Analysis Overview
Threat Level: Known bad
The file https://github.com/enginestein/Virus-Collection was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Possible privilege escalation attempt
Drops file in Drivers directory
Downloads MZ/PE file
Modifies RDP port number used by Windows
Sets service image path in registry
Modifies file permissions
Executes dropped EXE
Checks BIOS information in registry
Impair Defenses: Safe Mode Boot
Reads user/profile data of web browsers
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Checks installed software on the system
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops file in Program Files directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates system info in registry
Uses Volume Shadow Copy service COM API
Checks processor information in registry
Suspicious use of SendNotifyMessage
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Checks SCSI registry key(s)
Modifies registry class
Uses Volume Shadow Copy WMI provider
Script User-Agent
Modifies data under HKEY_USERS
Suspicious behavior: LoadsDriver
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-09 16:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-09 16:21
Reported
2024-08-09 16:32
Platform
win10-20240404-en
Max time kernel
407s
Max time network
605s
Command Line
Signatures
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5104 created 3400 | N/A | C:\Users\Admin\Downloads\MBSetup.exe | C:\Windows\Explorer.EXE |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Modifies RDP port number used by Windows
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_08f6d3fc478987f0\wceisvista.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_23f53da2fc1e1be5\netrtwlanu.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_387464037c2d56cf\net7800-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_c9c15e7d233d6d5d\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_b3e8bb77ffa9d174\mwlu97w8x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_356b66ad47b23393\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_5a2c95e8a5a2ec07\netk57a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\SysWOW64\spooIsv.exe | C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_1db44d946b044d99\nett4x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netb57va.inf_amd64_11911b9263320299\netb57va.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_3487ae295af08a1f\netwtw04.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_0e1cf7c50ca4ffaa\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ded518ad79c316ac\net819xp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_f42f0f60460b8950\netrasa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_64dc8ea3097dbbbf\rtwlanu_oldic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_3bab30cbbbda44a6\netax88179_178a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_291f12bd323b3ff3\netl1e64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_24354f2ba7675c87\ipoib6x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_d271ba5a9c993ac3\netathr10x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_68ba6e09a25225a9\rndiscmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_0d70dfdd3a576529\netrtwlane.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_eddbee87e538acd3\tdibth.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_afddbbd6046998bc\netvf63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_d78064966daab9f4\mrvlpcie8897.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_6cc2d8096601fa2c\e2xw10x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_1496862836cc181d\kdnic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_1494a807d41d4e3d\netmlx4eth63.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9e835c5c-c896-1d44-848b-5511b04246a9}\mbtun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\ciyi.bat | C:\Windows\SysWOW64\spooIsv.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5d49cc27a6d05e5c\net1ic64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrndis.inf_amd64_b32102a0c2920c07\netrndis.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_a0c33f7e7e10db98\netsstpa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9e835c5c-c896-1d44-848b-5511b04246a9}\SETC125.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_abcfd585de0a3e55\netwbw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_ff4a06185491a88a\netloop.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{9e835c5c-c896-1d44-848b-5511b04246a9} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\algs.exe | C:\Windows\SysWOW64\lssas.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\c_net.inf_amd64_95255160f12fc865\c_net.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_c2e5b727d1a623c7\netvwwanmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_932e3738220f305c\netr28ux.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\lssas.exe | C:\Windows\SysWOW64\spooIsv.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1e3e.inf_amd64_27bfb60729304c27\nete1e3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_ec0c19c95c819b82\net8185.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rt640x64.inf_amd64_98de0ddb0966f29b\rt640x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\SysWOW64\zeja.bat | C:\Windows\SysWOW64\lssas.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_84bf249d7c59a58c\netwew01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3640 set thread context of 4444 | N/A | C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe | C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe |
| PID 2188 set thread context of 3588 | N/A | C:\Windows\SysWOW64\spooIsv.exe | C:\Windows\SysWOW64\spooIsv.exe |
| PID 508 set thread context of 512 | N/A | C:\Windows\SysWOW64\lssas.exe | C:\Windows\SysWOW64\lssas.exe |
| PID 96 set thread context of 372 | N/A | C:\Windows\SysWOW64\algs.exe | C:\Windows\SysWOW64\algs.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PenImc_cor3.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_mbtun.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbae.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Resources.Reader.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\System.Text.Encodings.Web.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Private.Uri.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Security.Cryptography.ProtectedData.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.UnmanagedMemoryStream.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\assistant.deps.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-timezone-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Formats.Asn1.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\WindowsFormsIntegration.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Tray.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.DependencyInjection.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\DirectWriteForwarder.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Caching.Abstractions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encodings.Web.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Sockets.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ReachFramework.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Services.deps.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\e_sqlcipher.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Metadata.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Encoding.CodePages.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\pkgvers.dat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-file-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.UI.Theme.Dark.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Caching.Memory.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbam.firefox.manifest.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\System.Xaml.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\ELAMBKUP\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\algs.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\spooIsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\lssas.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\algs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\spooIsv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\lssas.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\algs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | \??\c:\windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | \??\c:\windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | \??\c:\windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | \??\c:\windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\ConfigFlags | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000 | \??