Analysis Overview
Threat Level: Known bad
The file https://github.com/TheDarkMythos/windows-malware was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Modifies WinLogon for persistence
Suspicious use of NtCreateUserProcessOtherParentProcess
Modifies RDP port number used by Windows
Drops file in Drivers directory
Downloads MZ/PE file
Disables Task Manager via registry modification
Sets service image path in registry
Possible privilege escalation attempt
Disables RegEdit via registry modification
Impair Defenses: Safe Mode Boot
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Modifies system executable filetype association
Checks BIOS information in registry
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Modifies file permissions
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Checks installed software on the system
Drops file in System32 directory
Drops file in Windows directory
Drops file in Program Files directory
Browser Information Discovery
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Script User-Agent
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies system certificate store
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
System policy modification
Modifies Internet Explorer settings
Modifies Control Panel
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-08-09 18:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-09 18:21
Reported
2024-08-09 18:26
Platform
win10v2004-20240802-en
Max time kernel
251s
Max time network
262s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\MicrosoftWindowsServicesEtc\\xRunReg.vbs\"" | C:\Windows\system32\wscript.exe | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 1904 created 3428 | N/A | C:\Users\Admin\Downloads\MBSetup.exe | C:\Windows\Explorer.EXE |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Disables RegEdit via registry modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" | C:\Windows\system32\wscript.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\farflt.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\MrsMajor2.0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation | C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Loads dropped DLL
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
| N/A | N/A | C:\Windows\System32\icacls.exe | N/A |
| N/A | N/A | C:\Windows\System32\takeown.exe | N/A |
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\fileico.ico" | C:\Windows\system32\wscript.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MajorX = "wscript.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\xRun.vbs\"" | C:\Windows\system32\wscript.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netjme.inf_amd64_752bf22f1598bb7e\netjme.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ff92c03d-bd03-7449-ae36-0d5d4df374c2}\SET3407.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\sethc.exe | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmyk64.inf_amd64_1f949c30555f4111\netmyk64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netavpna.inf_amd64_f6f0831ba09dd9f5\netavpna.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\wnetvsc.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw08.inf_amd64_7c0c516fb22456cd\netwtw08.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr7364.inf_amd64_310ee0bc0af86ba3\netr7364.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ff92c03d-bd03-7449-ae36-0d5d4df374c2}\SET3406.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwbw02.inf_amd64_1c4077fa004e73b4\netwbw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net9500-x64-n650f.inf_amd64_e92c5a65e41993f9\net9500-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwifimp.inf_amd64_ec11d0ad3c5b262a\netvwifimp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{ff92c03d-bd03-7449-ae36-0d5d4df374c2}\SET3408.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvm64.inf_amd64_35bbbe80dec15683\netnvm64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1ic64.inf_amd64_5f033e913d34d111\net1ic64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\229169D96B9C20761B929D428962A0A2_FC65190A8D1232A1711F16F9F20C5149 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_FBEAFB4EE7383EC8E0A3A2C1EC7FCEAC | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Numerics.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.DispatchProxy.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceModel.Web.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-processenvironment-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.TypeConverter.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.cat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Drawing.Common.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sdk\mbam.inf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.ServicePoint.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\System.Windows.Forms.Design.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\System.Xaml.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Windows.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\35781d78-bcd4-4892-87d8-bf38b560d3a4 | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Xml.XmlDocument.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\malwarebytes_assistant.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\ig.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.DependencyModel.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.batteries_v2.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\WindowsBase.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Services.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Mail.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Ping.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Intrinsics.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.EntityFrameworkCore.Abstractions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Serilog.Sinks.File.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.RegularExpressions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\xRunReg.vbs | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Numerics.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\program files\MicrosoftWindowsServicesEtc\WinScrew.exe | C:\Windows\system32\wscript.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-datetime-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-localization-l1-2-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Linq.Expressions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Reflection.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hant\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eula32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\MrsMajor2.0.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\Cursors | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\MicrosoftWindowsServicesEtc\\data\\excursor.ani" | C:\Windows\system32\wscript.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2D56B7B-4B87-45A1-A6D3-5C77035141A6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55E4B8FB-921C-4751-8B2D-AE33BD7D0B74}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{79D77750-02E0-4451-A7BB-524ACD93DD93}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{78FA6928-BE8F-4D5D-89EB-761D364A909E}\TypeLib\ = "{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DE6A4256-97CD-4DBB-9D4A-3054B0BB0F8B}\ = "ICloudControllerV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DFD7E94-47E6-483A-B4FD-DC586A52CE5D}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1A173904-D20F-4872-93D5-CBC1336AE0D6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C4652FC-FA35-4394-A133-F68409776465}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{118F4330-CAF5-4A54-ABB0-DC936669ED2F}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94E6A9DF-4AAB-48E7-8A94-65CA2481D1F6} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8C842243-BDAD-4A93-B282-93E3FCBC1CA4}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{239C7555-993F-4071-9081-D2AE0B590D63}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4F3822FA-CCD5-4934-AB6D-3382B2F91DB9}\ = "ICleanControllerV5" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EAD7766B-F8F3-4944-AFE6-5D667E535709}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8E1F91DE-30AF-469B-9A09-FCF176207F0F}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3F656FD9-2597-4587-8F05-781C11710867}\ = "_IScannerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{115D004C-CC20-4945-BCC8-FE5043DD42D0}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DEBAD4E-3BAF-44F0-9150-BCCCC3801CF9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08927360-710B-483B-BEEC-17E51FF84AF9}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\ProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A30501F-26D0-4C5F-818A-9F7DFC5F8ABC}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D8891F9E-90C4-4B3D-B87B-92DEA9221EBB}\TypeLib\ = "{226C1698-A075-4315-BB5D-9C164A96ACE7}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.ScanController.1\CLSID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B1BDE8B0-F598-4334-9991-ECC7442EEAA6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83D0C30B-ECF4-40C5-80EC-21BB47F898A9}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A3D482C3-B037-469B-9C35-2EF7F81C5BED}\ = "IRTPControllerV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C871BA6-4662-4E17-ABF4-3B2276FC0FF4}\ = "IPoliciesController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79D77750-02E0-4451-A7BB-524ACD93DD93}\ = "_IMWACControllerEventsV11" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2DFD7E94-47E6-483A-B4FD-DC586A52CE5D}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9B34A461-332D-479F-B8C4-7D168D650EBD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}\1.0\0\win64\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\\2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1047E9-9ADC-4F8A-8594-036375F53103}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6C1047E9-9ADC-4F8A-8594-036375F53103}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2E404A3-4E3F-4094-AE06-5E38D39B79AE}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F1E58D1A-2918-4508-908A-601219B2CCC6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A3D482C3-B037-469B-9C35-2EF7F81C5BED}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2F14F58B-B908-4644-830F-5ACF8542D27F}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ADCD8BEB-8924-4876-AE14-2438FF14FA17}\ = "IPoliciesControllerV5" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.ScanController\CurVer\ = "MB.ScanController.1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A2D4A69C-14CA-4825-9376-5B4215AF5C5E}\ = "IUpdateControllerV4" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{620A01DD-16D2-4A83-B02C-E29BE38B3029}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C510D99-F27D-457F-9469-CFC179DBE0C7}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCEFCD43-B934-4168-AE51-6FE07D3D0624}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.VPNController\CurVer | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9185897A-76F4-4083-A02C-5FFC2A51F6D4}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{638A43D2-5475-424B-87B8-042109D7768F} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AC5390D0-3831-4D42-BD1D-8151A5A1742C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{929A5C6C-42D7-4248-9533-03C32165691F}\ = "ISPControllerEventsV3" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{78FA6928-BE8F-4D5D-89EB-761D364A909E}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{346CF9BC-3AD5-43BA-B348-EFB88F75360F}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{346CF9BC-3AD5-43BA-B348-EFB88F75360F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.LogController.1 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6C1047E9-9ADC-4F8A-8594-036375F53103}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EABA01A8-8468-430A-9D6E-4C9F1CE22C88}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4BDE5F8-F8D4-4E50-937F-85E8382A9FEE}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{36F3C7D7-BCB1-4359-AB71-0CB816FE3D38}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/TheDarkMythos/windows-malware
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc0b68cc40,0x7ffc0b68cc4c,0x7ffc0b68cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1820 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2484 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2104,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2628 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4576,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4760,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5164,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5184 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4904,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4392 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4736,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5512,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5456,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5528 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5792,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "0000000000000158" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5500,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5636,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5492 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5964,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5976 /prefetch:8
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5936,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5788 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5524,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5664 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5952,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5788 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5828,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5568 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5848,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5788 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5876,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5868 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3276,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6000 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6156,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6136 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6324,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6332 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6160,i,2865139054829787634,13187174977693617053,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5492 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\Install.exe
"C:\Users\Admin\Desktop\Install.exe"
C:\Users\Admin\Desktop\MrsMajor2.0.exe
"C:\Users\Admin\Desktop\MrsMajor2.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\42A3.tmp\42A4.vbs
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd "C:\Users\Admin\AppData\Local\Temp" & eula32.exe
C:\Users\Admin\AppData\Local\Temp\eula32.exe
eula32.exe
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1\9F98.bat "C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe""
C:\Windows\System32\takeown.exe
takeown /f taskmgr.exe
C:\Windows\System32\icacls.exe
icacls taskmgr.exe /granted "Admin":F
C:\Windows\System32\takeown.exe
takeown /f sethc.exe
C:\Windows\System32\icacls.exe
icacls sethc.exe /granted "Admin":F
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe
"C:\Program Files\MicrosoftWindowsServicesEtc\notmuch.exe"
C:\Windows\System32\shutdown.exe
"C:\Windows\System32\shutdown.exe" -r -t 5
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38e2855 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| NL | 172.217.23.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| NL | 172.217.23.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | udp |
| NL | 142.250.179.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | malwarebytes.com | udp |
| US | 192.0.66.233:443 | malwarebytes.com | tcp |
| US | 192.0.66.233:443 | malwarebytes.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | api.weglot.com | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | cdn.weglot.com | udp |
| US | 104.18.6.32:443 | cdn.weglot.com | tcp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 104.18.7.32:443 | cdn.weglot.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 107.21.31.233:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.6.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.7.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| NL | 172.217.23.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| GB | 79.127.237.132:443 | plausible.io | udp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.29.127:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 233.31.21.107.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.86.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.29.18.104.in-addr.arpa | udp |
