42e9d95cf695adf623f0f6557a5c359d399a2a262305e4739a08d4ac40ec9a53 |
| SHA512 | 51cf932798147c831214de6a5684fab1430df34e1a5f2e109f847a8efb70b59b9b8b4e30ca64385d5771e764b29f4bd62475403c5b7fb29a1a1aebd87e10aa93 |
memory/212-8454-0x000001F0901B0000-0x000001F090573000-memory.dmp
memory/3740-8463-0x00000000010B0000-0x000000000129B000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak
| MD5 | ab0e082f74ea5a1ae2834c507742c776 |
| SHA1 | 002d1fd8d7528fd27c7b9641369d2e4671a899ca |
| SHA256 | a5143a02bc940e607f8559e103da3f920930cf070983949b6dc8d240158ab1b9 |
| SHA512 | dadc6c2b3b4458b58a71b74920f7aec49a4161bc6e5f583354fa2ea47574c42b63e90cba0668937fe2ec3ad1288317dda3a6da02035ee90134c610351527ee82 |
C:\Windows\System32\drivers\MbamChameleon.sys
| MD5 | 7764c438ad9a4f024d60c77b82f2721f |
| SHA1 | 64e478e83bde2965216a37f283beb2695997b69d |
| SHA256 | 3f51a3149e6a79cd71fcb1451660196b6ba59c3b687736f59b24e5dab425d73c |
| SHA512 | bbbac97b950d20621ae396a7f8ba8ec990ad056e2180bfa10d11b4eaccf3680e8830d652b7972bae52826535bfc68ae8c1e4ee93071c954ec7f8dbc7a6dcfd84 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 5d5e4d6a967ee9ba97158ecb9eb51917 |
| SHA1 | 18368cbef733d4dcdaed4e0c31d30aba5a06db65 |
| SHA256 | 28f5cd9e0dd8570abd28ef8e09782e34e52f6dbcb5ca6c0b5765f929a985943b |
| SHA512 | 832e854629feb747c945e9269bc104fdaed89447bdc82e08f0735ff0c44606f32907d26dc25cdb7f290a96d4a63a6c89b2652006eb85e3916e6544a3b9bb86e1 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 408ea34427d98b195716b3e2147b9977 |
| SHA1 | 8d29195a36cba652a958b457dbf133fc94b5486e |
| SHA256 | 5b743a7acb4e39b9ca14b3072a1cd18d812c614676cf8faa5b512325f2f32e4c |
| SHA512 | 765a9fc13e9e604388759c19db775e7b07ea750185942272a3332a1bc92d2ad229929381c84480823e915a4c6adce38b86835910a35048f76f084998fea9bc30 |
memory/212-8577-0x000001F0901B0000-0x000001F090573000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 7380f49da28275d8ccaa67f9563a1384 |
| SHA1 | e176d97f99b7c5a3c1bf969822d9af59a850c404 |
| SHA256 | f3afe6a049d6824937c006758696b00a62d9503f8dcfd669dfe276f950731221 |
| SHA512 | fa9076bba71d74ca09c739c7482898135d58171ed81aa8366c79de711d9402b7c8fc3f126e34ad8ebeed1b5c069b6c43488a0ff8044aafeb43aa5ab3c7419a1f |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 199754b9c24acf917d822226deb786ff |
| SHA1 | d11c2674b5a5c55cd87d697ce42e4ca77246387b |
| SHA256 | 4a7eb1b052988633fd42ce8ac89196bdaf4d79a8446082d44a395ef6c0a8f72e |
| SHA512 | da18146701b45cd66ae188afcd0c94381674c97e7ab555ba8240d219284e7e31dcf360057ba40fa05ec9a28dc640746478b425c9da15b984e3d6c94047643fd7 |
C:\ProgramData\Malwarebytes\MBAMService\AMECls
| MD5 | 9dc9a4291ee36515baed0d478395015c |
| SHA1 | 10fafa2fe7174d7ab2bc12c131438769523ac462 |
| SHA256 | 10b00d62be39099833360d12ac37c352f1e16be0f5e98c7004433b55b3d40ab3 |
| SHA512 | b63c995b4b03dd49d688d2ff8056f05e11a58606be8e2ccef6c67765a905ceef28d274d7da9e2fea3a2aa86c938d225e45a3cfe626806f5b87fe4afa1782ca15 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\884bee9e-4905-11ef-83db-524829b8d7a9.data