\c:\windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{61964EBA-D9C0-4834-B01C-A6133F432BB1} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4F3822FA-CCD5-4934-AB6D-3382B2F91DB9}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D8891F9E-90C4-4B3D-B87B-92DEA9221EBB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B1BDE8B0-F598-4334-9991-ECC7442EEAA6} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EDF63EDA-B622-44E2-8053-8877E33BB49A}\ = "IMWACControllerV19" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0EB1521-C843-47D5-88D2-5449A2F5F40B}\TypeLib\ = "{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8A574BA8-3535-41F9-AB73-FA93F8A7DC3B}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F12E228B-821D-4093-B2E0-7F3E169A925A}\ = "_ICleanControllerEvents" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A993F934-6341-4D52-AB17-F93184A624E4}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E1BA0B73-14BD-4C9D-98CA-99355BD4EB24}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}\1.0\HELPDIR | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B8E2CB10-C8DE-4225-ABBB-6CE77FF04FFA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08927360-710B-483B-BEEC-17E51FF84AF9}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5BA2811A-EE5B-44DF-81CD-C75BB11A82D4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\VersionIndependentProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\VersionIndependentProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.TelemetryController.1 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F418F2F6-5173-4E4F-80EF-AF21E516C461}\ = "ITelemetryControllerV10" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AFC6D7FD-62B9-4016-9674-53BAC603E9FC}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C510D99-F27D-457F-9469-CFC179DBE0C7}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{346CF9BC-3AD5-43BA-B348-EFB88F75360F}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0E64B3CF-7D56-4F76-8B9F-A6CD0D3393AE}\ = "IScanControllerV18" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A30501F-26D0-4C5F-818A-9F7DFC5F8ABC}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\ = "IExploitRecord" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{72F290D5-789C-4D8A-9EBE-63ECEA150373}\ = "ITelemetryControllerV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DC97FF29-5CE2-4897-8175-94672057E02D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1917B432-C1CE-4A96-A08E-A270E00E5B23}\TypeLib\ = "{2446F405-83F0-460F-B837-F04540BB330C}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{68E3012A-E3EC-4D66-9132-4E412F487165}\ = "IScanControllerV9" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CFFF19F6-ECFE-446D-ACAD-8DC525DA2563} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{557ADCF9-0496-46F6-A580-FF8EC1441050}\ = "IRTPControllerV9" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3C871BA6-4662-4E17-ABF4-3B2276FC0FF4}\TypeLib\ = "{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD221458-5E85-4235-B1EF-4658F6751519}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8FF168C7-A609-4237-A076-E461334BF4EA}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5250E5C8-A09C-4F87-A0DA-A46A62A0EACF}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD010FD4-ED27-4B3A-836C-D09269FF3811}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CC4D9C86-78F2-435F-8355-5328509E04F1}\ = "ITelemetryControllerV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{90F4450A-B7B2-417C-8ABB-BBD1BDFBFC27}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6EC225D5-FD37-4F9B-B80F-09FAE36103AE}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6A3E14F0-01F5-492E-AA97-3D880941D814}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2E3F70EF-D9BE-485F-A6F5-816DD0EDC757}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F6A99D88-2CA0-4781-86B9-2014CDC372E8}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6EC225D5-FD37-4F9B-B80F-09FAE36103AE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AB5C774-8EB7-4C1B-9BBB-5AC3E2C291DD}\TypeLib\ = "{49F6AC60-2104-42C6-8F71-B3916D5AA732}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1917B432-C1CE-4A96-A08E-A270E00E5B23}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}\1.0\HELPDIR\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E777BB2-8526-437A-BBE2-42647DE2EC86} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\ = "IScanControllerEventsV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FB81F893-5D01-4DFD-98E1-3A6CB9C3E63E}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{237E618C-D739-4C8A-9F72-5CD4EF91CBE5}\ = "IMWACControllerEventsV3" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08927360-710B-483B-BEEC-17E51FF84AF9}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{503084FD-0743-46C7-833F-D0057E8AC505}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.PoliciesController.1 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 0f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b00000001000000260000005300650063007400690067006f00200028004100640064005400720075007300740029000000620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff2140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a1d000000010000001000000006f9583c00a763c23fb9e065a3366d557e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d90103000000010000001400000002faf3e291435468607857694df5e45b6885186820000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob = 19000000010000001000000045ed9bbc5e43d3b9ecd63c060db78e5c03000000010000001400000002faf3e291435468607857694df5e45b6885186868000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d000000010000001000000006f9583c00a763c23fb9e065a3366d55140000000100000014000000adbd987a34b426f7fac42654ef03bde024cb541a620000000100000020000000687fa451382278fff0c8b11f8d43d576671c6eb2bceab413fb83d965d06d2ff20b00000001000000260000005300650063007400690067006f0020002800410064006400540072007500730074002900000053000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f000000010000001400000009b9105c5bba24343ca7f341c624e183f6ee7c1b20000000010000003a040000308204363082031ea003020102020101300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3030303533303130343833385a170d3230303533303130343833385a306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100b7f71a33e6f200042d39e04e5bed1fbc6c0fcdb5fa23b6cede9b113397a4294c7d939fbd4abc93ed031ae38fcfe56d505ad69729945a80b0497adb2e95fdb8cabf37382d1e3e9141ad7056c7f04f3fe8329e74cac89054e9c65f0f789d9a403c0eac61aa5e148f9e87a16a50dcd79a4eaf05b3a671949c71b350600ac7139d38078602a8e9a869261890ab4cb04f23ab3a4f84d8dfce9fe1696fbbd742d76b44e4c7adee6d415f725a710837b37965a459a09437f7002f0dc29272dad03872db14a845c45d2a7db7b4d6c4eeaccd1344b7c92bdd430025fa61b9696a582311b7a7338f567559f5cd29d746b70a2b65b6d3426f15b2b87bfbefe95d53d5345a270203010001a381dc3081d9301d0603551d0e04160414adbd987a34b426f7fac42654ef03bde024cb541a300b0603551d0f040403020106300f0603551d130101ff040530030101ff3081990603551d2304819130818e8014adbd987a34b426f7fac42654ef03bde024cb541aa173a471306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74820101300d06092a864886f70d01010505000382010100b09be08525c2d623e20f9606929d41989cd9847981d91e5b14072336658fb0d877bbac416c47608351b0f9323de7fcf62613c78016a5bf5afc87cf787989219ae24c070a8635bcf2de51c4d296b7dc7e4eee70fd1c39eb0c0251142d8ebd16e0c1df4675e724adecf442b48593701067ba9d06354a18d32b7acc5142a17a63d1e6bba1c52bc236be130de6bd637e797ba7090d40ab6add8f8ac3f6f68c1a420551d445f59fa76221681520433c99e77cbd24d8a9911773883f561b313818b4710f9acdc80e9e8e2e1be18c9883cb1f31f1444cc604734976600fc7f8bd17806b2ee9cc4c0e5a9a790f200a2ed59e63261e559294d882175a7bd0bcc78f4e8604 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/enginestein/Virus-Collection
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeb3729758,0x7ffeb3729768,0x7ffeb3729778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2812 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Pepex-B\" -spe -an -ai#7zMap306:74:7zEvent903
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2868 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\WisdomEyes\" -spe -an -ai#7zMap22451:80:7zEvent15884
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3804 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:2
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1644 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\" -spe -an -ai#7zMap3439:126:7zEvent6888
C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe
"C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe"
C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe
"C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\kqmhdhim.bat" "
C:\Windows\SysWOW64\spooIsv.exe
C:\Windows\system32\spooIsv.exe
C:\Windows\SysWOW64\spooIsv.exe
"C:\Windows\SysWOW64\spooIsv.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Windows\SysWOW64\ciyi.bat" "
C:\Windows\SysWOW64\lssas.exe
C:\Windows\system32\lssas.exe
C:\Windows\SysWOW64\lssas.exe
"C:\Windows\SysWOW64\lssas.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Windows\SysWOW64\zeja.bat" "
C:\Windows\SysWOW64\algs.exe
C:\Windows\system32\algs.exe
C:\Windows\SysWOW64\algs.exe
"C:\Windows\SysWOW64\algs.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 584
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4660 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5376 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4552 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1648 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5444 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3228 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5748 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=876 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000174" "Service-0x0-3e7$\Default" "0000000000000178" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
ig.exe secure
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe
"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe" --ContextScan "C:\Users\Admin\AppData\Local\Temp\mb_CAD0.tmp"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"Malwarebytes" --ContextScan
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" --ContextScan
C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
ig.exe secure
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1740,i,16295500106855526452,4700995391503980205,131072 /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MrsMajor2.0\" -spe -an -ai#7zMap972:82:7zEvent4549
C:\Users\Admin\Downloads\MrsMajor2.0\MrsMajor2.0.exe
"C:\Users\Admin\Downloads\MrsMajor2.0\MrsMajor2.0.exe"
C:\Windows\System32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\E6CF.tmp\E6D0.vbs
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd "C:\Users\Admin\AppData\Local\Temp" & eula32.exe
C:\Users\Admin\AppData\Local\Temp\eula32.exe
eula32.exe
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1\5B91.bat "C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe""
C:\Windows\System32\takeown.exe
takeown /f taskmgr.exe
C:\Windows\System32\icacls.exe
icacls taskmgr.exe /granted "Admin":F
C:\Windows\System32\takeown.exe
takeown /f sethc.exe
C:\Windows\System32\icacls.exe
icacls sethc.exe /granted "Admin":F
C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe"
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 5
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3af9855 /state1:0x41c64e6d