| NL | 172.217.23.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | js.driftt.com | udp |
| GB | 13.224.222.32:443 | js.driftt.com | tcp |
| GB | 13.224.222.32:443 | js.driftt.com | tcp |
| GB | 13.224.222.32:443 | js.driftt.com | tcp |
| US | 8.8.8.8:53 | metrics.api.drift.com | udp |
| US | 8.8.8.8:53 | conversation.api.drift.com | udp |
| US | 8.8.8.8:53 | customer.api.drift.com | udp |
| US | 8.8.8.8:53 | targeting.api.drift.com | udp |
| US | 8.8.8.8:53 | 32.222.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bootstrap.driftapi.com | udp |
| GB | 18.245.162.27:443 | bootstrap.driftapi.com | tcp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| GB | 18.172.153.22:443 | api.company-target.com | tcp |
| US | 54.147.21.139:443 | targeting.api.drift.com | tcp |
| US | 8.8.8.8:53 | 71521-21.chat.api.drift.com | udp |
| US | 35.170.36.119:443 | 71521-21.chat.api.drift.com | tcp |
| US | 8.8.8.8:53 | 22.153.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.21.147.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.162.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | presence.api.drift.com | udp |
| US | 8.8.8.8:53 | event.api.drift.com | udp |
| US | 52.0.218.127:443 | presence.api.drift.com | tcp |
| US | 8.8.8.8:53 | 119.36.170.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.28.127:443 | privacyportal.onetrust.com | tcp |
| US | 104.18.6.32:443 | cdn.weglot.com | udp |
| US | 8.8.8.8:53 | 127.218.0.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.28.18.104.in-addr.arpa | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | downloads.malwarebytes.com | udp |
| GB | 216.137.44.109:443 | downloads.malwarebytes.com | tcp |
| GB | 216.137.44.109:443 | downloads.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | data-cdn.mbamupdates.com | udp |
| GB | 13.224.81.5:443 | data-cdn.mbamupdates.com | tcp |
| US | 8.8.8.8:53 | 5.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.44.137.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 54.191.16.183:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 183.16.191.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 54.89.133.151:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 151.133.89.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.46.156.108.in-addr.arpa | udp |
| US | 54.89.133.151:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 54.89.133.151:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.38:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 38.46.156.108.in-addr.arpa | udp |
| US | 54.89.133.151:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 54.89.133.151:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | 3.69.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| NL | 172.217.23.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 34.234.10.61:443 | holocron.mwbsys.com | tcp |
| US | 34.234.10.61:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 61.10.234.34.in-addr.arpa | udp |
| US | 34.234.10.61:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 95.100.245.144:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 34.234.10.61:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 34.192.231.38:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.231.192.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| NL | 172.217.168.195:443 | beacons3.gvt2.com | tcp |
| NL | 172.217.168.195:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 195.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 52.20.107.115:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 23.21.92.250:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 18.172.89.33:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 115.107.20.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.92.21.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.89.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.com | udp |
| US | 104.18.38.233:80 | ocsp.trust-provider.com | tcp |
| US | 8.8.8.8:53 | crl.trust-provider.com | udp |
| US | 104.18.38.233:80 | crl.trust-provider.com | tcp |
| US | 8.8.8.8:53 | www.intel.com | udp |
| GB | 23.211.239.194:80 | www.intel.com | tcp |
| US | 8.8.8.8:53 | certificates.intel.com | udp |
| GB | 92.123.143.233:80 | certificates.intel.com | tcp |
| US | 8.8.8.8:53 | 194.239.211.23.in-addr.arpa | udp |
Files
\??\pipe\crashpad_4384_HSLONCRQATRPRYBB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 686769fc83a35a11dbc4aac12902b184 |
| SHA1 | 167f8b99e95d6ec30bd7d0143d91ff58b76e187e |
| SHA256 | 4c9b0cc90667910718d473a3e5627cb9f9ab2b0840ebdb2a49759bd93bb97e85 |
| SHA512 | 543d4eeb0acdf3389608c5dd1472afad6833a8a2ad1bc30ae3e108a22f6f9ec23ce71ca1aaef19e825ba9033ec9033d210ce6d81b84230e521e165c8b1a1d086 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 819c3a010e4518844ac33e235e0c8a85 |
| SHA1 | df2b7d6a90dd1d899fae5a9f379865ebcd00dd27 |
| SHA256 | b61643206be24dfb79b11ae23bf4655f63f44cc7b19653eec3445d6c07fa3aa8 |
| SHA512 | f910069433fc3989eea9e46b63e10f3e6bda04f7bdd6d4420adffeb593822ab2551188284dc2e9d20070b916cd4b5ef0e8072a764929683fee2c2c097cb61f2f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | aad4796bf4b82ccaf4b79c00f688a3aa |
| SHA1 | 0f96cf14a9eb153ef2d67e4929d6ee253812cd27 |
| SHA256 | 7bb5f04d2c0f6fe13db7714e102192eab155cb2fc73e6a8aaf65b3111f6f8c38 |
| SHA512 | 3c14ad1635b135d42ae1b605cbf4f96cb9eff79de13e00cce06bbe535bc6aa1d656baabc8f7df8862dd286739c521231cd3750beb930798fdacd92c512534f6c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\01dce4e4-f020-41f2-a79c-d9d9d1d533db.tmp
| MD5 | 145e0fa683f9defb48553d7ad559087d |
| SHA1 | aab2bce052f6f086e3cd724a967d8ead869dbbde |
| SHA256 | 9a54b6b0e4d65f583b38357744765b69133f7bd70a9ed6d34dcf396a16495e4d |
| SHA512 | 74a3e369e01cb6aa62e314970765f3152f01f87c4613611286850a79675e939f6692c45423b690dfbffd6cf4a9e58be983aae03d84687fdd914eb4f532f282d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 98f44b114fcf90661fd1b30140e1997d |
| SHA1 | cc778425c463b53680cd2d12e1f2dee669a99327 |
| SHA256 | 92b881cc7098aeab009e3d6ba6afb3d43efcca8ebb427021dbb94fa2e6313254 |
| SHA512 | 18037e836c8a607fed38472b63727796d0d30513840663fee1b59268c93c8d1a0c875d09ccb3c0aef745c0e5c43a0aec5e88e40a6af90874c7f5a333757becc0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9e3d42c015e7719ebc2ae261b5d9443a |
| SHA1 | 73fdc8add6713b5df7a533643df8018635da4cc0 |
| SHA256 | 408afc535ff506b8391a3168a6906c536f951a4934ae7645ce9783faccde614f |
| SHA512 | 6c729573c883d74ec8d99745d8e7b8ff0553057a49681dc7addf802cf4b5a0e5571cb9e35769d199276e102f8dd4df431d05f50c625db21851da96b9c485b744 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | de2eaad1ff09afde40d495dfcc8a4bff |
| SHA1 | 60c09d5d0dc77b568ce1b11a94151610f1dbdd6c |
| SHA256 | 29ba5cd3aa8e47d9625b0bea00cded078bc09b3b13bcf664564f2c6c4b469811 |
| SHA512 | dbe2e9f3094f28ed882924f01772c7e06b1db62d743ed1c1d39e3fa39f9869ee0e983bf15d3b599836528b98ff95bc1e39ccf3531c30c5438e5ad7723d005af5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6844455c6551aff4f7bc6e06f42dacc5 |
| SHA1 | 68eaa4fc08a0f85344a7a5c1d6150f823d401df3 |
| SHA256 | 9e75fc1363b03fad2db24e2069bc79cd473d81e659172588131c4fb236237d70 |
| SHA512 | 0b48bc9d0774905f1e7efe4af425694ddad8481386e8ad8f3e811dc30a1f3938befd6f80da479ec5ee8f0f6ac2e72d037f7fc0bd4346d09986354d444f606427 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d4d55727c3cfd160b025e26a6fa9ac02 |
| SHA1 | fae4e517e73b40a60a8ae0181a992381a3f9ed86 |
| SHA256 | f6b8f62be8aa337efb7910157fc8eb735dfc4a4280e5fc928601cb87dc4ef47f |
| SHA512 | 73c464909ef3e4fa514c04e7b65baf61eb6ad778b0b5d8a73b9d8ac9a4ec01b4bc9e733502b62bf8f44cac021a89b314a9ce5ac79862e126126a02bf8fe8abda |
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | d21bf3852bb27fb6f5459d2cf2bcd51c |
| SHA1 | e59309bbe58c9584517e4bb50ff499dffb29d7b0 |
| SHA256 | de9c4e8b4b0c756eee4e39221c1e4e0e11c2e67effb828e27de3c4b4470ccff2 |
| SHA512 | 17bc7740f131a1d4e84fd7e4ab5e1ce510660f5046340ef6d09ef99c56c88da2b6be3ae5c5ddb7213841c506eaec147c65abba1a7a2a8eb4fb8f6329bbaa03d1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 783474b89ee6b5076307fae856653992 |
| SHA1 | b833e2f439b9b65ddd8c2b134e8bf3b13e192993 |
| SHA256 | 54aa0a3f336363fe0e833dafbc8a779cdc50bb8b701444209d8e396f5db0d104 |
| SHA512 | 6ffda9d15a5bbd2ca470a060d0c4388010096bfe68534acf799522fc9fa0499619e6c51266873749d51ab62ab25d42ed493a9a5619a8711a5bdeb7135e5e7e12 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 3d56ea79d54a8531db770a452b45a450 |
| SHA1 | 755c756db9328b3cff2d1447004de17dd1d25c39 |
| SHA256 | 66f5e3ee50111faa629734b239e958af8cc158a2cb455161e3ecff5b2c1e3f55 |