| MD5 | c90c374b8990073b36615281d7aba1e7 |
| SHA1 | bc23b1966083ce713a195d0e1d1a8b96de44ca99 |
| SHA256 | 9102c609db9d0a012305e422c27014138c154dff0f1c3b0dc9d6e2d8312aaa28 |
| SHA512 | 4f4d774c189065b9f96a0411a0dc90adbc0175f9cf94b327ad84f8e99c0f50cd2a300cfe04b0b85d4d05103f21035b7eeadaf4d1ea980f1517382a8bb11ddab3 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\88484578-4905-11ef-9dd7-524829b8d7a9.data
| MD5 | 91423b0e2b0f09cf3dc1b43ea9366bd1 |
| SHA1 | a0c86027a1c7a698abaa439e2fd40f91c5bf3d7a |
| SHA256 | 9410c905a76b0acc6d1b87730d734042282485308eaa8b41e9e5fcc1ae92f063 |
| SHA512 | 220e5333f5cb516fa669791a91690a9432adb27f5003d8e1daee3152f6edd2331fd38de53986a9e34c50c0418fc9834956da6a83bb4da6dd18243ced95709edc |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\884278b4-4905-11ef-8bad-524829b8d7a9.data
| MD5 | a469b854c80ba3abf0f497b96c30db3e |
| SHA1 | 080fb58e67a5e581e7b786671810ba7120283078 |
| SHA256 | 36c1dd7dfbe1c264d410876b5030acb6eba9534eca6e30c982e37e7af64007a1 |
| SHA512 | 1148c67722e73d1c67dd515846e61e85e85efb4af790a305b432f799208563a772a892230a6d2abea6255904b0d7a11fc269ce49dab94ed9193809bdf20cdc17 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883c5e70-4905-11ef-a34b-524829b8d7a9.data
| MD5 | c8680284ae65c49e8055249cee21f555 |
| SHA1 | 264fd812ccba9f7f3189c02f8fc9d77ad42912be |
| SHA256 | 4a804fded871aa8ec6e85581cf9619a7d6f47c640b5d3fa97b8a20b952e8d2e0 |
| SHA512 | 8537dc993a71a9aec6aeae9f1893df55f90e487542eaf861fe8dc723160dbd603d39f59025dcd5a1c1f9bfab64e3099549f1f9ac45f0a5ee3be00cbb3a058d2d |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\8834bd50-4905-11ef-9ee4-524829b8d7a9.data
| MD5 | c8dd4b16d2535dd3c1b0e4f428803d54 |
| SHA1 | b35b6263be4edb00f11f0c918037ebef77c0d3cd |
| SHA256 | 1af0f43d95efa5c2b2fcce1295a4f6ed28534049144ba853e91b5c569c6f4128 |
| SHA512 | b45ec2648e551fc6ed10bcf51e69181f7843e6817392ab925cfceb5fd1af8facce033301ab2348042d4986dcab7361713049558c208a149a19c6c4fd437c36d0 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 16cd70c4dfbcdcee862c303b558dfbaa |
| SHA1 | a5954c743bc0a33d2686f20918f1f9f368b3cc79 |
| SHA256 | 0a1fae52408e4efbad9c009bf7c89d66bb73358c918bd8c496fd5fb58e6c494c |
| SHA512 | 6ebb1800be12f01f393638e9a097ff43f94a2479e81373c9073964fb167971d05f5e475cd955ea37be77c71fad030a244bd7eb7145cc8148d1293a698a3bd6a4 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\884a1998-4905-11ef-9c92-524829b8d7a9.data
| MD5 | 90b35b8238fa08e364a9feea71b8684a |
| SHA1 | d20b1e3da7cb748e4eba4cefd3a76b60917d3901 |
| SHA256 | 0c38ba88dc27877126c4f45668d9a23a806e42270f2e6c1be892f89166bf34f1 |
| SHA512 | 28bfe52a28a5c25bbc1b49457b69a92c5f90f3f8eb7cf047b36284470b7b8c505727635921c257901cca8423323d9eadebc34fc40f34cd8ff2656ada12c27d6c |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\8845fafc-4905-11ef-90d9-524829b8d7a9.data
| MD5 | e3ac7462fedd1a8d0367ff63748ed41b |