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 138.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | malwarebytes.com | udp |
| US | 192.0.66.233:443 | malwarebytes.com | tcp |
| US | 192.0.66.233:443 | malwarebytes.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | api.weglot.com | udp |
| US | 104.18.7.32:443 | api.weglot.com | tcp |
| US | 8.8.8.8:53 | cdn.weglot.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| GB | 79.127.237.132:443 | plausible.io | udp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 107.21.31.233:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 104.18.7.32:443 | cdn.weglot.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| NL | 142.250.179.138:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 233.31.21.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.28.127:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 42.87.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.29.127:443 | privacyportal.onetrust.com | tcp |
| US | 104.18.7.32:443 | cdn.weglot.com | udp |
| US | 8.8.8.8:53 | 127.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | secure.2checkout.com | udp |
| US | 45.60.14.94:443 | secure.2checkout.com | tcp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | estore.malwarebytes.com | udp |
| US | 45.60.14.94:443 | estore.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | downloads.malwarebytes.com | udp |
| US | 8.8.8.8:53 | 94.14.60.45.in-addr.arpa | udp |
| GB | 216.137.44.52:443 | downloads.malwarebytes.com | tcp |
| GB | 216.137.44.52:443 | downloads.malwarebytes.com | tcp |
| GB | 216.137.44.52:443 | downloads.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | data-cdn.mbamupdates.com | udp |
| DE | 3.162.79.105:443 | data-cdn.mbamupdates.com | tcp |
| US | 8.8.8.8:53 | 52.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.79.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 44.239.233.9:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 9.233.239.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 3.226.67.108:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| DE | 18.64.79.90:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 108.67.226.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.79.64.18.in-addr.arpa | udp |
| US | 3.226.67.108:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 87.46.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 34.234.10.61:443 | holocron.mwbsys.com | tcp |
| US | 34.234.10.61:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.10.234.34.in-addr.arpa | udp |
| US | 34.234.10.61:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 52.206.12.231:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 231.12.206.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 23.21.92.250:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| DE | 18.64.79.16:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 250.92.21.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.79.64.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.com | udp |
| US | 104.18.38.233:80 | ocsp.trust-provider.com | tcp |
| US | 8.8.8.8:53 | crl.trust-provider.com | udp |
| US | 104.18.38.233:80 | crl.trust-provider.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.23.206:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | www.intel.com | udp |
| GB | 23.211.239.194:80 | www.intel.com | tcp |
| US | 8.8.8.8:53 | certificates.intel.com | udp |
| GB | 92.123.143.233:80 | certificates.intel.com | tcp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.239.211.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| DE | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| DE | 3.160.39.13:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | 13.39.160.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 172.64.149.23:80 | crt.sectigo.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 35.85.72.203:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 203.72.85.35.in-addr.arpa | udp |
| US | 35.85.72.203:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | lic-iris-content-prod.mwbsys.com | udp |
| DE | 18.64.119.41:443 | lic-iris-content-prod.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 41.119.64.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| US | 142.250.68.227:443 | beacons.gvt2.com | tcp |
| US | 142.250.68.227:443 | beacons.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 227.68.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 23.21.92.250:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | lic-iris-content-prod.mwbsys.com | udp |
| US | 35.85.72.203:443 | telemetry.malwarebytes.com | tcp |
| DE | 18.64.119.58:443 | lic-iris-content-prod.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 58.119.64.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blitz.mb-cosmos.com | udp |
| US | 3.226.16.120:443 | blitz.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | btoc-samples-prod.s3.amazonaws.com | udp |
| US | 3.5.10.112:443 | btoc-samples-prod.s3.amazonaws.com | tcp |
| US | 8.8.8.8:53 | 120.16.226.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.10.5.3.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 23.21.92.250:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 34.234.10.61:443 | holocron.mwbsys.com | tcp |
Files
\??\pipe\crashpad_2720_MNMSQBGREIBVOXGD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | afe887891849b88f162ec328b7c45063 |
| SHA1 | bf297d0c76a05d76a6e8f2b449c5fdda2685a811 |
| SHA256 | df5a3be65558bacc6cf7d54ce8b862b533533312fce91ee505b086eeb122d056 |
| SHA512 | 1a3f051f12af268814a62cb028a3c6fb6ff9441898b540a91b30542f17c79c83bcafc428715f203f19514d11b9d21e9b9aa7305771b5a34dc15f750963329cb7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 8051fa0aae25f919c2c34dc8e981acaf |
| SHA1 | 173c04966394f02b81e87fa6e92e96cf5339a996 |
| SHA256 | 8a88e8e7b7a0e7ca3a1a5d1cc1a8fbeb0729997982a1c5c2b5d1c31f495d262a |
| SHA512 | 11088ca898249dd0fc01897cf6b2ba1fa39b5b51cdabac08a9ef4313070f633f42ffb349e2f155491d9155bd662a0a17a6ef1cfbb21e505c8cd9cad86ade99a5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ac6236f12a94d046055fca8794d02db8 |
| SHA1 | a1ad8223c755619f787f7c46f460e0d5117f26c2 |
| SHA256 | 4ea71578a0fa777a13895097bfcc01e299ca118b6e6c5fd91f9b7e5925be3dc8 |
| SHA512 | 043e27afc8f79460b809c97c123b3b93bbd72ef1bdafeae674c3113e4e3630ca1f10e6c43075b74a731f6cea84b6cea453dfb2d77fb15eb138de17f53bb72a81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 22cae90dfb148ee0cf340d019321fc15 |
| SHA1 | 71589099d1c15ce34a01f9cce8e48cf27af7341f |
| SHA256 | 53aeca8c7dc95fdacee89c5fa60deb8975dae0ae02a236667f55ee22ad76fe0d |
| SHA512 | e5ae9e86114cc947e6d2b1febb35e2c064a40d57c8738d2ddf018197a1c0f50f4e37f352a7f2798f99c1fbe3929f2df96ce91656405c87231efff2412b46efa0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 20aec176cbdf09ba9521392a6d8c8b38 |
| SHA1 | c362774e2d11eccd6ff713c8e35bd2954466681f |
| SHA256 | e7c3f569dcc18131d53418438a7074e09c65b452f4e4261709ba2206238dfa05 |
| SHA512 | 98fe1113cf085eccc72c95ef40e08fe7e2570e8afd0185ad87531a2a66030a0dcb83c989416b7f9b044491c56e5c43f68a86193a7f6474ba789a3eb357e2524a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5bc82b3ee028428651fd3c5557c2bc66 |
| SHA1 | 058f04752933552c3254632ade2158a06093f3a4 |
| SHA256 | e59c6cc7ec5bb57027e3109ebb97e0f610b792bc142dc09eca1ab2fec197d721 |
| SHA512 | 792dcbdf1429f87f378fb259f3469571f9ee0cb4efc23617e26307f22bd0180f5b335b422e1f69eebc3338db94dc0ca32fa7da07496cfa53c6a30eebbe61de95 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ed5a4c3d093ac6f6ce1b482d0580a148 |
| SHA1 | d702b3bac7d3184f1e42e62d4fba419861ce053a |
| SHA256 | a0cffefcab5dbe87cafcd0c6ed03b0ba026d8688ff18c93eaf11253a9cedef85 |
| SHA512 | 723f3dff95e69ca24ca29b4c08babfb4fc1231c624edb65b77cc70a9ad5a98ca1d356d59f13f67858f58b0df0d5e1aad7acb09e0e4f2256a300e5e80cbf42b21 |
C:\Users\Admin\Downloads\Pepex-B.7z
| MD5 | 76c91ca2129fee6d7e754fff2a8e372e |
| SHA1 | ff18b163990a69a8f10b799a85ea0091b037936e |
| SHA256 | fbd46c0ba42cc0bb4ee6e5f359c0f5c2c4499e09fbb7855904c9fdbecc64e738 |
| SHA512 | fbcdafdf0fcb41db4256651dbac9b0e00f51cd0e566cb88c01955b7ac9ec87ca5f601f918dcb19f0ba0d611d38b1e747f473d802fd812a9f38f97c3b86cb2e24 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 794b7de8cb42e27117cc117e6fc3f578 |
| SHA1 | f9850e373c63b6be60869553c8a7f1b5843241f0 |
| SHA256 | f7b2bde1441bd83d97a570f1c22634e5debcbe02753e5d97e13593bfe76543d8 |
| SHA512 | 9c774712372e68ed08c5f3b2fc2d5abea141973d222edeba762173def7cb6a2ee92568a1476e1b8c817b0775b9b26f0aad1fb3007a0478997560126619b43ab9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d3f6e0d1523964c771d03030f3d85453 |
| SHA1 | 8aa48c036b2e37b2c9c4639af8d5bb5471bedbbc |
| SHA256 | c8094efdd1d3aa46aa7c98780f4c22bb90da855730f9a6f9fb1c49800a39a5f6 |
| SHA512 | f8992ef5b0ddbfa38cd86f9837833c83acd5e9268ac9b013ef481d1763ae69a35a05ebf371386b0743fabda03a9c56e22617701e4a1d42d53feb13e08d6f7d8e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5820e1.TMP
| MD5 | 86b093f56638f2fd90bf364d81188296 |
| SHA1 | 6b48d3dd51babc9ab9dda75e3b6f406421facfbd |
| SHA256 | 5c1fefb658a57c39c9f8b27c210cf382b117ff6749f6ed36788a36bcef122caa |
| SHA512 | fdf02c8541443e0a1d0420b655cf5a04b5a36f7b4ff7973d15d067661ff4524db1f27f77ff7b79fa195480cc3f6d0e0b54f8e69d5d19f204d063e49973fcfeb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e18c043a9057d7919f90a6e061221de5 |
| SHA1 | ab56241e3bc0f8283ce139af23b3168d30fe9290 |
| SHA256 | 7c286683593ad86b62d9ea41cff184c4a6ccbbff3b012e0df7214539a910a609 |
| SHA512 | 2f182e65745021bfd5b12202a4d446858adcc0df5219164819bfe60ee503b69c7fdc0edf0b5bf17cd0c2f0dba37bb4b916aa80ce864c5c829fab57a58a61ef85 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 1296590b87686f3b5eb7194717babbda |
| SHA1 | 03c69605dc004ea87938f85e1ac26ba479b17178 |
| SHA256 | 91a632f9d82dd378a1e563b96a167bc08f0ea99be457d7830ef5e44f2ec48323 |
| SHA512 | 7e5c7775deb4ecd3d980f3af6c33898a20248197fab772a19c36ca559a206ad9802b010fb39f70d6c5d6df890535741782d1911ea9b3c9881d3f28d5c6d1365b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9acf17b367167eb0be0fa11883369db9 |
| SHA1 | 219c484ecc6cac7b21af7d0945e1c70ccf933f77 |
| SHA256 | b298b43bf2cc8d57f1979d3d369363472bcd1a145fd9375e487a5b4367d4989b |