| SHA512 | e68d8e7258377bc1a4eb7cf5470aad25fe10c2ddb621266ee003fa0eeaf58411ba5cc5410e28d934fca6b2dda19532a83dc9b30be0f7022b43fa075bd6dbe71f |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | 4dc92b52e48b9a7e209307def43f0fa4 |
| SHA1 | ba0640d5afd2d5b07fdfca4d2a37a1208bda1b94 |
| SHA256 | 461727e42566cd84e4161d5332131956041e02e3d81cfec07c22862fa4b6d3d4 |
| SHA512 | cb1b2f63befed99c26a5f4912f5e9e7a315f75414097e66a2c2768573425129d18245e515d2bf38e352eefd78d0e61407d43a09993edf0aec6e2ff7c296d0d8d |
C:\Windows\Temp\MBInstallTemp6852eb2f567c11efa5c7ce3473c70610\7z.dll
| MD5 | 3430e2544637cebf8ba1f509ed5a27b1 |
| SHA1 | 7e5bd7af223436081601413fb501b8bd20b67a1e |
| SHA256 | bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa |
| SHA512 | 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3e1991be0f2de89056ed20a40d6feab5 |
| SHA1 | 40517f4f5e566eef80f2cbe13af1cf3763c2257a |
| SHA256 | 3501007504447a9910746f56809511cc5a55d64bfae4b2a66aac881afbea6804 |
| SHA512 | 18608473642e10b1073d7fe14a5f79e2a2143130a824467898efad876ac66887b95618e4029dce0b39da57c74b1d56856396a80d0f2f4044f49642091d6b2bfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 95b3ac858a4ae00b4efa5394df505ee7 |
| SHA1 | 602fac7a8b128b2e7220ffe925db61e998c45a07 |
| SHA256 | 973837c291287e2fb5186b04817c3fa357f8a6c111ffa76d1fa671ba5e61a711 |
| SHA512 | 76eb3ab3364e5f39e8f1709afa5e8d9cd963f4bc878013f4b17411efa2a848d45e95345ac33c028d98a65f35dc438cfa4578856a7152e16453448dc07c4d232a |
C:\Windows\Temp\MBInstallTemp6852eb2f567c11efa5c7ce3473c70610\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp6852eb2f567c11efa5c7ce3473c70610\servicepkg\MBAMService.exe
| MD5 | 2d49262ee00ca948aefc1047d65bca56 |
| SHA1 | ae60524cd5d0fc2e8f32b38835667871747db3fb |
| SHA256 | 6931bb215c086739a7b2ab089a8bd9cd4b2acbb9f44a32ec1b420f216f6ff782 |
| SHA512 | d069d4f20d69aa102438f1779f6222cfef7967733cce8d744bf6121e8e22bfc8dee4ee6887cf13e17ea173a0db4c52e3009fe85b861f5c7622294b63b366877a |
C:\Windows\Temp\MBInstallTemp6852eb2f567c11efa5c7ce3473c70610\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp6852eb2f567c11efa5c7ce3473c70610\dbclspkg\MBAMCoreV5.dll
| MD5 | 65a49aa18cfaa688a43a62e2821fbd77 |
| SHA1 | 2ff08fd8149e1202e580dad63f7ac1fe3130464e |
| SHA256 | 7dc3f946efc0cba5e4e6285bb0c77c20e04ae473f41ba58ac1a7ee539168e6ee |
| SHA512 | 4e0a6c1491f398ad9ed4a0004b0e6e0c6a29693f7c225d93d567ad356a9a6423b35cafe2ae5dbd8bdce9b034b35055ec1c3e5248a09a3a209116ed1f7e62aea1 |
C:\Windows\Temp\MBInstallTemp6852eb2f567c11efa5c7ce3473c70610\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Windows\Temp\MBInstallTemp6852eb2f567c11efa5c7ce3473c70610\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp6852eb2f567c11efa5c7ce3473c70610\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | a58601a3ccc71c69736ff3f16e3faa50 |
| SHA1 | 4ef363a438a28e0c966f055f89788c9292b8e091 |
| SHA256 | 3edae4348be02e88de39aed7fce3aa4e781afb6b7728121777066ef9b9b17555 |
| SHA512 | d23ae01eb0824a7e1865f9a7389bac349373a90ded9e46937f331bb44aa4e9b275efd795b346270497fa67f2afb9624c8a088cf923e3029090ddda11c8ad6ca7 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | ff55b92da0100783e29683ba226a6a96 |
| SHA1 | 29de03346703b4280a0d016bbb6b7da03487a4f9 |
| SHA256 | f36144ce786daa8de23831ca21dd0ea7c02afaafc7d20a8a4d3703918a16c162 |
| SHA512 | dd1ced0c037bfa7e82e8980ff8336e192cdad52246bccbb85332e9b0533e4adc991168cbd16aff7c37f5418162533d9fd93ab4cacf9d6538cced53b8fec63122 |
C:\Windows\Temp\MBInstallTemp6852eb2f567c11efa5c7ce3473c70610\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | 8ab4bc82e82532fb96a9728108a9c92a |
| SHA1 | d35809e4c3af89da89fcad7fa574f4a5639b12a7 |
| SHA256 | d0feacf958ee97b742555222ec60ad2ed2486780bc460036de28386a87e6f54f |
| SHA512 | e4cf3ce00c8f26161a528df38242b48d9847265a9d057265213a57b01afba9844d22b916b7352ddd6abeec32fb57a5ea426c22558317066b082a4a9a672cb12a |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | 08c0520c18431ff523091aaf8bb38fb9 |
| SHA1 | fd864c138b0cb68c361e754a463bc34a87fb3fd5 |
| SHA256 | 7365b33553803ebbda706e612d72f0cb6c255fe4326454fc46e6b805d9af3b29 |
| SHA512 | b87dd80762dc8d7209947eba125a8a09dd3aef005910cc2da044615d906916b91cf1a475ea489222c809ca7170fc1b5c192b210c34cb4d4fdcbde2f2b49a45da |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | fb9fa4503ce4a91d31b72f0eb72d970f |
| SHA1 | bac32e4425a34d5be1dc34f062b93886cb8dbd9d |
| SHA256 | e26c8dabf1b16bea4ea3f5f66ed282b9dc3fd4a74535753a5b690a6a09a4a286 |
| SHA512 | d4725826b0f53a3c4ac1dc1ecd30d060e4991ceadcef3740854ffef43bdc0350cd418cab811f17887056e801d0775c2a0899ac7cfff2193bc8dbe203c4114ccd |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
| MD5 | 2bbf63f1dab335f5caf431dbd4f38494 |
| SHA1 | 90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0 |
| SHA256 | f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364 |
| SHA512 | ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0a0ec885ca89abeda15064725b442794 |
| SHA1 | f5f5f299217a22e30c17af588f089a7524789bcc |
| SHA256 | d474259b5831a7df3c11eacc4d0c0f0ac46067cb24f2c2bac94cd5d94fbb06aa |
| SHA512 | 70055e49279966ae75be66a00eb6fdaa8fc857f17ad457aa8b434afd148904d716a13ddb2df58a0858b4509f5609c22ca921e269d985e298b95bd96c38b9e94d |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | fe107a64296bb1acfff38ca5147bb38d |
| SHA1 | 7d7f8e4f941ed2b896fe0135487ec2ce7ed5990f |
| SHA256 | 8e56b0ab2b1b6b0f82585df91d3a5dff95f0de7ace2367ceb6ee4f5b03109ed0 |
| SHA512 | 77c7faada8786db87caa712a09a327370c3a5cc8d0970ca133c4299ab0cbb87e467c6013234c78b55a1921553879a3ccfe45011a40c1fe1b138ba2b0cc94ae3e |
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
| MD5 | 2ccb84bed084f27ca22bdd1e170a6851 |
| SHA1 | 16608b35c136813bb565fe9c916cb7b01f0b20af |
| SHA256 | a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb |
| SHA512 | 0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
| MD5 | 03d6455dc6934a409082bf8d2ce119d5 |
| SHA1 | 995963c33a268a7ed6408c2e6de1281e52091be2 |
| SHA256 | 82ca2aec64fe151efd59a838c1845111bfb9f94ff277be3afae4e3f684ef3a62 |
| SHA512 | a0ff71bc01a11c9a95c1a0186a7bbfec9c3f84d7e600d0bca877934fa5f84053627bc59bb355f53ce9e3c9e4c6a841b8f5cb7436fe7f43b63426a8a851392c6d |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | fff16ac4b7ab3864da01fdfbae1299f1 |
| SHA1 | 338637a3f1f98ae3677d66b102249d3d390cd4cd |
| SHA256 | 0fe662cd1e1c338153f0e1120410e76a614d6817f8315a88df529ceb7184d212 |
| SHA512 | 316934015c7e485847dd936a0acf216cc1b463fcbaa9bb815a2bfae02eb3c48acb09b0d98a290a81c42cf1f3402b320770aecf4f2e562e7a1fc06fa39cf5abdd |
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll
| MD5 | 1104d30bc3a2168af06974d91fe19b6c |
| SHA1 | 0adc46f39c7fe3b1632913baf6830e3eee65be49 |
| SHA256 | 8fa8305650bd8ad0f28ba9e41a525334b8ed1fe58498c4318e95cf968607d992 |
| SHA512 | c55c8a71eecb2c8d2e74f2c735b308649046e7040b5934657c05f5c7c6c12c2d2d36c163c72888c69530d3730a185a46991b613c7dd78770034f40fd01663b26 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | a95451cb336262573f5c230eddca6358 |
| SHA1 | d5a4a28e71a9049010df484af9a17143b7610967 |
| SHA256 | 5d98c27a4c0b4c545ce74b6b5be9ccb4663f413fe5edd6e3b5925e260f34a899 |
| SHA512 | 9dfb1fea2a8ceb46005756f6be3881f8bdfb91150fdeb6d91a3c68c2fa863d74b89fd1e83eb3d77af69783f331b64b241e6cf5ab4e6f86b760c6191d306b13db |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
| MD5 | 26e2306862a3e09489e224b8c7c08b4a |
| SHA1 | 31b054b957d27ea4b2e3270ebfe7cf62e32890f8 |
| SHA256 | c8aca420097260a96d04398a90f7c346f0b1abf94a44ffa539050e4dd06259f0 |
| SHA512 | 604c980476b386d5efad2ed273a840fb92dc40bcbee78c9f2fe9d300437978c8b47b2d44e903b43c3b1127c276fbf58fd823342850e6d3effc038acb0f6b1202 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | d69a9ffe4a79fd19898b4d3ab9373055 |
| SHA1 | 54521e0b9377fdc7d1aeff2fd0a916473c35c415 |
| SHA256 | c219c6df9f83a39a6d14a724d0a80f116dc156ba1f968036bb23375bc979b793 |
| SHA512 | 682dda5e6803912fca813f95da480f1880714847fb8a30f6431db9071da3bdf03bd5ac6da3c5ff701c2b4c7868f65666f2290bf91bccc3d3dd5323f762b552f7 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | 10d7374fb14c49a60d9e3d07418b842a |
| SHA1 | 1ce2ebb0cb55a25b8253a830b72edeae4fda3855 |
| SHA256 | 3527538d237ab019743e9078d061c3b6f9888eaf3f2fcace7707700ad63a19b8 |
| SHA512 | 44483281a6f83e98c08dc7b7b44e25853abe5bf72ae1068b350749d8b7e422739de212fba25bd333fb614755b43bcfb2164262a8217813c7cc4653819bfe7218 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 182d96da10b4f791acb9f6f2e4df63dc |
| SHA1 | 79814ee5e822136a564babe12783fee59e4b6568 |
| SHA256 | c6e244f11ca15f6e0779ec103c2658d2c0037433ac5c09646ef3359e5db86a35 |