| SHA1 | 3e3a71872f63234d2f67c2584a40a3cab44528e9 |
| SHA256 | 246e5f9ddf24f39d6cbcf4d2db6926a89a59096a77cd08be58d53af4b52aa30f |
| SHA512 | 6293f2eb90ad8935af774b61dad79a68f071dc7370b359c96080042873337d08667b452a3c33f3968a4077739fdc5f25af685de45012bbdc3635cdcd743dda77 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883ecf0c-4905-11ef-806c-524829b8d7a9.data
| MD5 | f69c5b9388b8fac595ac738072c7f319 |
| SHA1 | 69fd1aeebd618cf49fddabdf1c0fa62d99a457c9 |
| SHA256 | a8fac82f70bf9ba311b58c8e6d6aac8c6787d7a45cd9a40668ae0f58ceb97d8e |
| SHA512 | eb23fca9bc7e0c93bf7814613abc8a861b3155df88b40d59c994c9366564fd74aa2df2b4a41df5e6bc257de7ed9eb33ddd771b720f7c4b80518447c99d36d82a |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883ab0b6-4905-11ef-9f96-524829b8d7a9.data
| MD5 | 2bbdaba7b0f0a74800b4550761c76780 |
| SHA1 | 6b81739a63acf6ee3cf6878b7b0db166353d55f9 |
| SHA256 | 1007a752d1ca8aa20af7dbbee783505d9a214d5e58eb395102be86506a4e2855 |
| SHA512 | e7533815577ae622b2a361d0908067c93671e9004c2502ef7c94e90851cf9cc8f4a49ea07ba48df68a2f32363f72418e47b54e4921147f607a9635c47bf30bce |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\853e396e-4905-11ef-9d99-524829b8d7a9.data
| MD5 | 4e93f2e337d03a822160daf774105c27 |
| SHA1 | 1b4cac4b3427fa13f084c69eba36cb538407695b |
| SHA256 | d7bd772b07c7fa6315bdc87da573a3f014f3e9f2c8f780b1948c9bdaa5acde8c |
| SHA512 | ad7de156bcf12dcbb78d66932b1dbfc03afea8649395b541021180d665b1209755b1a7ecc3d22038e800b3e98dd2000f1ae66e96dd830e3a3fb36920c57b2204 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\version.dat
| MD5 | 006508dc55f978eabab1747caf088637 |
| SHA1 | cbe2d8173553c6cec670c591f5f393cd1b4de643 |
| SHA256 | bd3e3da3e8c1a7b596a94257b7caf7a3c24d9ce27fdae2de365f20a66e99ea68 |
| SHA512 | 8b608286480529f3666f2f4fb74eefe13b61dcbe0afbdccd3131f091a8cd16978c2d258ff64bf644acc34e0efe0205bf45fec45cd566b922777382c82f9cb156 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7e1582fa-4905-11ef-a797-524829b8d7a9.json
| MD5 | 672bdbf7b04a1342efac235676ff82ed |
| SHA1 | 0806942c2fb5f397d89be8f48835d91ec7a2b54d |
| SHA256 | a3c5dec2c5f9706c490535326a18ffa8df906efb4382b787029e23737faeadf2 |
| SHA512 | 6ab2ea0e33347bf8bdb782486f21d2e25e34804fb073faf55d89e28da96f95468ae941ef70b158b95031a3a4b0c345848b4984131a34fcf5fec75f46d33b14ed |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\8849568e-4905-11ef-85bb-524829b8d7a9.data
| MD5 | 1f5a29ca1ce49e669f0a14b4533db40b |
| SHA1 | cdf1d8ffd9fdbe7a88891f9956f2ebf720044df8 |
| SHA256 | 8d63a0c323204afdcb401e096659d9554158a10b82df6d73cad95e4973f1f496 |
| SHA512 | 8f0149e3bb43a8f42604f41b33ea597cb12837e94ae82ac0c5e72e29b3f5782af36fe8f9542b43287cb3d92ea54bedcae5d504cf4371edd65cc1fa25e6925495 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\88449b94-4905-11ef-bb6b-524829b8d7a9.data
| MD5 | 1490a4128dcc99b7565699b05c525741 |
| SHA1 | 1022241ebe309fb175e78119c850926263953827 |
| SHA256 | 84a1195ffcc725d03593d204bb8abc91e2e405c881090fdbed2f0997f8d03b03 |