| SHA512 | 7d9e89893e5666b51b92eac3948693edc18eacfc639a7a7154bde2bc43f1c9d3dc44daf42369516aa5892904d1c305655d23460b94d2d4397734b42a812baca2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3043cb5b5626e67291f23f3e71d22102 |
| SHA1 | 9eba71edf00169fa06d0ab87e5a2251181d6f509 |
| SHA256 | 0ac834ffa915facab8f005f039c113f64bcb71a5202813a923331315f4fe1af8 |
| SHA512 | 5a4e842218ec5e7b2ab0e7136343aa63925aecdd403a59091a139be507ca3c63af30e072fd9ebb81f251e192269ab08b78c6d7f8e72a5fd5737564dcf48d940c |
C:\Users\Admin\Downloads\WisdomEyes.7z
| MD5 | 966c67d94cdef1f97d15ff527f123fb0 |
| SHA1 | 1ec2f55d4302a3d167ec402bafaad01a220cf620 |
| SHA256 | e87a61c253467a65b36a7531908aec0109a81cf12f173e0752af702601db6e29 |
| SHA512 | 2a1a89b010a5e77ecd9f701c9e51afbfeebdf6ec1f6eb3cf8cd47b22c5e8ec83cc787ac09a607cbccbb1c04d1b44de78e6a4ccd8323cc420a9c01b9d0ce81dc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 5fa47e91754891b46849e5b0e4e746b1 |
| SHA1 | b06c0b425a73d7820b145cad6b95ee9197febd90 |
| SHA256 | e38923ccbbaed2a354281ec3d283153e164c00dcf80da0890a7de910e6f5166f |
| SHA512 | a7e848c047a50936cca0ffb95d6b46f844826cd197af616cbcdde21c29fa79675e3a97cbf129aad9d1601411a2d4712ec7dba78359dbc688235c8b76d620f679 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c7c01e1d56a1deac9fb877d1d4434f21 |
| SHA1 | 8598ffc5926e1f1754edba1c90a8e5930dd547e1 |
| SHA256 | 4d79d9eb11f53e67c606ee99cd47efdbc9485006390574716d5b4fd4f036e865 |
| SHA512 | 1f5bad7301f997970eb63b660fac7d329b633beed7202b4b41ce8479e4ef39ebbf6bf3037825f03399bac806cec2c2645e49048017e133d4e5e597398d7b55a2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 80c96fd4ad1ea19a53f253da06ec475f |
| SHA1 | 58a51aa5ff2c6b11b472bf63ce90ce5f6b1b539f |
| SHA256 | 36ed5576e2a205ba6d7c26a8f0e9c9250a9d1bc2763009c91ff01bd7d056772c |
| SHA512 | 827d0e474c8029e9ee2ffbd2539bae00e1a481d6d0b079d9de8ce114ea42f18b62de97070d2879dc889ecc857e5c4b15f9504a79cab628b8f6b8ff90c82b10fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 094e0e048076a266caa91887e961fcb8 |
| SHA1 | a91bfc02530923fc5e5315f37d63eddb2ece9e9f |
| SHA256 | 8216de96a52e0b310ea01743e42109d92dfebf4cd55dcc95dd3bb6eacbc2731a |
| SHA512 | 1ccd267130c5ffa044b1a723c346b8186ce6e6335c3902597c695cfa398dbb2dda7bf8eeb2cb5856ae4b21b4a42072f76165032679c09e44d90d2215c298f69e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 38c17f33ff73f42eea1df0875dd4ad74 |
| SHA1 | 3b6e70db24424ed0a1e491ca65d9ca2fa8ce1cbd |
| SHA256 | 24b71a657f5f90657f4d54982757102e523de94ce60a79dc8cce9dfd6f518564 |
| SHA512 | d368c4d5df98c36a3b9ddfde908aa9cac90534022cd7e7bc73e77da8db5bc96530a8657288cb43109d96710f861103e56519adb43565d010cc77cb05669f6dd8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a5dd1b5f4eb531c0fab7cd6d8cab7786 |
| SHA1 | 08925bae08d11c006c780e42a53f8cd3a1a61570 |
| SHA256 | dd55a50a0d65ba811f348f50b518f3073a872ab5b5ec53e52b3ff2a5ac7931e7 |
| SHA512 | 570ec303370fc2d83c1c679e7b4e79f76b3dbe10ebf8aaf5083dc0ffeee15458500e197cff74f22b91b38d5ffd26b465589af43ceb965f24d3f1ee5a78a94700 |
C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653.zip
| MD5 | 6e70cacfe42ef9c349e7b42f2383e86e |
| SHA1 | 07d380238e4407b23de637331f3317a50cd894c2 |
| SHA256 | e9dc91fd4535552ec9b7a2ca6d8c99010e2d64fb4563e30615472039446f9a1e |
| SHA512 | 241d4b382c273204939da3879970b9521b95b69341bc252b853d7b7302df09203bc606fec4d7307cc398851008732129fd0a3a75ba0114c5262572948056ebe7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e9767380efbe5409b2bc27b35e8b8902 |
| SHA1 | 23d10feff9a0e86fe99da1def9a0573b22faf57f |
| SHA256 | 662f619e1660095e8838b9196272ef53989d035a08d6b590b5512a8a187e298a |
| SHA512 | da87239995412c0c902962af3499c2100859e912225022865759fd7e88d31d1b3c25145bbb6b51df0bfcbc6dc72161f17e131c122de959d0bd2c7534edfb4ce6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 55d6f526563d330f2b1cdf677f1309df |
| SHA1 | b461fc3a14bb50cee6de2bac1fd0654edaf6bf5b |
| SHA256 | f38d73c20517a94063723032b4e1b8c7b7ff28bd9cb08c137de676d18390bc55 |
| SHA512 | a74cde1ae6ea70aa9d55de6f1a3469ea3c5d12b7e794e9895c31f024fbbd2a42c205e0da3c70339e19d4f8166feb097af23ca505b53555d98f6286c8c8079345 |
C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\28247211d1eb08370aa363f08821a653.exe
| MD5 | 28247211d1eb08370aa363f08821a653 |
| SHA1 | 9d16705ff7bd06d238b389f9320e1c646639c2f7 |
| SHA256 | 86cb2ece83ce6aa8831c5dfd368aa847f3bae52b1f2eb2a3de093227b42772ec |
| SHA512 | 9306c2b475b2ad578202be315401249797bf09715f58c32c6091c08259482a68e8ec61870f18e3cdf27e6aa7c39a93d68ed30cf4acbea4cfb2fa68ec2b301904 |
memory/4444-409-0x0000000000400000-0x0000000000410000-memory.dmp
memory/4444-411-0x0000000000400000-0x0000000000410000-memory.dmp
memory/4444-421-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Users\Admin\Downloads\28247211d1eb08370aa363f08821a653\kqmhdhim.bat
| MD5 | ecccb5fafa01fcc663a0d9fedaed0d23 |
| SHA1 | 82c1a241f2a71be93b232f62dd1e149ec17cc2fb |
| SHA256 | 95b4bf1d32e85651238d5141f5f628c3e46ae106d71a048f2ae99e6bf1ebf85d |
| SHA512 | 6acbae3944c01450b0a5a3022e9685eca50c03f1ba82733926cba9b085d6f1f4109871d66f20d6f15f99a1bbb9a8ad87fadd2acaf88723bb48e431f846d4bd0b |
memory/3588-440-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Windows\SysWOW64\ciyi.bat
| MD5 | 0ac116f75d74fecccdc4628593328e9c |
| SHA1 | c77f81c5adca1fe3151c110255875cb0cbbe090f |
| SHA256 | 986497a99033402366622e484512129f361fe377d3c358b37c0d29ad4b684b33 |
| SHA512 | ed50d07aa5e985dc30b50cdb52d9dadd71a3cd2b3907b9884f4862d106c7e0da4ef8136c1828110ae42401a3831a16e4bae7f2aafcd0f8a5fecc190387062765 |
memory/512-453-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Windows\SysWOW64\zeja.bat
| MD5 | b9618a4a0656fff920397af14c74e8e5 |
| SHA1 | 95e35d50ab921faa2d39534eeea36e7aac310e9a |
| SHA256 | fc91d96d749f5bd7e8bf8dd627d9d87df5e36d53b801e7d287a18e30c76c1e23 |
| SHA512 | 1435ae5d94ddd17d25865a6d2d6bad4daaba605463c5da947d5e3c42281bc08a0f04504b294d74b50cdaf81137385bd6a2f976d4cd93167b4adeade134c5bb8a |
memory/372-461-0x0000000000400000-0x0000000000410000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | fb20e9ced775a8e24e32bcf3773136e9 |
| SHA1 | d1e9b61fe381a7b6a0a7f39d34a9e815a6f23c49 |
| SHA256 | cd364847f1e6ad6812f404f8d7934ea2ebe3104a98f3c3372a555b0ec6aad992 |
| SHA512 | 78ed780c0e872d42ab58618b314a8ce67742d522b2634142b2cc5ac7c5733c11271dd00d818314bcfb700b3f7d9d49f1f54acf8fc9a981cc637240d2c23561da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dcf9ee41d61b236363d021f266c3dee1 |
| SHA1 | 4e6785879a9e3d2b174e827298a38ef7a8300210 |
| SHA256 | 15744d789e901c0f4f1781098047150201951a8109d04ed699265a6c558fe0e3 |
| SHA512 | 14041081d8ea784a674a4f3870650dd79d3558394a6a0fd715180a4e186f914e17dc128942d60877aa13ae171485faa5d33f15fb29262ee7d0de10eb4e0a5cf7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 92cc5ec219447060962d99b46f3856a2 |
| SHA1 | 27fb916a406af580ac9152ca5db74957fe4d0f3b |
| SHA256 | 1cccc550e35af76b6b58345f614126a532546d98e640252df75251e2df57869a |
| SHA512 | 0aa70cfc7f8dfab0526ac73d9a011b7f19f3d4c270aa935faf007e0a11031ff6fc63fd884a779f863e19b7c0b11435243d4d16fe2f2ba5242c7e8dea629a3c0f |
C:\Users\Admin\Downloads\Unconfirmed 266561.crdownload
| MD5 | d21bf3852bb27fb6f5459d2cf2bcd51c |
| SHA1 | e59309bbe58c9584517e4bb50ff499dffb29d7b0 |
| SHA256 | de9c4e8b4b0c756eee4e39221c1e4e0e11c2e67effb828e27de3c4b4470ccff2 |
| SHA512 | 17bc7740f131a1d4e84fd7e4ab5e1ce510660f5046340ef6d09ef99c56c88da2b6be3ae5c5ddb7213841c506eaec147c65abba1a7a2a8eb4fb8f6329bbaa03d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | bfee061aebcb94f803e0e18c1dbbde80 |
| SHA1 | a34013ebb85e322a4eee5231f5b81ab4279de5ab |
| SHA256 | 47e60cd39892d910ae7095a89f70c3e31607b665938fdcb917770ea477ecd0da |
| SHA512 | 8518fd1811b08b6116b86cc0342d0a4837cb335aa71eb6d30778bb8e21c1077303be6cb08e69a6340f8b07e4d17d77f64acaf99064303a1b3f82aaffce407c37 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 25b786bc797d289ccf49fe96a4762a6c |
| SHA1 | b7293fc5be9602850738d6f8f8b6ae265e1a03a7 |
| SHA256 | e8674eb6e224deb6e99e9c207094bb1160fbee671eab3c6187296b99803a7702 |
| SHA512 | 13b04cdb59b810fd9343f7746a0669ed7e0860ac66b701cc96b065b87afc4cbf03391bbf1c8808151129d9bd07843fcde948bb2eb0bc140a26e259c3d4d65a0b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | e2ea353d4e00322f1946de7b3c644faa |
| SHA1 | 2fb8aeaa6c5a83f10debae3e247358270530a21e |
| SHA256 | b0ea8cad0f9492484efbbed8a750af6676d6d8349ff33c729d243f66a78d62bc |
| SHA512 | 9f767d06a64e700ea726cad4d5aa59f6f6351ac0047a5bc538e31f9b2dab6944a09ff082955d4e398f32c0197a5343b38fcf9418aa13dffa2a2064bbe5e7de99 |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | 4dc92b52e48b9a7e209307def43f0fa4 |
| SHA1 | ba0640d5afd2d5b07fdfca4d2a37a1208bda1b94 |
| SHA256 | 461727e42566cd84e4161d5332131956041e02e3d81cfec07c22862fa4b6d3d4 |
| SHA512 | cb1b2f63befed99c26a5f4912f5e9e7a315f75414097e66a2c2768573425129d18245e515d2bf38e352eefd78d0e61407d43a09993edf0aec6e2ff7c296d0d8d |
\Windows\Temp\MBInstallTemp491c90c4566c11efac55d68c0a96ca30\7z.dll
| MD5 | 3430e2544637cebf8ba1f509ed5a27b1 |
| SHA1 | 7e5bd7af223436081601413fb501b8bd20b67a1e |
| SHA256 | bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa |
| SHA512 | 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d |
C:\Windows\Temp\MBInstallTemp491c90c4566c11efac55d68c0a96ca30\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp491c90c4566c11efac55d68c0a96ca30\servicepkg\MBAMService.exe
| MD5 | 2d49262ee00ca948aefc1047d65bca56 |
| SHA1 | ae60524cd5d0fc2e8f32b38835667871747db3fb |
| SHA256 | 6931bb215c086739a7b2ab089a8bd9cd4b2acbb9f44a32ec1b420f216f6ff782 |
| SHA512 | d069d4f20d69aa102438f1779f6222cfef7967733cce8d744bf6121e8e22bfc8dee4ee6887cf13e17ea173a0db4c52e3009fe85b861f5c7622294b63b366877a |
C:\Windows\Temp\MBInstallTemp491c90c4566c11efac55d68c0a96ca30\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp491c90c4566c11efac55d68c0a96ca30\dbclspkg\MBAMCoreV5.dll
| MD5 | 65a49aa18cfaa688a43a62e2821fbd77 |
| SHA1 | 2ff08fd8149e1202e580dad63f7ac1fe3130464e |
| SHA256 | 7dc3f946efc0cba5e4e6285bb0c77c20e04ae473f41ba58ac1a7ee539168e6ee |
| SHA512 | 4e0a6c1491f398ad9ed4a0004b0e6e0c6a29693f7c225d93d567ad356a9a6423b35cafe2ae5dbd8bdce9b034b35055ec1c3e5248a09a3a209116ed1f7e62aea1 |