| SHA512 | 15f1208e1025b9618ea5fe969d6bab743d4fbf14492f53ca76eb52976a5304c0a6f1fdd36d6ab6c3762c9fccd95de57f5b92ac72cfafebfa26bed2c7f51ee741 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | a1c2f2ed5c291901eaf78258d28c68aa |
| SHA1 | 10e4550cf37118777ab2ace7cc9ed7197407bcf4 |
| SHA256 | 727d32c1587febef1d5c59a61a046747ce95c5cfa0505c7228dbe0965ff8fae5 |
| SHA512 | f1f544f44fcd9074b3fdaf48b0f5d88f268989b58b21ec41a04d96c6eaf3ce4b9eaded17cfe3a900744e192721a83aad7c24f4a76b9341b8bf171e26121ad652 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat
| MD5 | ccdc540e40c3529caa35fd8470feae49 |
| SHA1 | 95ef2045364c660ed062e661d085abfc5dbe0832 |
| SHA256 | 75094f2f1ae5df7f17de6e4c445bd3aa41dbc5989738106e6e579ac5377297ef |
| SHA512 | ce9c0099106eb6950af4dbc9a139d5a295844fbc054828a827f09206cbeb63c4146519315a53f622ad80fda5135664c9cbaf1d041bd348c1ef131624fdb3018b |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat
| MD5 | 70eafbb4d3e22f599b9317288b31a477 |
| SHA1 | d454a873820cfa306f1e5bc8d4e75d243c895537 |
| SHA256 | 5b5104a26db75fcede9e5eedf9e1f9bc433f8138f193bc2dda851326a7f6373e |
| SHA512 | 1bab6ed77214f0e9ab1fc49e6c32ccc103ddd3c1fe3acea5907036270363f0007e845fffa46bc153261d09fa69830f28142aff0980b21254ca693de4f3810e5c |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb
| MD5 | 0fecc503f6b761789491062e2f974eb3 |
| SHA1 | 63cc081ef0ef49e91efea38771583634a2ef90e1 |
| SHA256 | 413df9d71ec0c8b000f7168224db8eccbb8b148c259a23971d87bec58a683505 |
| SHA512 | b8cc9a9515b85d9e7378e73adbc19b36143f56800c5225d5796764cf4a97da3c850945845945eb4567564ecfcf2063c2aea925c1c684113d0c188cc4610b8f56 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb
| MD5 | 97d38fb1f4851da92656a79146ffad0c |
| SHA1 | a2aeadc63dd715cb40e02d749f81a3d8cfe36d2c |
| SHA256 | dbc0fc4b26ef1c1ed792875c90b0a135a06fff673e3390b9edd8f89fcf90e0df |
| SHA512 | aad93d395c0adef524ea9513a1696c8d09b1a7ec62358db80231a4286f9bd06dd33e7098039a6dbc28d3973d4964cf52bd1378bc09056b08c4bb95483839fa80 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 20d7eabb381168094457148ca5706219 |
| SHA1 | d6b9c44b25d3b90da90cf0509de5fe89378b240b |
| SHA256 | 6bb011ffd74634c5c1492be9c94d282f9ddbb851820904e1590c508998e76f98 |
| SHA512 | 6eb88e0c1cff43ea29710e2c4686dda72b8088c25a98722756f54028c6b160c6f8e5b7721f62833dce1699f4b71f8e7f41e6d6c64a1a91f8f02b912d9bf700d0 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb
| MD5 | 5badb0d6a9368c1d5eeaa645ce308fcc |
| SHA1 | 2693a00abc7c3d0eb3c1208f8cdf0cae76650201 |
| SHA256 | f7ac4eb32e40499640de0f2495f49408c0f41fa923460cd5f1cbe2765043833c |
| SHA512 | b84739ac44a38fcdebe0fe46063c376999d98c73e5c7498a96641acb54de68a9a546d0cea063daf76ebb4e01c246d93c346195510f2b4fe5b324a63883769f73 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb
| MD5 | a707c46c6339575c2b79795cc3757f60 |
| SHA1 | 7f8556933eb0f444bb63b413852207145fcc0e73 |
| SHA256 | eed0b3969a81343a019db902a1aed40a654127051c0b2418eda44ecd858c3773 |
| SHA512 | 73a4d0fd5f0d35bbafe8ee7ee25e957a226db665d4cc45879b54522078f2ecd0975ff1bb97ba508ce175f809244109ed7d1a023ec8a8504668bc2403c135ae78 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb
| MD5 | 7f7b406cc52bd175cd95b88af8a382d0 |
| SHA1 | 35260bb51282b60c77678e1106c8227e72e95121 |
| SHA256 | 2d81c91f573a84f8e53023ccc423bc1a483448dc1190ebf10bc9b88fb779e0cd |
| SHA512 | 2ddb913c2112e98c3e3768216f1a03badd6bd1922a36c16131cc1dff9c85454179c7e4821c70019740ac457121dd1bd82dc355941d44de0c50378fdbb2f13145 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr
| MD5 | 258e2ee64a85b8f814c560a69afc110c |
| SHA1 | 5ef3961f8357d544a861ab42db4ebbb245054b66 |
| SHA256 | 2ec4a3c2ac2c60bb80c3e9a043dbe4481352bbee72b95db7396ec7b5ed7744a8 |
| SHA512 | b9927e7ac3a3e2afbe05d7d0c95946f8a3f7fc2a247b81aad233f7f174d86a2c836c1d21e948551e05be09439a918f9c3cd97dc3ca9bac1c60aa1b5545597067 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nm
| MD5 | 47d096dc7e57058f4b63cae321578250 |
| SHA1 | 77682d8b314a60c0918d0c2e87e25f9122a7eb6e |
| SHA256 | efded92e5feb4b1841a541c6e33e2adf77a0d8ec87eef7554178ab0b10a3981f |
| SHA512 | e4cfb51df830f1b92c924804cffd71e3a43376d433ac757748eaf30bc66ca73b1493542feb7fd6505e8d3709e88ec979316aa04ed047266a518ddbe0937cf525 |
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.bin
| MD5 | a8e4820e175f7d9c0f37c4f63bdf44bc |
| SHA1 | e0aa265a99ceb65255ead59d54ab2e044c7f63ef |
| SHA256 | 4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b |
| SHA512 | 68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | 00bb4872fd3c456f23b2b00a679b3890 |
| SHA1 | b2f98fc663e37bbfda7398079d4d483d862256a6 |
| SHA256 | 1bbaa5b2a9e7423568aaaf7b6c2939a6ea784e0b8fb5e428b6e7423927e0c9ca |
| SHA512 | eda71ee5c4bb9490e9a303347180e94425f2228476a45d983ee4ce5ff1c84b60c359ad29d545b0bcc8dac0aafc6cf0d4297560bdd2e68587aeb0137de61f19ae |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | a8de0cb6e0103dc9dc9f1a7f4f35f819 |
| SHA1 | 27674efbfcc8975b4a372742b141ddce47cb540d |
| SHA256 | 87bc58ad3b68b87620c543f54f1e5ecbbb49b7468aa7c271a6d9ab95ac9beefd |
| SHA512 | 6688449e115b0403e08cb24c61f961c74c27cfd6609af360c251eb446d294e42ab1323e34a4e3992020d8c7fd0e8002fb7b96329cdf9c486910508d81429a072 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 956b145931bec84ebc422b5d1d333c49 |
| SHA1 | 9264cc2ae8c856f84f1d0888f67aea01cdc3e056 |
| SHA256 | c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3 |
| SHA512 | fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | f802ae578c7837e45a8bbdca7e957496 |
| SHA1 | 38754970ba2ef287b6fdf79827795b947a9b6b4d |
| SHA256 | 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b |
| SHA512 | 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 6b2c83b76c01d71f8cc09aba359265d0 |
| SHA1 | b3576773a486b593b4c778d422731673392774b5 |
| SHA256 | 0da26ef272958be9920a42c0301680f02594018bbd184db671de5c35a356abf8 |
| SHA512 | 8e4e74f04eb89635c6869c309beb02abbb5ba761e87e3cf32741a94098f2c76513e85f2d7843b0043974d9b7e0844da39044fb4d7f8be04d70a75fd78245975d |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 37429eebabc4e95924e955d275ebb564 |
| SHA1 | 49ea9f263b7e142ea5393452d11905b6ece437a8 |
| SHA256 | eb5eb88dda291b1036ee932e4256f2772dd29f698bbbbcceca8dca4a220300b9 |
| SHA512 | cda493f473d7d4d86f2ea6ce63c716792cefa8b0d03f7ca9c7c6c39d6f74a179eeba37bcc63012354657717ce8127c950969e4857430d4260a30716169bf8b2d |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 65ac2fc4bf887a0ad96c5f4b362ec0a2 |
| SHA1 | b7ec7c68a77b4a0d0a7aa99c303a3319b7fd2177 |
| SHA256 | 8404d35b08577f20ac79cbabecf16262be5220f6bb3c3f09e3cef930614bf292 |
| SHA512 | 07d819a0796f63f29d409fb81aa3c9558f8e338ab49a6731d34c46e15f42e2cc58cf24622435060c1d5197a90d057bb472daaf8b4d617da5a3e45599cd85b188 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | ad31b557f980e1d3421329f05a1462ff |
| SHA1 | fee8e9c979cf08af157db4da9bfdf799a3f94417 |
| SHA256 | 8ee347f4717ecc4ef0ae0229da4b5e251fdf30e1985c60de3889a4f15d1c5310 |
| SHA512 | b0b1105827e04183b606a0348832f6cb05f2ff145937b0a2670bac0f9c706d189a99392a87399c3d21f699bc89f30bf612ee2d88ea0f258fc58d3f4bbae8b16e |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | f83c24cd48551c15a53c662a4c382538 |
| SHA1 | 193b958b4f94918f1e627d511facb940ea5626ec |
| SHA256 | 89e2e114e1b910babc2b2ac0913eb9a725d11e5cb42a25e070ac8e70cbbcbad9 |
| SHA512 | ba742bf59d1f10598def717164d33ac1e2812a4f4f4c7831a35745021ea891657699bc3c2eacf3804079b38857b5d23c5641bcb1b2e9d874b1c64c0819bf3bc3 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
| MD5 | 246a1d7980f7d45c2456574ec3f32cbe |
| SHA1 | c5fad4598c3698fdaa4aa42a74fb8fa170ffe413 |
| SHA256 | 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147 |
| SHA512 | 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
| MD5 | d87c2f68057611e687bdb8cc6ebea5b8 |
| SHA1 | 27b1311d3b199e4c22772fa1b7ea556805775d37 |
| SHA256 | ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8 |
| SHA512 | 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
| MD5 | ddb20ff5524a3a22a0eb1f3e863991a7 |
| SHA1 | 260fbc1f268d426d46f3629e250c2afd0518ed24 |
| SHA256 | 5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a |
| SHA512 | 7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | cae471338e9a856df1c1e5ee7a671a58 |
| SHA1 | ec2e77b5347e2e16b29d375a754f7d9a073a7e20 |
| SHA256 | 79f79b639bc26cc809f6e6578328fff00a5ff7f5ee5d6f0441b1928e2ec011c3 |
| SHA512 | 3b39e4e4ceee4ddcc85228923705b954bad8438b6c7de72e08a843041636f7ee86befad524c39acef90c5a318fec478c347fa23c3b40140f385eda9d1c9da137 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | ff680bebf0268192130ec6337186d9a3 |
| SHA1 | e741f6a4045c93f73afc6033a3b550633a25c690 |