| SHA512 | 7e5f241152cbe2081a63f0e72cd63ea1e3c69f34839b1c21cc307acbfe52521a519fd03bbf49e0e0b9050bffafb04fec603dfce786713ca2a954c50b515b87e0 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883d96be-4905-11ef-b75a-524829b8d7a9.data
| MD5 | cdd10dcb6c0330ab9221978023579050 |
| SHA1 | 78bda2185c498d3ac87bb8c8ad942beb600cc549 |
| SHA256 | 4a8124a739590abd4ca6a742da8cd2380a3a3802c33d38938c58c8eff5102422 |
| SHA512 | 68ff9937d0a65c4c2ceb0766699c7089cd9f78563b0db5f993b4558382892e2324ff750b00cb67e86146ccc4658770cc4160eb3abe322beb8e7d6568a516bb15 |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\883818d8-4905-11ef-91f7-524829b8d7a9.data
| MD5 | 3216402bae707772ae82cb46f3461e9b |
| SHA1 | b0b950cf074ff37ab44b74599ae30ecde46bfe4a |
| SHA256 | 5639b85c9fc574949d36559004fec380872d8488a35fd0b325f84884bad30bb6 |
| SHA512 | 4fe9e2c017e39d2e618ca9fdfd3668ee7f5b7a50088b0311543d9115f3740fbbc378c558517e5eda5b07aaddcbe48ab23f3bf1f8f5b1f1fe372f16d40804ae7c |
C:\ProgramData\Malwarebytes\MBAMService\AdsInfoCls
| MD5 | d5d0c54e3400f6ecf55ca66b4d67c8b4 |
| SHA1 | 85d9c87859696949a52b096af0737deb9cb0d001 |
| SHA256 | 22fa7bd133cc15691b7e6821ed34bd84f7d91b7163a1561c40a9fa4d387ee1fd |
| SHA512 | daeab7593cd59cbf2f40a64ab3f64b070a0dc27a0fff2780c062786e0546c5960f2f2aa019bd7ebfcd704f17ff8ae26a6cbb6857f76af68b2428b402b41a9059 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D27.tmp
| MD5 | 54dde63178e5f043852e1c1b5cde0c4b |
| SHA1 | a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd |
| SHA256 | f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d |
| SHA512 | 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45 |
memory/212-8912-0x000001F0901B0000-0x000001F090573000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 7225d18d04695d1e1cde5cfbddea33ce |
| SHA1 | b4b5fa84e33dffee571cf580d919b462d55fb4e4 |
| SHA256 | 662e3d275dedbe80b73d060fa26b2ea2ca6f3d555ee207854f3007d3f753f8e2 |
| SHA512 | 2572bf09ae180a004c3efabbfa38ed6789ed987401ad04975adcefebf2c1332af3baf512f748cfc159d42795e408e21efbc40c6617e4601bfa5f6e5e0a017777 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 9036027c21510e59c1c44cd6021f2cf9 |
| SHA1 | f22df4f0101c3dadc61673b8cd621290c016cfef |
| SHA256 | eeb1dd2ab5638b1d5a3297ee4a1e353e588beb970bea302ef6982ef610b4dcb5 |
| SHA512 | c575e7c0f08e660e5f83c49bbd1a3f7b8dd1bfdcd4b9158ea71738c81f4f281bf049bcd9667695190661d6560b338583ab9c59336be7f4ab85228615889fda87 |
memory/212-9123-0x000001F0901B0000-0x000001F090573000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\expapply64.dll
| MD5 | 76a6c5124f8e0472dd9d78e5b554715b |
| SHA1 | 88ab77c04430441874354508fd79636bb94d8719 |
| SHA256 | d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d |
| SHA512 | 35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 9021c640eb5fa544349c29b890232021 |
| SHA1 | 44a7c92e79b499317abe321bc225b679f4f0172b |
| SHA256 | ae9632122298f218b002f74cb5ed2d6abd8f78732d076c64a068ca5bc13d80c3 |