C:\Windows\Temp\MBInstallTemp491c90c4566c11efac55d68c0a96ca30\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp491c90c4566c11efac55d68c0a96ca30\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp491c90c4566c11efac55d68c0a96ca30\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | a58601a3ccc71c69736ff3f16e3faa50 |
| SHA1 | 4ef363a438a28e0c966f055f89788c9292b8e091 |
| SHA256 | 3edae4348be02e88de39aed7fce3aa4e781afb6b7728121777066ef9b9b17555 |
| SHA512 | d23ae01eb0824a7e1865f9a7389bac349373a90ded9e46937f331bb44aa4e9b275efd795b346270497fa67f2afb9624c8a088cf923e3029090ddda11c8ad6ca7 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | ff55b92da0100783e29683ba226a6a96 |
| SHA1 | 29de03346703b4280a0d016bbb6b7da03487a4f9 |
| SHA256 | f36144ce786daa8de23831ca21dd0ea7c02afaafc7d20a8a4d3703918a16c162 |
| SHA512 | dd1ced0c037bfa7e82e8980ff8336e192cdad52246bccbb85332e9b0533e4adc991168cbd16aff7c37f5418162533d9fd93ab4cacf9d6538cced53b8fec63122 |
C:\Windows\Temp\MBInstallTemp491c90c4566c11efac55d68c0a96ca30\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | 08c0520c18431ff523091aaf8bb38fb9 |
| SHA1 | fd864c138b0cb68c361e754a463bc34a87fb3fd5 |
| SHA256 | 7365b33553803ebbda706e612d72f0cb6c255fe4326454fc46e6b805d9af3b29 |
| SHA512 | b87dd80762dc8d7209947eba125a8a09dd3aef005910cc2da044615d906916b91cf1a475ea489222c809ca7170fc1b5c192b210c34cb4d4fdcbde2f2b49a45da |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 01c45fe527b291aa37976b8e60ed5698 |
| SHA1 | 65d9a74fb09a2668e2967b1878b3847c0c6dbeb9 |
| SHA256 | 72438fe753cb99081c50b2d8dc829fdb87b32c2c2f18bc5dca18a5d5fb818491 |
| SHA512 | d3219a50f254c26a4e030da34c675f21348a79f56360a378054df97f18b21c53043255aab7ee1fe64f9ee1e12060f69f79a9a1ce46f0f2c9fef6f294e9583740 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 85c1b5de6ddd337484fa38f098f03707 |
| SHA1 | e933885eef2f4b0b1133eb78910390ac80750650 |
| SHA256 | 6010febcd277ca25af1755fa749ea2cea6cd01bb61336f35e3cb86c671a0ae58 |
| SHA512 | ace7dee53a39619842d4202a45631c998e6ef0d8d059c5bd6dd3d6c8821c7b8c67b42600463c1c53bcfa8081f7ddb20e30df01eb30f4e9a867c68bcda6b329cc |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
| MD5 | 2bbf63f1dab335f5caf431dbd4f38494 |
| SHA1 | 90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0 |
| SHA256 | f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364 |
| SHA512 | ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 288b0c4f1f56a79787121cec007b753e |
| SHA1 | a23890097fe747868b21ed9bdc5973cc62dbc29d |
| SHA256 | 28cf980b055ca31fe449f9d98e5a3da759d1e96f2138e0457882a7a350f3e565 |
| SHA512 | b66f0ac3c1e564654e401de5407135fdb01f5466f702adcf35938e0c42c21fd0539a492d58dc53ef2dc493a3505481592262840f70042c963378f140f9fee6de |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 42607cc82ab01645830696b333e20c84 |
| SHA1 | e4d7cf002dc9bb60ce2a5e38306279f1b34138dd |
| SHA256 | 07194093feb646aa5370962b7c294578492f7d504225905235f07e93980e6666 |
| SHA512 | 074a81b270b38c0db4fa4f2cde85c20ed1a983aac5490dd5c1833cb69e243df52d1fa139c3c9c996ce48b52009251dc7b7417b24b74fbd60721f151e2f3b9316 |
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
| MD5 | 2ccb84bed084f27ca22bdd1e170a6851 |
| SHA1 | 16608b35c136813bb565fe9c916cb7b01f0b20af |
| SHA256 | a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb |
| SHA512 | 0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
| MD5 | 03d6455dc6934a409082bf8d2ce119d5 |
| SHA1 | 995963c33a268a7ed6408c2e6de1281e52091be2 |
| SHA256 | 82ca2aec64fe151efd59a838c1845111bfb9f94ff277be3afae4e3f684ef3a62 |
| SHA512 | a0ff71bc01a11c9a95c1a0186a7bbfec9c3f84d7e600d0bca877934fa5f84053627bc59bb355f53ce9e3c9e4c6a841b8f5cb7436fe7f43b63426a8a851392c6d |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | c7d9415fc98080a54be6b479f124671b |
| SHA1 | 3f7e80700f1dc7c68735b1b768cc13e88603ec00 |
| SHA256 | 6e31f544905d3a963827cf4fca39dc71b1a8ac2733d2ecc0d71555628094b2cf |
| SHA512 | 449c312e00dd787c853e1d3c13b671364c6c889caf9e02f4fd1802dc10cd64daf9480c5016cbaf47b07a69b0d8cb01558df327b7a07bbfe2ae49f7efd8b2a953 |
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | b9fb56203a9688f413abc0fd261d905f |
| SHA1 | 21ebe48fbab10fcaf2d0acdb87d9eedcb2044e47 |
| SHA256 | bdd52e392fe6efaee7b6cde8a0444a6674b170c9ff0b15c636273944e1146ab2 |
| SHA512 | 4fddaedeab5a4716da34d8e42c99cdc78f84f7f89956976ff6778e8d97e728bd6c0af9317badd91ffc44055e9d3eaf190f271441f15a14c1334095f82c2f4d55 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | fbac842de20051756948e9d3edc399da |
| SHA1 | 1dc5a83985673672cfb5993618ba2c6ae5e79d06 |
| SHA256 | 9493ba32e6ce30b8e00cb16c38dbe0f0816f2a56d72664061e21e2f68287a026 |
| SHA512 | 299e1b249c481b9da7c18d5fc10d2f4cef60366caed8fd1238479d3a23961f14ac47e0aa2e9a97e5cbef35f355d35de28e9eec68744a7a48a32a450ef4110530 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 4ac45817bfe33ed7b6388765207a3652 |
| SHA1 | 463a8e2b067688fe719da5a45e4fc6d6cc7cd2d9 |
| SHA256 | 5f6a739feaee396c060669e8f0a0324188416cb69c4abbe04ca44ad5e9cb9bb1 |
| SHA512 | 17d21f437fc4b12e1b5617a44d1e8ae17f35fb86e3255145c1103a4c7f7ada4c71342507d11664fb7d0ecdc5795a5e07412974c473cd84e42a50880b379c29c1 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 409d65f4aa52e81d2b92810513658e5a |
| SHA1 | 737923eca5edecc5323df1d9d33ed754fc206a19 |
| SHA256 | 90d18b3e548929d3629cae720bf032a71ec7ee8644751e6003949bf793646f53 |
| SHA512 | 692c9987b488d582ad12fc6bb158abb6d88909c0c60f580ad03961942ecbb386a9d7eb4c64523d70090b1a7ccf0392dca62ace558edf31486122592546e7f23d |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | 3b8cc56cc7ca6b34e25b557233907f5f |
| SHA1 | dd4df0ef85c69745e14372c261de42d917d66bbe |
| SHA256 | 42f831b00a8bb8bb121967f05105622d08a5599096823f87d59e92df294083eb |
| SHA512 | 42651da6bcf84e52a6fb1acca33516c6c95e29696a3dfb233237343722f74404cb75c1f1396be8856a92f2395311c9a0234e8eeffcbaf36f3c744c958287b945 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | 541fb1cca4e91ec6b9b9d6979a7047ad |
| SHA1 | 5cb26850cf03f984ae5b7b2ef7ae4e534018ded1 |
| SHA256 | 902badebe4aa53b703286eb6031b31d3b96f1cd8367463fc263a8881962a7175 |
| SHA512 | a16948b400213b2a6f59de0a30a3e1a31cca13768ffac0a49809d6f62be657fccef8c2735c3ea5de36c8d65de48a12d096427c6832415e0e633dd9147cbf0975 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | 49b8fae5d27a922ecbbfea6c4ad45df3 |
| SHA1 | dc07adc26a44dc8c62dc50b079cd5e6fa616f3f0 |
| SHA256 | 05a406b47a2f089342e37f9384a613084bf6adc0f95437cc513bd8450583a6c2 |
| SHA512 | 8aa1f9efb8fa1473ca0538520b39ae63e697b644ca722dc98db51dc2c39de9b6b542d0ea7ed3304abc295bd4ad24bf2ddb2f79f8e383a018ea5e017811545337 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | 076c97bd634dcbe48a043d1bde3222b9 |
| SHA1 | f48581008c596cb55632989d20706a776b3f2fc7 |
| SHA256 | b4541e81b42905363498b44df24f6dc8897b696b4d0aac13bf9c15b91718bcbe |
| SHA512 | 90be4cb5d0663dcbf999b2c6aa4eba24e069ebd56b1a34670d2c05bf82544f0ea118002cb97f5e3a287b5adab34f9c8cc49f39dffb446ad52978b76df49585fa |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | fdbb0074d699e1889cafdb04390424ce |
| SHA1 | 268c24f9f7420c3c37b971e3b31623bd058572dc |
| SHA256 | 66d0f04504acb9a135c2916e5a9baad3144a5483c554c920fa57c4e7fddd98d1 |
| SHA512 | c817f0fc31c31e199b7337cae798c6cfc8558479079a405c0ffddaae3025636e91804232394ae2460eb62735e48d297c08a78e5692d817f690312b89448f18d8 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | a8e4820e175f7d9c0f37c4f63bdf44bc |
| SHA1 | e0aa265a99ceb65255ead59d54ab2e044c7f63ef |
| SHA256 | 4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b |
| SHA512 | 68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | 81b7c8ee1ac2b622d935c45c665600bf |
| SHA1 | ad682e480523b957b84ec274fbd16048a16ef8f7 |
| SHA256 | cde9770bec485d9b53b7c03df6ec98c21ab33ef66fe67efeb24029650a823ecd |
| SHA512 | 9789b6f45dbc13c6a6c91d9f1a0d4cf9d5344094e062e8d9374c9466b16f2120d8e11a9e24ad42239e4672a905f971dc93107eef3fa394c4f6ea75fe9085425d |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 0fecc503f6b761789491062e2f974eb3 |
| SHA1 | 63cc081ef0ef49e91efea38771583634a2ef90e1 |
| SHA256 | 413df9d71ec0c8b000f7168224db8eccbb8b148c259a23971d87bec58a683505 |
| SHA512 | b8cc9a9515b85d9e7378e73adbc19b36143f56800c5225d5796764cf4a97da3c850945845945eb4567564ecfcf2063c2aea925c1c684113d0c188cc4610b8f56 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | f802ae578c7837e45a8bbdca7e957496 |
| SHA1 | 38754970ba2ef287b6fdf79827795b947a9b6b4d |
| SHA256 | 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b |
| SHA512 | 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | 00bb4872fd3c456f23b2b00a679b3890 |
| SHA1 | b2f98fc663e37bbfda7398079d4d483d862256a6 |
| SHA256 | 1bbaa5b2a9e7423568aaaf7b6c2939a6ea784e0b8fb5e428b6e7423927e0c9ca |
| SHA512 | eda71ee5c4bb9490e9a303347180e94425f2228476a45d983ee4ce5ff1c84b60c359ad29d545b0bcc8dac0aafc6cf0d4297560bdd2e68587aeb0137de61f19ae |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | a8de0cb6e0103dc9dc9f1a7f4f35f819 |
| SHA1 | 27674efbfcc8975b4a372742b141ddce47cb540d |
| SHA256 | 87bc58ad3b68b87620c543f54f1e5ecbbb49b7468aa7c271a6d9ab95ac9beefd |
| SHA512 | 6688449e115b0403e08cb24c61f961c74c27cfd6609af360c251eb446d294e42ab1323e34a4e3992020d8c7fd0e8002fb7b96329cdf9c486910508d81429a072 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 956b145931bec84ebc422b5d1d333c49 |
| SHA1 | 9264cc2ae8c856f84f1d0888f67aea01cdc3e056 |
| SHA256 | c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3 |
| SHA512 | fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | 3d1647a31d79c6dbf278d27c237e4511 |
| SHA1 | df1e3f19ed1dd6df8494a6f378d6a0db32745dc0 |
| SHA256 | a3d60979f0baafacb8e75e752b635d4c9641273b244ef70b55b888d3579e7da7 |
| SHA512 | 874912ca704a6758fec15b0d91bd2ae40e53e8ac7e6d3cd14aef12aa6e4840ccc05a4a2d7b76a6ce7805f34149f962b8ad4a9260f66ff047208d3ba74a0c3710 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | 53ad60cfcc1e417704b024ebb5b92874 |
| SHA1 | ce9cb043d18d4c113ba32e076316ad78af717de5 |
| SHA256 | 60143e39a2feaca15b6dda6e835f8f719e8c274c694381c4156df728b1359ebf |
| SHA512 | e2da6d00272e129170f17326787b051abc5f037aac868aee37f079f7370bafd7ac9f0bb4e29453fdd5241213cec9b1ba720b73051247ec841ea0a684462a6c2c |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 78085590b8cfb0dd3c5e228b8513fc46 |