| SHA256 | fc5129679460b8c03263b631bb568cea8c43187fb974eb8291c27b6aae954961 |
| SHA512 | 902f3ba8ee80ffb5186825e4cdb7a6ab98aaaa0f1e770d53ee20ddd0ad07aec729d412cf787a20162d92a8572f23a01fa67ae02e0b402e13939142c2744fa4a2 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | ce6d0fc738273f09338d5e4635fdac72 |
| SHA1 | a0c3e540234dc0af5f006cf6f3d070b89dea59fc |
| SHA256 | e55ecdfe9bd9a7452490ca7f45c618c760fe1b6c406b2da4bfd80df613adf084 |
| SHA512 | f4d7594bb34f9b23b821f358a7a10f8a28374f1188159dd95531aba8905168d683e702dee792edadbea2fd8a54d975b3c1c96816f115977f568d7908887e2957 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 579b874ae20d35d175e8382c0a2c8258 |
| SHA1 | 0d207e0f225052f10504267466a23711d3131af5 |
| SHA256 | 0fb92b0bc40bcaf8a91d9b35cdffd5b5ba6cb745b7184e1cb37bef68fb3f0f61 |
| SHA512 | 2de472c962e47f1dab2d7f243cb93a82efc1921704e2e7f0e1fc3d4229750cc3a4a286df90e7270dbd8cc5ddb2d60f1594ec5ce979e0b05580a569be00de9a3b |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 9bf51bf6865f25ca6d739978c2ac01ee |
| SHA1 | 59d4613405cc9a6fba2c47d1bddde8d053c83e67 |
| SHA256 | 7a4f65742a8b853c2ccfbfb523bedd455ce487f88caaaf42756e77d8c5248957 |
| SHA512 | 40aa8180031265e0b35c87ead7d15f42701377e26533813599a71eea2c7cdef7d2a70aa1f640f70e5f743b7a0ab4695210009cee4e9eee8e922a91280a795a23 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 207414ccecb5cda29b82bde820a99cd3 |
| SHA1 | 131a0f8a45c8a5a9401e0c00e915feaf6d75b8ce |
| SHA256 | 36d4de2966b319f43572c01ed21a799c249375004ec3440547e483c797193bbd |
| SHA512 | dc587e1803d20e026f4589d9d17aa40d7f9319b139364a7207f6a34c952cfa2a17fc2d2196f01b29478ebce3ee653d75d4b3c5016c1c9614b351b0581fd0a782 |
memory/968-3635-0x000001D571A90000-0x000001D572112000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 58ab77b06af2c80d126c27949193be10 |
| SHA1 | a32745acc90fb8ac7e7b044667961ba0b93bd596 |
| SHA256 | d50a35ceeaa8dfc67153f968477099921523fdcb284f1556a38410513d6ef448 |
| SHA512 | 95fdc29f809c3add03cf770077f0616b10bf76e25beb8e8e931229f0a7261f775df346bbb45206c413db9f030a6bca59554e8069976bfad55af3dac6ac08a9a4 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 3f01e7cc904b55b220181bb97c4d59fb |
| SHA1 | ef24424c125ae3597571867ac73d9d335bc00d45 |
| SHA256 | db717cf7add7ccc5627e44bbe70fbe7287f75583a995b3d9fc9471b62b0a2e5d |
| SHA512 | 7ee90c0102743a0c561f5c5fd78aa25ec230ed2676a268b939c150661b1910cbfe1aa929c71aedae2e302044817047e4812ae8bd2c2d893c427dfb0af1f9061b |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 36dc1ad7b3c7927744a16c1e68eec7cc |
| SHA1 | fa832eecf7b6fd944924e9bc258d2ff311f34195 |
| SHA256 | fec5606247765e0c7488d52b843fe715aeee80730a5c6235a85b602942afb1aa |
| SHA512 | 1d8dbe0cec51fc5a3abb798b13ff8bb4f812682f45dcbb8512d08a74334bd9db24b034add72e31c57127ff06b057456b98e831e54bd72b7c3dfc5f9142531560 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 635a6ad1ec7de1f2a71173f97a0fed86 |
| SHA1 | 98a9d24d2468b16ce96abbeb0768df9ef76fb1e4 |
| SHA256 | 58414d1618d6073bf0080b4f266f08791b4cebf579efe54101908d1222fdab34 |
| SHA512 | 6d4b3f6d896efec74d5e20775a915dd5db78413b9a086d71f4f1f654b981aa849ad44adc842a7e50359b797f1055678210a0dbd75321284479c9639eac8583bd |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 76ac382421d0b8162e566bba5e43e0a1 |
| SHA1 | 5f7692c8b943b8cfba6f7364f2531af3fb6ff2ba |
| SHA256 | e6a9b04088cbe06967abea7bd401b78c8e9c6767d6222e1139db04b3c673b964 |
| SHA512 | fe481ef376285c5c7df29f02b229f3426f9a3c659369e4354194b2dc187282f7a5812ac98debe54fd2b8ceb2068b9b7b35073fd55525a381edb63bf1c55b8172 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | b2bd1cb0985a6e2fb0b41612a32d8a2c |
| SHA1 | 170a5f835881d081050e8aeb121b067ab5fe4d94 |
| SHA256 | 2058973ad25db1b931b7b80e8b6b0f70700c2a05d708c6f75929518b847466df |
| SHA512 | f84b357b712d4892793788d6364c80a4c43f6b612c0a825ffaa36ad51e177ca6bd8810520e5e7ec790eb8bc3460cdd6a2343f14339f02074f3f328e1c25771d7 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 8d9d4eaf3d305f68500791928dec83ba |
| SHA1 | afba4cb78d0ee100514a2db8881260f2d1a71eb8 |
| SHA256 | c9f701556354032721209336d1120c8bd60aa19d9e0b20f3f7d1fb3b0e4356b4 |
| SHA512 | 300bcc13e056aea8002f0448abf2890b252b2ae4312bbd659da63d8cf12dc1b0ec2862fba73cc63e45ef4018315b561b90b452099f17a9ed65c8eab36349e662 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 11252e2376a6b217eb90cab7e78c6ee3 |
| SHA1 | cb9f3b76463ef1be904f65d5ba18c7f144073145 |
| SHA256 | d32c17ea1baf32ead0cc26af85a5271ad86cd0a2ec6c47bc4438d6be486c5575 |
| SHA512 | b8506a14b0bda5b8ac0b26873d5200fdba856b4daadf9d7690dd1c389109c687170b9117071e983ad456984a09ef0de73947d39a93a2bb2feadb74e5275cb86e |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 817666fab17e9932f6dc3384b6df634f |
| SHA1 | 47312962cedadcacc119e0008fb1ee799cd8011a |
| SHA256 | 0fcaebe94f31fa6e4d905b5374733d72808f685fa3bcc9db9a8a79bd4a83084f |
| SHA512 | addc9a5b13da4040a44d4264cbfe27656b7d7971029a0ad53c58e99267532866f302ca8831a3f4585bbe68d26ec2d11a6b43de9bf147b212ab1f05eb4ed37817 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | c35d9d6248d13b7e154d632e5cc04d01 |
| SHA1 | 7499b63a4a87120fb8444f203e0ac8b2dd3c106e |
| SHA256 | 1427237ae87086cddc97940bca3328b1c734762f6ef576958f0fed1ad2c60288 |
| SHA512 | 4844b545ea5c72183928fb4a34bcc1cef5116737acade7006a85030092834128d7fe04896a227e4799d09800eb222ba4e56f677a98c211955e89e6a9130c15e4 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 80936234f827672069080ca23398f323 |
| SHA1 | db8637e0bbacb5714ca0fb5396b527b548131d57 |
| SHA256 | 6639a9b9aaf6484ac7a0f97b81c3a9dc09976f5146250a357cfeb7229b4337b2 |
| SHA512 | c1d4e0010c4dae8aabf61275e4bfa82e11c283609090a224379995d5235d3516ab0150db6d7fb7936c251f9cd13e60f54099725215894f3252dbb599e10232b9 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | fc3ebb17ea035da52ad55e5bd5811834 |
| SHA1 | cc90725f35f5dad1aaee5281330fc71cfa61040b |
| SHA256 | b32a0a5bb69adc4834e1c66adbf1b88a4f09506a093d3e26ae673d24c4f88b33 |
| SHA512 | 60b1d6650c61ad5570a1ae375ec5883e0a6554d82090890d632b4ffc0c82de4981cb12fa9f5357617fdbad76b78527d25d2a120fe9de191bc0be0f5cd2f70d3f |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | 3da850e8540c857a936b3d27c72ed0af |
| SHA1 | cd5b3a36b1c3d762835ed2f62a151c5127f01dbb |
| SHA256 | 0c77c63c9eb8eef49e833dfbb2d4f0e91bf9aba6bbea1fbb8ff8d1cdc16f7e38 |
| SHA512 | 5c9d5add57ad377cea6958e13e515053ae8aa9f9d8471e8ec57064e5bf8f5c1f3efdf26078aa287e63f38b528333c69be0745894cb2c0b427d78775f7605507f |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 9e98675e21d6d05b502425f7d64b8e5c |
| SHA1 | e0f781596b46c999a0c464d04d1ab622dc60aa31 |
| SHA256 | 6c7d049856ebecc6fbbfe6ee750d019de4b2f153720b79c3290d4b6c4828b6a8 |
| SHA512 | 06d9445b4193c3360c91bc12abf28972bfe3671f49402b6b26cce9b20269990969e8874d930c4999726b23033f17a160c75eadae9572081761f528625ccfd3fb |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 5c91840e78f86ba3eff56c522bdd2ea3 |
| SHA1 | 3538f5b83c554b6c83f7dacc285cc6a5bbd8db1e |
| SHA256 | b6f3c3ca49cf4ed6a2c9c0e55957ba105efc5f99ad9b938c9143fef0a55dedc2 |
| SHA512 | 1e523a8544432625c77911f27f94390a12e0714e250b1f9c57846b06ddf015c090de5d2ce4f03b98c82bd04cc854b393c130404f44c8e06da618923c479fa835 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | f7d2c7e5bf1f40ac65b625c3819d8c55 |
| SHA1 | fed8d4ce1f4bb501e5a0c033c38704c1420d1cd4 |
| SHA256 | 4f1c0c5c7515b952fe87fd211b39df84013126e9b4232bb9ca5ea97805275f47 |
| SHA512 | df265e7980d70e5622faec8d69db6e20e682e36d8af5b35c6a75c42d77832e8133f109c44db1b9b3406ad60a53a3b6cdc703eaea4f327ad3b8f19dbc23705c26 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 7748e8e44ee49ecc38570df6a6bc9cf4 |
| SHA1 | 2ce29f25750344acf4913fa768be3fba0955f4e9 |
| SHA256 | 00a6b7778893af4f62c053a831d7608daf55d022e51d777b5986e4be1bc0547c |
| SHA512 | 9387853f3b377ede8b096c91d15cc93632e531cb5f7ea2008b09fe01f0e282c40c22cc5aacef5b0e092ff55a1f913f10ec18dbede2a985cbd726848970388948 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 94bfb0410e806a389db1d87e1603059e |
| SHA1 | 81eaf43019ada9965b5b654a30a1a1f102deb1b0 |
| SHA256 | 4e9c6a16c574600918233a7af65668f32df0b66c2cb968c580947d4527e11741 |
| SHA512 | f70f265525b0ba19bf8dc365652abadcd817bcd243ff5013437f8a6e005ca8e6b40562b30949e7fb9796dc0fa050556926a7d8835e6001ff59e20f3e51859f5c |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | b3a53dcdf9c3b9760ca682edab72502a |
| SHA1 | 2bacecfb7b426d57e3bbb380258a398aa418e18a |
| SHA256 | d2c6070a9afbb7a7362a4808522078bca37651db6adc51803de18d29374c7bc0 |
| SHA512 | 87b0310955b068528c93dcb04ee55e8e10098840e5b650a4bbf4502e97d2c8027b0d9947cd93db8007951f4387dd0f8bdfbf903a8221abc4d7a96467bd944d66 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 876b45a557772b474870b44ac298741a |