| SHA512 | 7905d4fdca5799041f3bc4f2b78c87ce8e17d635cec6c6437fa6812daa3f8bdb207127e43dc018a029b418bcee5c93ddddcd7da7d3e39645ec6c734c5a7029f6 |
C:\Windows\Temp\TmpCD31.tmp
| MD5 | 3d5c8b9c519ab3000e7391b1993e672e |
| SHA1 | 8ba2ec157de29058b9b0fa41633ef08451cbb46d |
| SHA256 | acda88f3697a7d6c511ecc3b8c1a1fb2229ad0a3610f3975d6000c0bca753992 |
| SHA512 | 0e6b20831483d1df63efa39667b4cfb99013840c436da55f22331f55ca75593cdf6fa038184f93b382557eb684ab9a66f5c758a70c761d57e6a8e9b297d49e80 |
C:\Windows\Temp\TmpD735.tmp
| MD5 | e2c2cea2d8d080669041645c19fa6dc0 |
| SHA1 | 830e578f6d1e42afbe6dc7fa612dae0a5ffecee5 |
| SHA256 | b6c225ca10d24f42363b6aedc0ddb0e6fa38aa33b137079617072875b0f856b4 |
| SHA512 | 393ef977e415d9e0465835269421bfeb8dc634d6af3ba04fd921086f324d789451858586a90f63f6fd89d2d686a032a2b77ace04c4bac1f18370125791e6570c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 20b8e3dfcbfa0b064ee854f3c62120a9 |
| SHA1 | 842db20cf9c445ef274e50fe9c225c8e95a8fa26 |
| SHA256 | a4af7cb969ae88d93104de44dace1a0d9d1da0a3ff63724fe8eac8211ef1aafa |
| SHA512 | bf74dacb0514b624e563ce28c5f682e682155d93e978b78c3199947b30d77bbcf6b0d2f3924570a3cbe32916961ad40d9b9b8ec811c64f91b05db0fc2e924d16 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | a081f903d9df05d622816f770842e8e1 |
| SHA1 | 60f34127c2a50318663a1cfa567ee0e40fa375ee |
| SHA256 | e35fc62fa27b6adec3b75ad322a6870b746a4cf684e605a79589726ac95a2571 |
| SHA512 | ab7d2ec82f1344edfdcfef90d4ad71889e62a9c11b684bc9242ac993d6d3a62e03958db8c31737331f8d835ae6579ddc5f2997bf9e9fe27d6ee3291c4fba28da |
memory/212-9185-0x000001F0901B0000-0x000001F090573000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 22cf0734fcf3ac1df5e828f749cbab3d |
| SHA1 | 6a63b01773816fb47535c4c6d5db94189a23b71f |
| SHA256 | 925f9dcd05e830dc0bfae26576bb85dc095594c55f9a3c6883f18f3bb2f84664 |
| SHA512 | bca40db4f71f9ec702a6e9722295ab0362c3bca0c1132b1ecbed7ee921b9baa2497b89640c2e43507e128474fd470832574bf5ea1748da8625b5e978eb0a8793 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
| MD5 | 28412bdaa002759cd81dc869c67754dd |
| SHA1 | 7647d44391860239fcd6b924f31354187b7b8d3f |
| SHA256 | 1ca686b949d9f7d899bfc94dd7500b08c81e22dd738873824e0a1625fd1b74f6 |
| SHA512 | d201a353a674a9739b92181fbce42d389a68be877fb67946404e280ba1624fbf179f4e96535c73175234a8dfd8d155f68af9c9aa82ff75c414957367f0efc8c0 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\9637511a-4905-11ef-a7aa-524829b8d7a9.json
| MD5 | adfaa675f5b8fb69e5156d9c30bd0a37 |
| SHA1 | d94aa71d8ac13ff0074d8ec5a7fec53516a48986 |
| SHA256 | 6f86590f874f10ad2f6eb3079f01fb1c12003d06876aec6800b1eaf9b8b73b07 |
| SHA512 | bbfb8c21535350010003ba1b28e83563165c3817069e47e26c2f998414b6ce281624e6fe07180c6a5f6f651378a53caae097a79d836862fac3e1ce6dc6d91950 |
memory/212-9231-0x000001F0901B0000-0x000001F090573000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 0ad5e73170cdf85771cad820c7fa9f0f |
| SHA1 | 54f3017a91e5d4064539aa459fa706dc4ed2ffb1 |