| SHA1 | 32a482087ac2d418d9df8542dbe956daacaed712 |
| SHA256 | 2c91935d5b45ea6751df2ee7b4804095cb337fa165305ed644a7a332605a3c5b |
| SHA512 | 1ebc8e5954d651e3ecf5ca80941fbb034c397dbfcbf4c6ffab5eb86da24325b524f0fd275a9e4c6c71fe7908b921ba927d57a5205b86b006bb359fc48bf794dd |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | e3a7bf079e63ed72541feec9ac739e27 |
| SHA1 | 73d25a457e35784e2f397223ad4ebaaa31fba860 |
| SHA256 | 97c6709eadbbb66cfb7a8e8ef4fa8e7ee5d208b69daa5220d7262bbe65b61b3b |
| SHA512 | 189d89145486d5d1b70602069a3ff968cead730dfab963e71937f4936ea60b92736a83467cbafaae1a5b0f6b9fd1badf6c5665c138daa4031c591d44046f92c5 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 8090cda7125ff7e59baf19b29cc5f79b |
| SHA1 | 957049a4da16c68273a71f24b331c990330aa9d1 |
| SHA256 | 86caa4748983689b55b5fdbbb6a6e225155390cfb6e2bd45d2c7b39386543f7c |
| SHA512 | de1936c7262b7d05e68085e4de9bce093f0bcf11f820611502f4700d8dfd7914ae8f5f8f4ac22a6db0a74d2e8d179b7c323e075b32059f9b984e546213fb6f8c |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 85ba8944b410a861dc243d47782f618e |
| SHA1 | f466a4475665465c507e4a0852f3d2f3492011f1 |
| SHA256 | fa6b829477837e264137394ba3f637419af37289b27be6e1127c689883d2ec7d |
| SHA512 | 250d29fabda1ad8952981ce426c8b27dbf8f521d531d3112766dd64d28e76a8368b8483f77135544de2c2049d2ebe78337239fcee6d810a2f11c4ef6ff86086a |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 0fdf4a60822c9b8ea8c15a38e3ca9138 |
| SHA1 | 3101442a45a7f8ac276cd4dd189d645ef52538b6 |
| SHA256 | 9f89fb2abacde0878b903595ccdae0ff3ecacb11cca0248d5a7e7d9f3c6f6834 |
| SHA512 | 4be010df0c33971bc11739e5ca39c65ed7106ff80e56a6032cbe57c1decde181d4daee62b774b8b5a7c58c72405632cd86911e672a54996647fa5566e8e5c09b |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
| MD5 | 246a1d7980f7d45c2456574ec3f32cbe |
| SHA1 | c5fad4598c3698fdaa4aa42a74fb8fa170ffe413 |
| SHA256 | 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147 |
| SHA512 | 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
| MD5 | d87c2f68057611e687bdb8cc6ebea5b8 |
| SHA1 | 27b1311d3b199e4c22772fa1b7ea556805775d37 |
| SHA256 | ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8 |
| SHA512 | 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
| MD5 | ddb20ff5524a3a22a0eb1f3e863991a7 |
| SHA1 | 260fbc1f268d426d46f3629e250c2afd0518ed24 |
| SHA256 | 5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a |
| SHA512 | 7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 4eb03b58ae2dffe9d10e7014f0261984 |
| SHA1 | e8a1955104e93fa62fb1287612f173cad8d8cd26 |
| SHA256 | add185bb89135a9716c8437941124b6d3c2686a1c8be98aa4a39deafc687801d |
| SHA512 | 0f44f27976f77e56eadf8316013cc215b710dfd50c0fb27b15b3938873e3fb77b322332d88a3c0af45a5b8318a6909521d93abf4b38ae90f9ce5ae81a137d6eb |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | 859074107d688575c1b66e1b4e2abd5f |
| SHA1 | 5c36b96c4bfe7665d87936083f6ed6c25e964488 |
| SHA256 | 316c47694e11674a740f8f038ea48669606857546d4d2768d3b1943cd2325e7f |
| SHA512 | 5279a3e5642e87dae019acc5099ad5758591a0c614845c236a51feec137b9cee9d69d5fb061da728446d81aad0cd007e7677a32019efadfa187c2010b5e6af81 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 4f78576f9ff88bcfdfd54ab2f683b193 |
| SHA1 | fcfb5fbd450e7089debca71a672c9de5e8470e7c |
| SHA256 | 07bb328f8e84d795be33cfb7b0cfffa5d02c3ecf8436335c27c0aacc0c358bad |
| SHA512 | af203a2fb6ce9d68593d7ad7808169b371b3e76bb08425efebd609b62388865765e61df94f23b5ad4be032f9203ac46ca18f7d2a3d3456c46992dcea9ce98c13 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a45f1479ffcb3a96489c27cd053e4cff |
| SHA1 | 5d9365a291774571f18d9b7c7385db1aa1927a9f |
| SHA256 | b5c67f1002233fbb8ee9630dee6f38348443ecdf2f5ef6e54f5076d90857bb7c |
| SHA512 | ff6960dedde81cf805ee21001d9f47c5368493a0860e585118de3c3d279801304c93bb7ef1ddd53a27a82974d8033030f23e0380d79de2e4cd7d4e762f60f862 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | cf12e4262571c348f48d10cc120c3f09 |
| SHA1 | 2e0926ad1a2320ccf689ae9309b48ea1d5d770ce |
| SHA256 | 86c84344210ff0400dc64c933ec69e6413325f2afa116c5c6468e615c346c702 |
| SHA512 | 7d217c1731a16ff2f30976a49359f195307c97c5f0c620bc39c539d4e08a7a892101b75060dab204c02cfcfb85b22bd3e9a6fdf8db3c3e144e70a7b10a41dc84 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 100d9ee814d2fa367c95bd8b79a7a272 |
| SHA1 | 0982b9df7e863937317f226eb93252d8890d40fa |
| SHA256 | 5c13180a0b3fa0f86ed247fe601cc05df9a6fe133e5110e6182a4d2b52e84058 |
| SHA512 | 39967ab196b55fda851fd174d113638ea5f664bd6ed5969d65ae1a1deda8ae6ad606432086c0fc203ba04337a7b5399de2a5c05ce23de7ca9329229d3bd5baa0 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 19fdc7820c4cdce6c9707ccca9e53baa |
| SHA1 | e71d3417f2aa543a15d13e666dcd14bad4924e24 |
| SHA256 | 6c09f8d9c76b6fbe66d364caaf8cffd262a44c99ed5b3bdd9b1d44dab0cc9925 |
| SHA512 | 777881171356a6b8a7dcc96e49d546fa5580e3aeea176cfe3545971df4f6b5843e862b22c1090569b9ec496b2f6b35c747983120b9a86d5d6120ca96a534de3a |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | bb1d3e60d493ab6be0565d14daa9b70e |
| SHA1 | cb9aca45b3009788617b5225d6d093b40998054d |
| SHA256 | 428ff150a6986e82d3f793e2fd7e880613665c09991d2422af3e6e8feacf9b0f |
| SHA512 | 0d3babdcbac02f2ed67eccbff77db0225f374908d437acf4e38077c462154a037a0758a040f0196965afc8f294bdbf0ffc10aed7bb128cf00ce3af4826c91dcc |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 17da5ef44bf938086643b14afa4983ed |
| SHA1 | cd6ba87b0b62c479bdd10ba2382d13141c04baf9 |
| SHA256 | 953d1b75ec36b7f2fa2b0d546e8ae2f6b1b5f73bfc9f354bfec82dab2582fd3c |
| SHA512 | b2929fe948351d440ac4374e04c73e9e70d9226436b9d3f6bf976af65e0ab2d2efbdb269ddafd26b9970f808b3fa2b8045589dee0cf5e50e64291594bae9d2f9 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | d461a04e1c93844717990d5f84af6bdb |
| SHA1 | 23473893b7b2acc0aedfd89a39748c0cdff2c57a |
| SHA256 | aaa05973889c2e22bc6e55ba3ac18a4032414653f09d644fda23b64c1f33edf9 |
| SHA512 | 249187709e5ac795c87c35120f36c6676cc4434988b501f92c7492ea3b1950f5e21f46efe04928f5e4dd64d3ddebf6ddef86e8264c909ca6f96177e5e727e5ae |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | c52665639ad3e1ea85890e82362723c4 |
| SHA1 | d99897094c744a60265685373e1b9dd94148c24e |
| SHA256 | 729eb9575c6804ea2a8324f9c8d5ac4b4c9b440d30b3d573cdebf01a21fc57cc |
| SHA512 | 2af5d8b7fc61a3223ad94d23d8ac2899f5b0c35f92b494ecc859255131dd212205a726174620aa8ed0f145ab456bd71e80a08d0e5f06ed35e05d06ec9c88a181 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 4b951cad0feb5150f08c0ba69e7f0c6e |
| SHA1 | 93937cb9e1ca0bcfc7d90627ee185dc948deb813 |
| SHA256 | 6c5fcfdbbab2773f150093b871c9bb030b285a9a815493d878e390075f097530 |
| SHA512 | 4f2f244af3985dff14c76bf56d156a9676a14d3aed85d1b3e8c2dbdb34e11742c593d209cc8e8d36f452c4cfc166dcc2780638c6d625eaffd6124b2973395ca2 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | e480722a353f085cc2322080ef16902a |
| SHA1 | 0f998d18e49835eeb2d8ab77a6fb769f3266c529 |
| SHA256 | e65d1fd8b915198630167f2be8c1b3bf5ba716f1ced9d945558d09de1e5321cc |
| SHA512 | 92b1f318484ec8b541b7b48987cb038205fe3a55662e1a951f199060ff43ccac99d27f6a03aa049a2290adef9eb0e66ac2b9ad4620250f3f43221e1379dd1f8f |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 24ae00951a0e1b224b9828eb3b210205 |
| SHA1 | e017c0374380438e488e01c20223073c6d3297ae |
| SHA256 | 58d0a21e7e8d12ecacf815918fc7d471fc2519fa47f277508b7eb457acc9ca57 |
| SHA512 | d81afd99831d4387d383ff7d2a4670c56db0ae916f3634fc66363002833ab117c902c991dc7279f4467972c884054156a2250da20a9c278715573b5df0d164cb |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | d1802829b28906e13b5e06caf7311cc2 |
| SHA1 | e80f9de42cad49d863d314341db946a0622c4e8b |
| SHA256 | 1c29e7c70d8f98353dc5dd1a7ff93f5da1a975ab2a9bef7458ec9fb61adee835 |
| SHA512 | 338830b2fc77a98a5421fbe81170f014e826efa361b4c69685ea36c971ba10f3d7330b26e9dd553de9996ad6b20a9f8f9d77e8b38a3d0a062085545a5e5e2450 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 93cef5132fad5bcb09e6bc74edd68d56 |
| SHA1 | d4a05d21fd95f261de13a00ee2175528f3222d6f |
| SHA256 | 532d84435ce0bcb1b32fb99471b9c892ecf9d2b8491114719692c34356a2c1f1 |
| SHA512 | 8bf329e324a53f938594bca011bdd19dee9b80b060b9be1aba238f71630f074ba91fa9deb0dd38cffb4876c055c368ab21df85b9e5539abeaf65b9b3564f2b4c |
memory/692-3799-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | cf86c97f03b9355f812c9a546ec3f1e3 |
| SHA1 | c091f69ff496d00f4704fa51bf69c7546a591f1f |
| SHA256 | 46876951c8e1921406b4628ba0776b4a7d81f87caa0a49d919eaed96e91795a8 |
| SHA512 | 51f3c91a2136696600799fa442030fc0dc449a75baa50e90bd2690e28f3d2f5e67f800a1652cb0183663bb83db7dbcd9dbaa03a5fb1f86775c41507ff388ae0e |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 579ad3316027069419060e23ef75e755 |
| SHA1 | afa689cc40c28ca8b60644dd93e7271a2bc15cb0 |
| SHA256 | cb03c4e073fcefb9f3cf0cf3dca7a1e680b96d15a7d2c342327a4ffe2476471b |
| SHA512 | f3dc51b4a76b7fb1c908a511f7c6a29a8cf95026ebc7fef3dcc07e3a3297ca3fd6bfad0d886767ccd9990ca3fd0e8c80222cf51112b4019a2331dba9d1556c94 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | e8abf86e27c7a024ad41278bac1ad7e9 |
| SHA1 | 253f3ca72a41a92465b1174caa9db3bc46e95a19 |
| SHA256 | d6ac2cfa68c87f115c27bbf5ad1f1fa1e65dac136f4af1df603264e3a0b9b8a5 |
| SHA512 | 3b2f042dd249ee997093b5d6f5ae471a30b7dde5c45765941df37f0a78602e11a826df11d5b3e45b367a2758daaf01df647d899ceda04d1318b39b1558b4cf26 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 464a127e782d334515b4de0b6b1a6f1f |
| SHA1 | 641a75dbe3db8c9023a459a32dac780501dee16e |
| SHA256 | 8621fe5d57728d8dc5db3f964aa7352c9ab6c9b8c21ed2eb93c78fa953c12ccd |
| SHA512 | 34ae609f7e4286d21020199e655f24e63f97ba3ff478f5334a23b885406df440a37b9764633d44769f34246f7c565ff09721c180a6d34a24f3b48fb112c91009 |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | b672a064c3cfdf56ce0d6091edc19f36 |
| SHA1 | 1d21d4ca7a265c3eafaae8b6121be0260252e473 |
| SHA256 | 04fdd99a4e8ded496a99c9d3c8c0b6a9a9bde9c4187d07342260f63852ef6273 |
| SHA512 | 53e6c4bd68a0cf36160b21d63e7a6152ca78f17c76ccee9e185c1cf3f5a254c05f401f91501ad3d6806d5085b1f58322e6b7ad483fb813b86cb8570519410680 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | aa628d33e4ce8a0709d096ca063a8aaa |