| SHA1 | 95191e4b6f67810eef73a95a7c155b7bfd12bd60 |
| SHA256 | 3bea0c5101cd2cadce10df43d0b40b692f81ff4c1e604615d94ecc36b88b38d3 |
| SHA512 | 82ddec5b686ab619eb48fdfe77ddb190e2719845ca9519abfb95d0de9595b9c2f56de59a5a2ada16ff303fb0e9b856ca70df4c3db2f54799e0154042033f44a2 |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | b672a064c3cfdf56ce0d6091edc19f36 |
| SHA1 | 1d21d4ca7a265c3eafaae8b6121be0260252e473 |
| SHA256 | 04fdd99a4e8ded496a99c9d3c8c0b6a9a9bde9c4187d07342260f63852ef6273 |
| SHA512 | 53e6c4bd68a0cf36160b21d63e7a6152ca78f17c76ccee9e185c1cf3f5a254c05f401f91501ad3d6806d5085b1f58322e6b7ad483fb813b86cb8570519410680 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 428a22d96709016715a4b92b7f2ee649 |
| SHA1 | d0ede490c59cd73f9dba788e2663a14ded22fe05 |
| SHA256 | fbc2492f2027deb9ca1ee092a2cd226c2b983eb935b686da943729bb17689164 |
| SHA512 | 2c3c4fc9367097739c67aa9c8bfb816cde60392ce827fdc7620bfdf8c6fe874b50ffb5fc506ca861afbd0a6baa4035144b178509afc77f6fa35411e972f8c58e |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys
| MD5 | 954e9bf0db3b70d3703e27acff48603d |
| SHA1 | d475a42100f6bb2264df727f859d83c72829f48b |
| SHA256 | 8f7ae468dba822a4968edbd0a732b806e453caaff28a73510f90cb5e40c4958a |
| SHA512 | 0e367ce106820d76994e7a8221aaaab76fda21d40aede17a8fe7dedaca8f691b345b95cf7333eb348419bc5f8ea8618949783717100b38ed92544b9199f847f0 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf
| MD5 | 358bb9bf66f2e514310dc22e4e3a4dc5 |
| SHA1 | 87bfc1398e6756273eee909a0dfb4ef18b38d17c |
| SHA256 | ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17 |
| SHA512 | 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3683cd1dd378b482c415f3b1edb8c043 |
| SHA1 | a305bb8cdfff1a7cb5dff2053d11e6dd4256ba82 |
| SHA256 | 0a8b9c90d37a88e12b7efedc85169e5c370d6d1eb394292438d020571b9a6ec4 |
| SHA512 | 8a82769912ffbc975188937096ca998ac4581ec1425cfc66e1e436a537495143fdce591a8c8f02635d9e75e8cbb2adda82bab527f4ea0c03d4faebfa1a36fd52 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | da68ce15a1c39cd1ec490f6d26d8c751 |
| SHA1 | 1f63a3bcfc59c58a14d647eb955188cd64de32c3 |
| SHA256 | 2ad0b88d8fb9d46f9282939f69a025d04612d9827c58347a3da8ad6306b192cd |
| SHA512 | 4d27e201ee9bb66a45521a27e96cf14b979e8c8e2edeee2a4b0c59127910d35d80de24dfca89bd4b5ad88fa59bf6bc2e85689e2aef61c57d713182a763c0f581 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat
| MD5 | 1c69ac8db00c3cae244dd8e0ac5c880e |
| SHA1 | 9c059298d09e63897a06d0d161048bdadfa4c28a |
| SHA256 | 02d57ac673352e642f111c71edbb18b9546b0b29f6c6e948e7f1c59bd4c36410 |
| SHA512 | d2ec2ff9fea86d7074998c53913373c05b84ddd8aa277f6e7cda5a4dfffd03273d271595a2f0bf432b891775bdd2e8f984c733998411cfc71aff2255511b29c9 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 898b223f4b97638ced703aedd4acfc60 |
| SHA1 | 957f6eebb0b144a403434cd241a3cbcbad3a4e20 |
| SHA256 | 46aaefad30b71c457cba4190440f5a94fbddd1d8e3f9461d1b5595de6619f357 |
| SHA512 | 14eb03b19ad9238a8f9c1e96af8d9e6fb65a62d2fe1414b58f19c6d45aa6a81220ce797b1960fefe6f7e3716501904db34bf9add69c7451188851981ebdc5a6d |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 92fdb98631f229a0a9a1bde1906581a4 |
| SHA1 | 9fdd3c068049545a5436ebd44098050b9914fe79 |
| SHA256 | 9fc4590a3476bd01403ffb7645e4948df3ef3233399cddbb218b5a3c78d2f702 |
| SHA512 | bf9fef95a7a908e18c6423717d26a7c1d5927597a897bc35444afc3dbddf71aa89d533e89c394a1e4991e4b9d5188e97704bd91cdca00f6b991eece9fb0a3420 |
memory/968-4709-0x000001D571A90000-0x000001D572112000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 63260e9a809cd822df6f95a5ef57227b |
| SHA1 | 02143655e161d6498c07ded82427122282952091 |
| SHA256 | 4244baa4a9ca6157039abbeff66a7a3faee182c1c82fb8d3de764c498ce3d113 |
| SHA512 | 891f5d2552b855beb9f1524b2f595d5a66896b6abd193eda7d08d28035028b78813b0ca43fe53e3a21969cb0d8bad214eb4321317aae7485073f85d0f1c2d4ff |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | cbf7d2b3acf619a5e433f48a3de8e62c |
| SHA1 | f0c48bb6a354e4786a4d0f4dfeee0052661c6c16 |
| SHA256 | 5b89c1700cafee8130ba7b560ad967dee3ff4ac3588ff17a1807aad581332d3b |
| SHA512 | 0bcbdda30bb9e130f72b106c8e9f5148d30b43fef648f18136b3b70e8a6f28eb313e7c6c3ba355cd79791c7e7ad36d85259ef1a21e4b4d5bde8457fe9196f4aa |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 71158d9116853aae92e1a6b490c9ec55 |
| SHA1 | 81b29de7c6421233795212939598e2cdcc3430e7 |
| SHA256 | eeabb771e82e2fc1eebc9cd875807f029ee557998bb6874e9f96b27203fc35d2 |
| SHA512 | d09e6b562e635512af2c475e389bf39115253d820ae0b4afe1036ae67631e4c19880496830e6ec9cb4d9f2347b570259eca1912c66e025a6fa43db0ce06caf50 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df3e678724328e5163269d4ea9fa594b |
| SHA1 | 82e6b9bd7918b196ba6425fdb5dc31bea1471e9a |
| SHA256 | 34ba88fd9db9d3978d9da2324e7be076bdb1b6c7488c7c38eeb29948be0c82fb |
| SHA512 | 4c39861fe51afa968d39a60e27205183b4138884ab1f4f3af251b26da6545d0946f5bde30db562333ffa2d5d24bb96173289e856d152e9b40d0725ae0c181df9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 62130a4e0677a2db8d3e218fe49f9043 |
| SHA1 | 09d854ba1aa6b5c2c2832983b509f55881dad81e |
| SHA256 | c7eda982738ae0c4fbc228e4161ff5b7ffee37dd98d360b93a9de890d94e2b3f |
| SHA512 | 58c863fee25970d24cdf97937ec595ca7dbe18cdabe42ca455df8df4e3ab97ef3dd94bfeeb04022f491266805f8c0f3c949ff9e26b2741fbf0c5c3889afab348 |
memory/968-4757-0x000001D571A90000-0x000001D572112000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037
| MD5 | 2949c1a5ed0da748d949ac59dbc15059 |
| SHA1 | 9fa86b84cba147b2806f4e11dd76f38dc358c202 |
| SHA256 | 2e0b86cba229e27b6eec45751be45b24f9197cdc7b2eca30447112f917899d0a |
| SHA512 | 65eac714afaa0e7e84a41a18dc710b233afc80a03022e4504b3a30fdc5a82dd22f3ec78e2f5ad9df360c0e93f7d06d53b7a638fbaea93d62093a524beb627a66 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 70cda9e05934171da30992a1005d46fe |
| SHA1 | 5f238e7d3b3106e735c42810103ecd4d2f3c35d1 |
| SHA256 | 3af10e052f441c662ae474daa311f7e58201ce6641d1009b28bacf880f345529 |
| SHA512 | 60b04e108da91584e4d06df4ce8cb22b42f3f0cbb3856d3541626edb5d2b8e3582fd5a1d73d3d2ba1c1e6c173afb779a681072302881e00c859c4b3d61dbe7cd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 66066bbb9dc67dea2ed322daade25f93 |
| SHA1 | 9156a08c55230fd1a3749d59691ec7a09a8d05cc |
| SHA256 | e8187edf08700ea55cd1eeadc002ddc1bc52a8a2585a469cd1ecff1f32e83a09 |
| SHA512 | 7d181db84db9e4307bedb2f308fabffa04bdc8927eccd6f605cae74c3057e741e65c937ab57ea0741f632663c9181c1595709d2f4f7dc200ffe57b93d11adf22 |
memory/968-4795-0x000001D571A90000-0x000001D572112000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 61e31b70fbb1b53e93ea6b8108db8339 |
| SHA1 | c36cb22480116aff62630d793303cd48d71033b0 |
| SHA256 | 8b2a5a0de0cc714255fea544e2968ddcdcc6c66388e41e274ecdfaafed6ecf44 |
| SHA512 | 1d4c8bfe41f508f7a39bb97f4a94831cdc33bc3f2f29b64af96fb41d71b7952d80dd46899720f7acc7e9917e9d55a8d310bbb1a57c71450584aca97f4058b448 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 28a0b1e91cfddd00c03973f33330a079 |
| SHA1 | b875abe4af6e8e83629864cf2a32070fd876b8b0 |
| SHA256 | ebbbb080c097b4565026819c72dd658f08b0a1352c59d272b3f46e2593cd3d02 |
| SHA512 | 66cb1736bcbd76f88a99b362070cdbbb72ac600468ba5ca1c477ab7f9f44153f8295891b8b1a2b12bbd6872396732a318619c9aaa859858b3cb3fb51eb30daf4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\d37b7d50-de38-4320-9275-2ff48150346e\0
| MD5 | 2637afbedab09115d71d70172f8dc64e |
| SHA1 | 891075f5b066edb1fbb5b1ae2057c2e8801f2757 |
| SHA256 | f9794a7dae9e8cf5eca1cfa47c8b313443c6a57d5b60735e53d91f61c9e8f92f |
| SHA512 | c1da5b2e41bb2385aa7119523b9f5286689d8dac53bb400249ab12647efab372818cc5ee8832d6051e19ac5ed25e38101c3dcfa869f02465686f1b47fe0428d0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 32a90f3f255bec2fc76743991e20ac20 |
| SHA1 | dbbf5332236fbfcd0be71f8cad64c589be88670a |
| SHA256 | e3c8428d85e7d027e11cc7928805469691f35d34f2ca220387807cd2d6466cc4 |
| SHA512 | 70a5c8c8a4376b16a56baf9896d1b5d0b4d346caed986b0a81414723adc7a5209a8e5956be32f01ef3434f9b02c6e2be5fa3181c1eba89c566e033041c18c050 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8d6b65c81428eaa1a3213d77df56bdfe |
| SHA1 | e8ccc7d9a4f880a1fce5e2affb814449acec98d6 |
| SHA256 | 2d3be6c995a7fa6ef6b62178f8c07779b1bb29ffca04d045e3b738069c7c1194 |
| SHA512 | 06b2938af9f8cf56f3ea9855dc5c3e06445189c442b91801148ba4dce7ca95fe175f5746c0bdf7cd88e323734712954f571dfcf0713f446618f2c5c5e0abc529 |
memory/968-4863-0x000001D571A90000-0x000001D572112000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 072271b9b8e82d432e00c8af88c8e27c |
| SHA1 | 247bc914a3c6df65ce8f6e6cdaf4597b9940b851 |
| SHA256 | 923d983037b1569b95053b5e1b21535579779a8e18bc546bdb1ad5eb85220f80 |