| SHA256 | 2c6e6c0d2183bced5de886990fddea31e76c2d83901c1a7d05e550b56a450e8a |
| SHA512 | e44541bf310e0f3ca7020696b2a1e80c42c0fea103dccd00160bbfa6b5faeca60540a9991ec5ee804fc7bf85f327653edecdeb61b7612939c1559775c3b2cd6e |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | a607cbcdfe978cc768bccf95e11a36c5 |
| SHA1 | 83cb67501a535565213085156f09e6690a72ba97 |
| SHA256 | 1f57a518030abfb5cb9800e04a28c8390d197f013c7ffaf9e72853ec53b77a78 |
| SHA512 | 8d0741359f09915d8fdc3bb712f5e6c89b2d13a17057a8e02eb2b4984da6f3e1166ea8ffca8dc0e48d7686c73d37df13677175600a97a57e042ca236b13e69c7 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | a0d4b315e1c0c871c399648eb2e51712 |
| SHA1 | d8a76d70bd1fc1009a746a922af2bb66a374ce58 |
| SHA256 | b28e3c38e6caa6a9c7d18b6972ba4c71415a31eeb61767d2b60bbb0c64a279f9 |
| SHA512 | afa1065dc24304ca34f4f7955e1dc0acb0eede9df88ed1bac913a179cd7e8ee090cb72d6befa357ef64af400a2566bed297a451000d807b1bee4026fabd7d1c4 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 55c054c49ccae8bb081c463b277accf2 |
| SHA1 | 316c58e361e8192e5a78637d20d282ee89408be6 |
| SHA256 | a60f6e0e506e6de6b0a899f3533b5406ac6fbd9ee53583faced5e0ca3aaf2a7e |
| SHA512 | 9a31bb7c89e40b4569cc9d6675bec262785aeccd9c52ed74108988457b351cc979bca52e89d6a71dc9da3023ab6a5e7ec1e73ef0861ed4d77dd44d5ff9478e10 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\9637511a-4905-11ef-a7aa-524829b8d7a9.json
| MD5 | 0028fe45f652d802f9f4c69d64a025eb |
| SHA1 | d904dee03722950f7271cff04d8ddcccfe3ae191 |
| SHA256 | abecbafc8de3a36d8636296d158d2f473c0f5f44bc40d45a621a175b745f19f7 |
| SHA512 | d92edbc0444966bb672e082bb01da00b1f927c1a080c0bf04fbe563a7ce2e6c477dde463bba663fa6303c72b5cfa793cc5533065fcd7fc521f4deeb0be80f1db |
memory/5148-9382-0x00000000012C0000-0x00000000014AB000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json.bak
| MD5 | 8cd93c0dc096bf4fa52e98dae157f072 |
| SHA1 | dfbc195289f00609046e8f09cb9ee74ee553f0b3 |
| SHA256 | 95ac4c9a93a0d97ce0fb6197dba2e73a44e9d84d06c8db5092289a0774fbf0fa |
| SHA512 | b5db15f26bdeda5527c915c8763c0699f91c25d61791b169fc7c22a80abb68d2918a85a7e557990d1bd5f08241c3d23e0aa3673d225a8e8978178153f55749d6 |
C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
| MD5 | 3397ff96808560c55bf62106b2e3c5cc |
| SHA1 | dac26f79562431e98963bc274094c0b61f9685d3 |
| SHA256 | ceea558ada2f5a0735248653329d4d57573404f67166af1084e205bb8fb501a2 |
| SHA512 | 440e107bf847cd13bdeab11b8e54433e3750b45507147552aabf2c24ab56c2338b413f074fd75100d641fc0c51e004f612ba10d0ba44e1514a43a38cb1437e0e |
C:\ProgramData\Malwarebytes\MBAMService\Quarantine\853e396e-4905-11ef-9d99-524829b8d7a9.quar
| MD5 | 6c1b984a7f83f8463396f312f734767c |
| SHA1 | ba636e8f6e94bcc0cbe12838715093431de8b57b |
| SHA256 | 073baf0eb1bfaf8921fbd45cab34eed0b972c5e3fb79844a2e613d1a22907991 |
| SHA512 | 168fadd408804b1b2f50842219556356eb485d410b34ad3d564f8bc9602fdc1b5b3359f371356ac25fe5ff145e21f0d1b0e67260082e67e8fc207939d2b459b6 |