| SHA1 | 169afefb9ecf912500776583766dcdc1cc70c204 |
| SHA256 | 6dce775cc3a37d93f439eea31b1320e7f9da39b1ac8396dbc7e74a2dd19978fe |
| SHA512 | ad3459a1914d80200b1f107e28274c577c65fe8b10773bdcf29423d7a25049ff38f8284e91eb77734096870a3ff02fe99af64f52b00fedae4410d5abb2b14c16 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 327a2864bfe26432e89fba4ac3d804da |
| SHA1 | 4cef5d7f7e3ec22ac5e6581f00f10c8e1397d695 |
| SHA256 | 3787dca15fbb4587eeb4849a661256e4980ff3f5d04aa6b7b228ee639b5de454 |
| SHA512 | 7876295a28d5c694f2fd03204140fbe8a61715bfb8a70882f362d6678896662d2a22bb643e2d2ed7a6b25372959e9e0f9a4ac953866acf526f14903d08883a7f |
memory/692-6033-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 0e73d1b27e624afbb016c386bd4e70c4 |
| SHA1 | 750f0dd63dfe87ac9cb538accda128831e71b09c |
| SHA256 | 99a165fd7c9f5bbc54630220911af82046a5e020a1ee51d2d8b299f02da7fc52 |
| SHA512 | 3322a3b1659cd90d6f47e1c34ada3df8063f2cd7c215e0646b99731059c3c0758283e7749f829040d69a9619ba59100d18d54e8ca11378611910cf3047d8d0ad |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 52c4aa7e428e86445b8e529ef93e8549 |
| SHA1 | 72508ba29ff3becbbe9668e95efa8748ce69aa3f |
| SHA256 | 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63 |
| SHA512 | f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | df925c35a69e396f5efb5aaea380149b |
| SHA1 | 5a7b023f2baea0b29e678a9bf485343984abe435 |
| SHA256 | 795cdd5f71ef9ba47f6ad5ad2accbb25e425636a3508d274754d2acf946be255 |
| SHA512 | 7505a27043119157dde2c9da7fdcce9e65fcfca98d691d148fa5cfd48513c23398a679f62b4c2bf5ae1add94b7d9547971099ab3033594440830a0d4d45a060e |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | 24f879dd9efea23d9b6bd16b6d66d924 |
| SHA1 | ee6fe50cb38accab0695cd03088748d7164da65a |
| SHA256 | 2a5dfdbefaf9f96aa03d930322e600f7c91be44c7c16801c787816768d8f4d85 |
| SHA512 | d589c08ce0967eacf806d8a4dd6bbfaf1d1d09a60d4411ee275408f6e250ea9d1ccae8de7c3ceb582ada31222851b35229ca8cac76cb71d7f8fe9a523bf08dcc |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 85d00e7d11f68eeab02d8c7823e77061 |
| SHA1 | a32eca851452b751af65484633b7c03a880cbd86 |
| SHA256 | 37d8a81082cc5e0345d259b35db63cc44acfa444f66632ff3725fc39deb961b2 |
| SHA512 | d0a070ef0737cde523eba71f6bfc6a77206b37518e03ceca2a3431cbbe5cf1584d9bee996fb83f597581ae41998223c35ff384027fccca74490789e68926b3c0 |
memory/692-6131-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 783b37eda1561cc448cc73574cdee1be |
| SHA1 | fa901db2036803602dc0fa46ac6cbda73d8967de |
| SHA256 | a06a24d0d6aac0446d791996fb07a8d9c17338ee040bd1b4d2b7bda5daa5a785 |
| SHA512 | 0d48ddeaa2a41e9c85b18e11c5b13c59d92ee4584b11a1f2c2f5e91f7d39aa5c3c084470b9c16473b2224bc03d481c238beff8d867d3b6ff9f06c9b547daac03 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 48c64f1201020914d7373508cf3ed4c0 |
| SHA1 | c83c9255d6a7093b8906f4dc79049a4e1ddb8097 |
| SHA256 | f1dfa5d3ed63beacf741f29d55a7861c87295b3940a02d66fcb685e6065f8a12 |
| SHA512 | b11b0c5f6222d2d69d811bf44938806190ed8032664c180fb384fe62b2d775a2205784ffb5c98e2f50daa4d9bcc073af20ac2ed54c37e02afca694c30b102d7a |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | f6c682d4a6aeb7a0f5f7cb720af199b6 |
| SHA1 | 5100b60cf08f4da731b79d30eda6fc41c7a8ab65 |
| SHA256 | cf12dcc68416b37349b26bb1dc8cc37d1f21ff4b544f05262b6bd830fe0fd316 |
| SHA512 | c3bb233c4c76452ac69fe276a1c8454e1df2845659867a9cc274bd4d2f2ae5a45f5587ea79eeb17c4e885aa2cac1ea0ace4761521e75871464ca0a9488c3327a |
memory/2288-6167-0x00000000001B0000-0x000000000039B000-memory.dmp
C:\Windows\System32\drivers\MbamChameleon.sys
| MD5 | 817666fab17e9932f6dc3384b6df634f |
| SHA1 | 47312962cedadcacc119e0008fb1ee799cd8011a |
| SHA256 | 0fcaebe94f31fa6e4d905b5374733d72808f685fa3bcc9db9a8a79bd4a83084f |
| SHA512 | addc9a5b13da4040a44d4264cbfe27656b7d7971029a0ad53c58e99267532866f302ca8831a3f4585bbe68d26ec2d11a6b43de9bf147b212ab1f05eb4ed37817 |
memory/692-6229-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | ef1dd15aac0819ce9f7dd2f9a93e0af2 |
| SHA1 | 616a27141571c0f8fbb833dae8e020f599d4bbcc |
| SHA256 | 66fe9e8d1ab86405b5329c5f88bb8cf3556950bd85c25bd9c0dbb187262d18f8 |
| SHA512 | f97d1fa3c866eec7260de1b0e69fe64404704140c2125e5499d3deae7559ffca7d1f6a19769089c86eb62156371f7c8f4dab9c6f6493b9aa9c297b8702dafacf |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 4737f300853c5841b1f11f3fc7ec4210 |
| SHA1 | 650b793570fa16841d07e002c1964a4f50dd8041 |
| SHA256 | 3140765bd4a1eeb3914a6c4ccfb05ca2bd2bec642dff328f33ef71df50465f3a |
| SHA512 | 518a99205d219218b9e36f263f92af2886310cf3c6c2793284b2a672f749f64976d878fc52a576c3fe2cb91b3f254975ab23b8fd937d82729fc0560c545505e0 |
C:\ProgramData\Malwarebytes\MBAMService\version.dat
| MD5 | d0a12a6535726e244b288a2531b73a4c |
| SHA1 | 3cdd790a837f022ad04042ee468f85f2389a07f8 |
| SHA256 | a5712ae6e3cb463d788729fcc5ebe785a36e4ca39eda8e72992a7a058da26ebc |
| SHA512 | 9ad882c4d3a7f7b6dfb8f68b749d9ab734f4589c944ba934ac391ca4a47a4ae6ef5ce08c7057ea6a658b4256a95d9d4d75ca38daa85855455ede09b5b5432479 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 9a727b87a187166d6b0125da5a3e922c |
| SHA1 | 250676f3d47b7fda680368147f496b1f2c67d72f |
| SHA256 | 69582e5eeede3c97997eeac53114085781ff81d4b6f8a9e62102428875a9519b |
| SHA512 | e781116ea5e39bfba5c2b541bae3f3cde2319180e13f78355ec054142fd818682088ddc421398217787ac82e3302d08e6798dc92b5a197c53c93aa03278dc296 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | b54de00f0415d962993d55cd1af1d490 |
| SHA1 | 955e7c9a4da8d94d74336c7e6e688152f9c0126e |
| SHA256 | f1e215cb5801048a700519dfb2a6c0cdec8ff65cfdf65dbbc15aaa7e445e0fce |
| SHA512 | 396717bbc356fec9bc07864defe6e05bdfee2ecfdf028537b8e5f003b998cfe90ba5b5acc5475cc16b4621813b3163508d8229f3e2f871df6d3821fc486028e3 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 5d97b0f4bb6330bbd29cd30d7382781b |
| SHA1 | a8ee0a20b86a130cf54fa030453313c8853ef490 |
| SHA256 | e0a56aba2ea2583560d5e204e031290abf6d5de38f901d9b421afa597bb9cb86 |
| SHA512 | a61da4f9a3b1f7899023fa7dc9f6ec51dcc69b7193a574cc61f2a6767f1fffe54d7436be40e22ff64da1f768ed6331fe20d4c897bd358c7d095f5ba3d3623df8 |
memory/692-6335-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 9ac7b4b26de5602299d01d50ef4d22af |
| SHA1 | 8a8b0cdb1c36ced3f40d0b87c1e0949edd1c7777 |
| SHA256 | 7c17d180e8a825d6ab5bde8918e48c1d08d1afadd65e6a93d95bd5f8c8b2a3f6 |
| SHA512 | e80a2aa88d2edc2a465dc20146eea09a211fa2c2c75d1ea97b16cd73931e5fda671819847255a5c2072a30c2eb4b90f962f915be83c1de7652d70139321660c8 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll
| MD5 | 76a6c5124f8e0472dd9d78e5b554715b |
| SHA1 | 88ab77c04430441874354508fd79636bb94d8719 |
| SHA256 | d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d |
| SHA512 | 35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 757e84982a7547cc23ab33bdfcf89bde |
| SHA1 | b770e832aa7af7e74980806891759afa77530cda |
| SHA256 | a9f6659f4ed8ddaa3d35f0aa9fec64aad5b1e491de0b6a9f622d7f8e9dd48723 |
| SHA512 | c85e4f253f446b5f1a494cc773abf91ea87dc4123aea8085b64734a0b330acc8c645fa68f4a9028ff55b6bd51f10c5fd6eb01d8abd2195e291ba145c0ea5666f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | e5482dab72f0509473ab65f36ff9c925 |
| SHA1 | d7be6ae307b183138dbcf1a03e00891993176d06 |
| SHA256 | 729cdc2ed6c15d8a4b11c573267c36982af863bff7e8b07d5929e794485ef433 |
| SHA512 | 6d18d44041508f8ac30288f3aa8db2ee5cd28626cf11e35b39603c1d8a5d5db932ee9d5a940c46b1836b967387e5283e88d7c5c336d299f12f577e7e4812301c |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D69.tmp
| MD5 | 54dde63178e5f043852e1c1b5cde0c4b |
| SHA1 | a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd |
| SHA256 | f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d |
| SHA512 | 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45 |
memory/692-6611-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
C:\Windows\Temp\TmpF4E2.tmp
| MD5 | a254c7bc721b6e718446f5e2cb353862 |
| SHA1 | 4b09787f9d821173c508486c858f5a4adb86645d |
| SHA256 | 46929fe718e86ae6ddca0a7855282935392fe4cf98b00768cd73b68a3cf00a6e |
| SHA512 | 10e00f032ad81d691325c8f4cf264268c59c9c36f2f258e65f2410830ec5e277f5c863116bf00df7c07ae369a5a4eca2935cdb9d1d96501025e5f7c443f41544 |
C:\Windows\Temp\TmpFA04.tmp
| MD5 | 2855cb4a14433aa6c82402462a4754a2 |
| SHA1 | 70bd750ce3d1f0bcc1ddc6087b5eb99e6f3aa8a2 |
| SHA256 | 30b569325a385a2622369d725fb32def56229bb94b0879b3344ff01f008394d2 |
| SHA512 | 4866e10a68b4db966cebec5bca90d663491737d56c9ebe3622ca7aaaf37cf5dcfd0c3df24f121264e5f3793bcb0ebabe82d4b1f7ca777a1ec13ac86407c5b658 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | f05d6c9f4e1bea4d76cb4fa5d375c70a |
| SHA1 | a90762e742e39b5d928731bec9df3a12f4f2606f |
| SHA256 | 1282c3c2824bf103c3143c3e7ab094c42386c471217703cb6a6f810b9af3128c |
| SHA512 | 82d4d14aed157ac103842c1b9a30fc429aea27edf1ff631cf72b814a5de3ea851f2fe4090934157e67761824f7fe995d0e0d6e4ed8aa18ea58b5f754a5aad59d |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 5b06743a048afcad9362abf77779c656 |
| SHA1 | 064b644e7b92cd08db1238934ae7b39039e20932 |
| SHA256 | 1dc0039c41a8ff7917e3423b0a041b00b641df63ccc5582d838c4c0e0a8ffcbb |
| SHA512 | 623be153f7fd82aa2b2219b88a32b67fd9b46b3953d2563c0405ab724435a577c52635050fb2aa0788ad4aa7bf3c7cee3bc855d9320e285e077c036c5f65c1e2 |
memory/692-6782-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json.bak
| MD5 | 8ce616a9949bda55458eeafcf303415c |
| SHA1 | b76ea2977271a9eea6a8000bddbef2c3edc4dce5 |
| SHA256 | 7c8d26e8d6af986747b5c18d7b244a8da73c3164d263011b4a5ecf6ff4718e57 |
| SHA512 | 06429eff02f8519a2d5712fd6a5aa0d5d341c677b287002fcc761132f42454ff33b22ab21f0248aae8208cc235ee1233d84ebc18f65e53f8e10ff7edec81e12c |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 9d227b99067b398ce2d5dc5e10a9e8e1 |
| SHA1 | 7a71039a038df59eb5a34010d8643691ac0493d2 |
| SHA256 | 3f2ca21be115849e5feb34f6c0d8da0422131895d2dc6fff930c4f406be3b8b1 |
| SHA512 | 161beddaee289edd36ae4d6fda9447d91e12a9ec95201c0c5057695d986c7315894fe36a90f0878b507e579470a14eac5363fa39dcfe339ba6acb060f00a6a44 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 5c021a4126e21980eebf1b4095c8c801 |
| SHA1 | 2f9edc553958629e8d8c2c1224d454ea96852573 |
| SHA256 | 4d95196c74dd5501695a63cf9815b670d3d96d3812bc91dc71b263f56e924cf0 |
| SHA512 | df9fe7520809df57863c9823e04e6ea4e167342bf51a83a8214bb392613bed3738c009638a9cd0100c2b5c0da94c7812f04c99cc16f03f5407a25a3b293b2bd5 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\71bb63e8-566c-11ef-a3a0-d68c0a96ca30.json
| MD5 | 42f00553a3cda90d90e8120c24a3903d |
| SHA1 | ebdcf7d7c4f52c21887dac7a725c841fc18bf19b |
| SHA256 | b415aab087b80e7fa638c39a450383bbfef0d88d175523143a7eab59f98a8e04 |
| SHA512 | de671c715e11c0e98325e0fb040ab35373519cf4d63ecfe0f3fbd300c0a0ee01160a8da21d68b2a8088cee2a6a1e6ec6e6fa1996b00ab38906a32206bd0ca4af |
memory/692-6823-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 09ac049734f47d26a967aa52e9f9b7dc |
| SHA1 | dcadc7f3599df408a7ac7b9eaace944390dd743c |
| SHA256 | a8e5b0543d246b4f811479eb82c7470511eb2d59cc81ad77739a28ebe2777783 |
| SHA512 | fdd2c767860638f378062ea147b94a32955cdbee69cd588ba4a6e7963cb2eedf60b44d2f72e20917d0c6bee5f74aa5eb55abbdd95fef4683adb6479288efee3c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | f164bbeefee4a68a15e07b73584bee58 |
| SHA1 | 427791fd061dc01ca561fb46767a1fd2da613229 |
| SHA256 | b3e573c5c89457926a5bb12d2f4641e86db9e83b30cfb55dbb1aed2c737d7fbe |
| SHA512 | b798b009b1100061ae1283ce8133f538458def6a7f0dfbd643b356c45be80ba76dbb9914f3d6af0ca647ff9d60dd79d78dc87d0f0bc2a6383276189025bdb7d7 |
memory/5132-6981-0x0000000001280000-0x000000000146B000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | ef53b00522415de6cf8c125907f1aa1d |
| SHA1 | f396b92ac18d226461fa8e1541db672dc2746994 |
| SHA256 | bc76c253cf0863433a82fb0a7d47616540eed2d896800fbc8aca3e978b6c6aaf |
| SHA512 | 422a41f680b61fd4824ab7ca328f340bc4561967e7b2cd14ea7c28302eb3c3621b7ee4655020d8a8cb90292bb85821dea075fb665bc19f96d9d22136d3be884c |
C:\ProgramData\Malwarebytes\MBAMService\AdsInfoCls
| MD5 | 1e8ebfb090e59cac66589be1bf4b6b56 |
| SHA1 | 37bbbe2011bf1e443bb1ca16688a38498a0f9eb4 |
| SHA256 | d1627172e23e1e76df7ce2c90f033832befabd70a3b91285b5fa1917f530744e |
| SHA512 | 3d7a359c0b70a889397ba98841a139c1388842e89f8e983ad1666131b9a3c6d0348c4e98e3813ad107d5be76c2f2e187b7a8bb4c9713c3ec709368e8d154481e |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 4a00530579a5dd71e87020491c6514e1 |
| SHA1 | 01520160a848e7afe791a8e7f18686c9beb568c0 |
| SHA256 | a97a488f193289076522ac6b28b0c00d4786b5977429291aa8df535b8d4170b4 |
| SHA512 | 48df1afca847a36ec6a3de8e326ebf0a99fe73ef5e8e95117d1c219af1d436a12ce8f5005d6546094a2dd7a33769d2096e7d085afb6d780e6cf9383dbaece03e |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | fd9e89cc12948f34c73591ca45983fa9 |
| SHA1 | e556e16adecbe0be707c61f3a3b097ee40c315aa |
| SHA256 | 8ce6c418332f6a8678e6650adaa5ce9715f54e2e0dfa319cf6d4e3dbbbc81b61 |
| SHA512 | 2c478d6d5d7e7807019ece83f70e52f42b3d323894ec0b7a246f4eacf3fb90add93a15af9d0a4cdc080b9786216a48f68fd8bec59541256598382648f488b97a |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\ab74933e-566c-11ef-841e-d68c0a96ca30.json
| MD5 | 5435220b45583c3fedc2c4fbdefa40fb |
| SHA1 | a5275aa4aedd51610f74afb27289c26e40850a2e |
| SHA256 | d7a1639f863758f30ca5735128da3affe67785420a269e4135c78abc30574683 |
| SHA512 | 725a6ffa125e6512beff9c58c7026298d5ddea64a74ad31c6a0445d4e4f39698959de5446e3bcf91882e4d7c1e3e315843ebacc0a66b1fde4dfd5e7ff9719699 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 3b831f8df4a3329c31a57ecebaeb2aad |
| SHA1 | dc5e6efec02125b4d554bb8adea3ce9a4e525247 |
| SHA256 | f2e595547f7a948562e41b0c6827106087e8d8be931b0680a7c03da06649d2df |
| SHA512 | 98ca51a802d2b35928ac3f4e85832fdd629ddb607641519ef1dd822cdb0eba9cd316199642d603356013fbf156f6b6192c9b8aa391902bfa3055c5e0088d137c |
memory/692-7094-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
memory/692-7099-0x0000019B9EAD0000-0x0000019B9F022000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 3bcf0e69b316d43bfedb950b2f60cbd4 |
| SHA1 | b1818354e5672c82a8d7fdd27a2a920e834417b6 |
| SHA256 | 3dab71987d0274352504b42b7e90a3cbf1b1aedc4593dbbcb22946db28c3f8f3 |
| SHA512 | 51276abb6ca4166d724c80bb101638658e5f3678b8670e585e0cdb55b01eb6744803efb6278923ade3555cc88d84b7fc360169aea7f9a8a15e463306e1fab6dd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\b4cd26fc-d843-4e2e-9118-cf892166317f\0
| MD5 | 1073e757fc71b26db6ab725bb7d2498c |
| SHA1 | caec5dfc64b5826042bdedba20adc228bfa5b657 |
| SHA256 | 2b2fbdc7cec2c59c3e7c512a76e827e6121bdea176488d44a9783d90d0d444de |
| SHA512 | cd2e5868004a7aa44b202104face31910a0629d89146b779826957e716775e638defcdb2da21ed3fd2a83b88f08d8db28086888f97388f969c11b27fe972f69f |
C:\Users\Admin\Downloads\MrsMajor2.0.7z.crdownload
| MD5 | 81041a562190fe49c0fac248638b2d04 |
| SHA1 | 755d8426f18e3f0ad8e28d4655468d8cfdac67bf |
| SHA256 | 0d64e4fe519291c901b67944d9215f6254552c7ea5d12cc4fc930ab58c7ca268 |
| SHA512 | e482702b08e401de88c67a703cb1612831f0cbc9365eb2e634602712bed6ad6cfae30dd820d96001c49100420bc457af083e7c09d79d825e87fe231cc0646eb2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ed24e470b6da31955a601e2adb2b40fb |
| SHA1 | d7dfae91d4ae58d9afa05aa01556fd0836f3da06 |
| SHA256 | 8708806f89e3fd17e07807a7020b8d63f7d203aa2ab0d564c76b5fbe9a597f01 |
| SHA512 | ac5cafd40d65373882d39461bc6a5f23935087d07da772b34afb53d4f7deb61fc1ac50aeaa5dfc8a0187a209df9513fe8013c4065d20dc61986232329e99ea46 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 30c89044ac85ad0532026c514810ef16 |
| SHA1 | e8dbf7d95d116dddf44a7b448000b678516e38c1 |
| SHA256 | 3f9ea236275193cfc3912d81147acc02cb1afae3d2a115de6c00873b121532df |
| SHA512 | 5637a526df59066a957cfcfcc2d8899232cb2d3aa68f6e5c3a18b340df7c849017e2fab1599ed3a1997d02dec774913e88a0c3dc58342c0f209a36dec2fe3ab4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d3e62988269ae3e1dfd08882cee12770 |
| SHA1 | 79dd75398bd62953feb7dfbf533ae88b87793abc |
| SHA256 | 1f20c6dfd73d050c204ae528e4ea9abac3dfb87d93e65b69cd45d4d0e0b099e4 |
| SHA512 | b1efd57064fe7f923dc1bd1863d9861363ca9b6deeaca6454f93eada0ffb5a214886f0ae5b631ceec00ed265b9a80ca681636e4742e210fca70d19a8d045676a |
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
| MD5 | 57f3795953dafa8b5e2b24ba5bfad87f |
| SHA1 | 47719bd600e7527c355dbdb053e3936379d1b405 |
| SHA256 | 5319958efc38ea81f61854eb9f6c8aee32394d4389e52fe5c1f7f7ef6b261725 |
| SHA512 | 172006e8deed2766e7fa71e34182b5539309ec8c2ac5f63285724ef8f59864e1159c618c0914eb05692df721794eb4726757b2ccf576f0c78a6567d807cbfb98 |
C:\Program Files\MicrosoftWindowsServicesEtc\example.txt
| MD5 | 8837818893ce61b6730dd8a83d625890 |
| SHA1 | a9d71d6d6d0c262d41a60b6733fb23cd7b8c7614 |
| SHA256 | cc6d0f847fde710096b01abf905c037594ff4afae6e68a8b6af0cc59543e29bb |
| SHA512 | 6f17d46098e3c56070ced4171d4c3a0785463d92db5f703b56b250ab8615bcb6e504d4c5a74d05308a62ea36ae31bc29850187943b54add2b50422fb03125516 |
C:\Users\Admin\AppData\Local\Temp\xRun.vbs
| MD5 | 26ec8d73e3f6c1e196cc6e3713b9a89f |
| SHA1 | cb2266f3ecfef4d59bd12d7f117c2327eb9c55fa |
| SHA256 | ed588fa361979f7f9c6dbb4e6a1ae6e075f2db8d79ea6ca2007ba8e3423671b0 |
| SHA512 | 2b3ad279f1cdc2a5b05073116c71d79e190bfa407da09d8268d56ac2a0c4cc0c31161a251686ac67468d0ba329c302a301c542c22744d9e3a3f5e7ffd2b51195 |
C:\Users\Admin\AppData\Local\Temp\runner32s.exe
| MD5 | 87815289b110cf33af8af1decf9ff2e9 |
| SHA1 | 09024f9ec9464f56b7e6c61bdd31d7044bdf4795 |
| SHA256 | a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4 |
| SHA512 | 8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc |
C:\Users\Admin\AppData\Local\Temp\thetruth.jpg
| MD5 | 7907845316bdbd32200b82944d752d9c |
| SHA1 | 1e5c37db25964c5dd05f4dce392533a838a722a9 |
| SHA256 | 4e3baea3d98c479951f9ea02e588a3b98b1975055c1dfdf67af4de6e7b41e476 |
| SHA512 | 72a64fab025928d60174d067990c35caa3bb6dadacf9c66e5629ee466016bc8495e71bed218e502f6bde61623e0819485459f25f3f82836e632a52727335c0a0 |
C:\Users\Admin\AppData\Local\Temp\eula32.exe
| MD5 | cbc127fb8db087485068044b966c76e8 |
| SHA1 | d02451bd20b77664ce27d39313e218ab9a9fdbf9 |
| SHA256 | c5704419b3eec34fb133cf2509d12492febdcb8831efa1ab014edeac83f538d9 |
| SHA512 | 200ee39287f056b504cc23beb1b301a88b183a3806b023d936a2d44a31bbfd08854f6776082d4f7e2232c3d2f606cd5d8229591ecdc86a2bbcfd970a1ee33d41 |
memory/6428-7296-0x0000000000190000-0x00000000002CC000-memory.dmp
memory/6428-7297-0x0000000005090000-0x000000000558E000-memory.dmp
memory/6428-7298-0x0000000004B90000-0x0000000004C22000-memory.dmp
memory/6428-7300-0x0000000004C80000-0x0000000004C8A000-memory.dmp
C:\Windows\System32\Taskmgr.exe
| MD5 | bcb0ac4822de8aeb86ea8a83cd74d7ca |
| SHA1 | 8e2b702450f91dde3c085d902c09dd265368112e |
| SHA256 | 5eafebd52fbf6d0e8abd0cc9bf42d36e5b6e4d85b8ebe59f61c9f2d6dccc65e4 |
| SHA512 | b73647a59eeb92f95c4d7519432ce40ce9014b292b9eb1ed6a809cca30864527c2c827fe49c285bb69984f33469704424edca526f9dff05a6244b33424df01d1 |
C:\Program Files\MicrosoftWindowsServicesEtc\NotMuch.exe
| MD5 | 87a43b15969dc083a0d7e2ef73ee4dd1 |
| SHA1 | 657c7ff7e3f325bcbc88db9499b12c636d564a5f |
| SHA256 | cf830a2d66d3ffe51341de9e62c939b2bb68583afbc926ddc7818c3a71e80ebb |
| SHA512 | 8a02d24f5dab33cdaf768bca0d7a1e3ea75ad515747ccca8ee9f7ffc6f93e8f392ab377f7c2efa5d79cc0b599750fd591358a557f074f3ce9170283ab5b786a1 |
memory/2744-7316-0x0000000000610000-0x0000000000634000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 8cdfd9fe99d685f01718371528d7ac55 |
| SHA1 | b40a899a451c657d4acb06cf595fbf2a0bef5052 |
| SHA256 | 2b402102f350a3045c746051fa80e64a3906e2e0529c2a1e8383e55617d71201 |
| SHA512 | e1e1d1404f54c7c9f1f532c751a9056e374664be1f211c2574c7e3387bb391e72f501a1af30757f866c80a3fafb19624d55398b96382d655b62ce187acdf9f91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3b9c565258be8073b6608c5eacf92abd |
| SHA1 | c7ca079492bb7a46c2cfa3b3ee6193e69c9ad62e |
| SHA256 | c425d89f7cc2cde9364370d32cacfb39b47104e200fe2ec40e81dbb562d27ff2 |
| SHA512 | 21f197ae47bd613ca4aa94f2a09ca96743d7523eb458baf068ec4804fa6c1605a1b515bcaa7d76a0623f39f4a5a22a1ea819fe4a32700290a5a38a52fec996a4 |
C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
| MD5 | fb5eb658d8e700c387f58fbd9b9d1369 |
| SHA1 | e59dce1faba4b063bb2334055fe6706c54e25861 |
| SHA256 | 924e80b96280daa663f96812d2a4d76849355a94b22deb55950a437d96f2099a |
| SHA512 | 34fd8a84fce7024673732c162d7046cf298d16a8792d4fecc9182c924d76cab6f5850d0e8c8d3212822161a6ccfbbfaf677ea256c4f9371a2aced5ff41730263 |