| SHA512 | 1e20468359e7c8af0212ba975619348ba271a098ddbd3a9ff1da70bbc64ee689b459c2d08508663fc20c0cb1fa8a1162bd026f3dbff46ecacbdb4c5a1383df3a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | add0f720fae9c45f95293a44032cd6a2 |
| SHA1 | 83a5f5042b48d15f6da6c6ebb9b1eaf6690730e6 |
| SHA256 | 9a4b2cf492fe6bd4f05b2090d9ac844b69c4fee1d79e6691616295eca96a8e42 |
| SHA512 | 07bac4f955374c552231c4cda3ef0ef525f2451db226e5a1af67f1b638ab508ec006e39e1fa75b0e97eb9ece1fd724e7bc28536aa16ef15fb2ca80a609a6babc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 244f1eef41bbcd8b19952d89de941f17 |
| SHA1 | fbe03d0eaa478f7638909698fb24d6bc37d8f69a |
| SHA256 | b917b8d883cc8f54d1fa8f23eb952e943f74385532042dc41c50fe705b623890 |
| SHA512 | 7135e1f4ac7cbe6fc7335f08d253ad29de117d28e45b6344c784762cf08c2c5d0cbec5baaa6d5054ae486eb6a5c66d63d04212b81a3362c6943ed53c91f7cd4d |
memory/3420-4906-0x0000000000400000-0x000000000040E000-memory.dmp
memory/3420-4920-0x0000000000400000-0x000000000040E000-memory.dmp
C:\Program Files\MicrosoftWindowsServicesEtc\example.txt
| MD5 | 8837818893ce61b6730dd8a83d625890 |
| SHA1 | a9d71d6d6d0c262d41a60b6733fb23cd7b8c7614 |
| SHA256 | cc6d0f847fde710096b01abf905c037594ff4afae6e68a8b6af0cc59543e29bb |
| SHA512 | 6f17d46098e3c56070ced4171d4c3a0785463d92db5f703b56b250ab8615bcb6e504d4c5a74d05308a62ea36ae31bc29850187943b54add2b50422fb03125516 |
C:\Program Files\MicrosoftWindowsServicesEtc\GetReady.exe
| MD5 | 57f3795953dafa8b5e2b24ba5bfad87f |
| SHA1 | 47719bd600e7527c355dbdb053e3936379d1b405 |
| SHA256 | 5319958efc38ea81f61854eb9f6c8aee32394d4389e52fe5c1f7f7ef6b261725 |
| SHA512 | 172006e8deed2766e7fa71e34182b5539309ec8c2ac5f63285724ef8f59864e1159c618c0914eb05692df721794eb4726757b2ccf576f0c78a6567d807cbfb98 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | a48cd6cc26cc17633952d592473c27bc |
| SHA1 | 98db04462365eafd0a812ff3f6a52bce3c6aa5c2 |
| SHA256 | 45c4aad9dd567e49cb22557267221e62627db0599d636380d969eae976efa298 |
| SHA512 | 9ba9a3a1a280e7fb11ce07af8d7de4aa7c4b809df2f65923b6f6bfd106dad3e83972bd3a791d7e92a09b45f9c9c1c2923e307574b68435f830cce85dd7f817e3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e1a066ac8b5204c2598ede8f5ecdae4a |
| SHA1 | 68bff0b238b6a6c77e0550cdfd03dc6a75ad3233 |
| SHA256 | f43277469785cef51988e46e57a1efbbab945be9b7e4ba55c46c3da3c0361ec3 |
| SHA512 | 3fee31b213d17adf92778c9f5155514576f0a9eeb3e9a0d7f33b122ebd065da0960d1ec66a957675a229f29667d3542503e705fb4ad0249384fd0416245af988 |
C:\Users\Admin\AppData\Local\Temp\xRun.vbs
| MD5 | 26ec8d73e3f6c1e196cc6e3713b9a89f |
| SHA1 | cb2266f3ecfef4d59bd12d7f117c2327eb9c55fa |
| SHA256 | ed588fa361979f7f9c6dbb4e6a1ae6e075f2db8d79ea6ca2007ba8e3423671b0 |
| SHA512 | 2b3ad279f1cdc2a5b05073116c71d79e190bfa407da09d8268d56ac2a0c4cc0c31161a251686ac67468d0ba329c302a301c542c22744d9e3a3f5e7ffd2b51195 |
C:\Users\Admin\AppData\Local\Temp\runner32s.exe
| MD5 | 87815289b110cf33af8af1decf9ff2e9 |
| SHA1 | 09024f9ec9464f56b7e6c61bdd31d7044bdf4795 |
| SHA256 | a97ea879e2b51972aa0ba46a19ad4363d876ac035502a2ed2df27db522bc6ac4 |
| SHA512 | 8d9024507fa83f578b375c86f38970177313ec3dd9fae794b6e7f739e84fa047a9ef56bf190f6f131d0c7c5e280e729208848b152b3ca492a54af2b18e70f5dc |
C:\Users\Admin\AppData\Local\Temp\thetruth.jpg
| MD5 | 7907845316bdbd32200b82944d752d9c |
| SHA1 | 1e5c37db25964c5dd05f4dce392533a838a722a9 |
| SHA256 | 4e3baea3d98c479951f9ea02e588a3b98b1975055c1dfdf67af4de6e7b41e476 |
| SHA512 | 72a64fab025928d60174d067990c35caa3bb6dadacf9c66e5629ee466016bc8495e71bed218e502f6bde61623e0819485459f25f3f82836e632a52727335c0a0 |
C:\Users\Admin\AppData\Local\Temp\eula32.exe
| MD5 | cbc127fb8db087485068044b966c76e8 |
| SHA1 | d02451bd20b77664ce27d39313e218ab9a9fdbf9 |
| SHA256 | c5704419b3eec34fb133cf2509d12492febdcb8831efa1ab014edeac83f538d9 |
| SHA512 | 200ee39287f056b504cc23beb1b301a88b183a3806b023d936a2d44a31bbfd08854f6776082d4f7e2232c3d2f606cd5d8229591ecdc86a2bbcfd970a1ee33d41 |
memory/6944-5057-0x0000000000230000-0x000000000036C000-memory.dmp
memory/6944-5058-0x0000000005320000-0x00000000058C4000-memory.dmp
memory/6944-5059-0x0000000004D70000-0x0000000004E02000-memory.dmp
memory/6944-5060-0x0000000004E20000-0x0000000004E2A000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a63a84d81dc47b7620e13bb80ce047c7 |
| SHA1 | 4176e856bfbd3f4a82eee41cd5456e0f61dd740e |
| SHA256 | c9a0dd41f09fb7968f4399133e50808b4ac2e451f70d2df96ac885619c4ed6c8 |
| SHA512 | 61990516c54c8001b5ed3e8016ec9beef739c1f3b6d837dbab1bba78b8194a2eabbb747550216577ba3de077f80fb9baad62cfcb635e74f025c2c2e08062c91b |
C:\Windows\System32\Taskmgr.exe
| MD5 | bcb0ac4822de8aeb86ea8a83cd74d7ca |
| SHA1 | 8e2b702450f91dde3c085d902c09dd265368112e |
| SHA256 | 5eafebd52fbf6d0e8abd0cc9bf42d36e5b6e4d85b8ebe59f61c9f2d6dccc65e4 |
| SHA512 | b73647a59eeb92f95c4d7519432ce40ce9014b292b9eb1ed6a809cca30864527c2c827fe49c285bb69984f33469704424edca526f9dff05a6244b33424df01d1 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | edf217c23eb85484b035656838a259fe |
| SHA1 | 7585e80a8148d1211fa0b115a976e5d64f44f31a |
| SHA256 | 64dbc980ed30f3110a7e88dfa462ef3618f2106c5b0ea72153835ade85c54353 |
| SHA512 | 89b4691fad55178fdb2a9984d085168e6c7bb071ad79861345cbe88f40931eb1ecdff90ab6a318929f005b368602d32c5d8a2e8640ca6933e2837289cd831078 |
memory/968-5090-0x000001D571A90000-0x000001D572112000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 52c4aa7e428e86445b8e529ef93e8549 |
| SHA1 | 72508ba29ff3becbbe9668e95efa8748ce69aa3f |
| SHA256 | 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63 |
| SHA512 | f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 29ab90470bfbf82359b2b0ba210f7558 |
| SHA1 | 6e2bf6d9e64a3d1bd9d91f45766803a62c0f2551 |
| SHA256 | 732df93741aa2d2d9b4888b949f892c5aec8f932b8ec7c03a6c277ddb0a8a3fa |
| SHA512 | def6689a5ebc21ec68754f34f4f8164cbd68ab0cf979627b0288d9f4357db68faaca8941ffb070e717a94fd63db027fac83c2d8433eb68de4ad93702eec7f7fe |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | 24f879dd9efea23d9b6bd16b6d66d924 |
| SHA1 | ee6fe50cb38accab0695cd03088748d7164da65a |
| SHA256 | 2a5dfdbefaf9f96aa03d930322e600f7c91be44c7c16801c787816768d8f4d85 |
| SHA512 | d589c08ce0967eacf806d8a4dd6bbfaf1d1d09a60d4411ee275408f6e250ea9d1ccae8de7c3ceb582ada31222851b35229ca8cac76cb71d7f8fe9a523bf08dcc |
C:\Program Files\MicrosoftWindowsServicesEtc\NotMuch.exe
| MD5 | 87a43b15969dc083a0d7e2ef73ee4dd1 |
| SHA1 | 657c7ff7e3f325bcbc88db9499b12c636d564a5f |
| SHA256 | cf830a2d66d3ffe51341de9e62c939b2bb68583afbc926ddc7818c3a71e80ebb |
| SHA512 | 8a02d24f5dab33cdaf768bca0d7a1e3ea75ad515747ccca8ee9f7ffc6f93e8f392ab377f7c2efa5d79cc0b599750fd591358a557f074f3ce9170283ab5b786a1 |
memory/6528-5123-0x0000000000490000-0x00000000004B4000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a9405cdadd9b72ac92d0f9eb4dd5e991 |
| SHA1 | 182f185d222ddc24cba13f543bcaa728538cf30d |
| SHA256 | 427cd540421b0d846482b716dfff52dbbbea7e645864b9733255d5072f0edf2e |
| SHA512 | f64421406787bdda42f63c104ed1f258e9e714db78a34b88f2203b22619d0a647a660e252ec2c98fd4057ecbd0ec0aad3ded9320482ac9a25af1331cd1540612 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 5d83697dc8ac968fd757cfac910e1320 |
| SHA1 | 1fd7407194d22c233ced3723c9cc741942643f44 |
| SHA256 | 89897f5ac6b9a21917ffb3b908f40e0b99613b8d3a8045b39e3ce2c2c089bfe8 |
| SHA512 | 0ce5466a2a829f51089095c69df967388b1528011faaf1557433bfff93b3fdcef3f174aae8a388086deba628d0b0d155381458d6bd679dcbb0eb72c58d2f6631 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 588ac37dc92dcb988b5f1ad008b2e327 |
| SHA1 | 8df1de849c3c3cd9ca6ea4fee4bb1cc8f0ef5551 |
| SHA256 | 5c2ea032ec832b3601f3a76f9981b329726cd9c0a270e88b31ca3c7e7393d718 |
| SHA512 | 0004d1e2797d650a0a7e3584f5de1e065a153e4a453b8ac0d830e616c1d5ed61c56685c97ccf2befbcea9c9f075fea6e37cff8c77dac84f66fe0a6a3fd37cbcb |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | adfe5ead26ea7ce12016d32974361331 |
| SHA1 | defae7fed1cba91802cd626fc80b1b36eaddb136 |
| SHA256 | 8427efd3a78d74150e619ac03c97aded14e5a4dd581278de2f3f8a8a7010a924 |
| SHA512 | 76e85a53abf7dc00fa8b5180983a900875cc5e7c133a6431ec81eabe309b1ea1baa620bd74d92715d88c4321f935501000b3f91bc3d46bf53ab58b7668cd4320 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 07566ee11229542a13227c7f3ce837a6 |
| SHA1 | 9d256fd6f30985633482382a06f55d4efbc6be89 |
| SHA256 | a526c0adecc31e368d3dfe4d4b40659bef00b8db20e741275b3f383110ce3b8f |
| SHA512 | ed346347a55cba85e48dfbfafc94fae7648ea2022fe0f14c5d375900031c91a5d0ddb2c4397eb55b9f2dc0ee588d47cad6eb8b304660f7f4af4e75919391b147 |
memory/968-5202-0x000001D571A90000-0x000001D572112000-memory.dmp
C:\Windows\System32\drivers\mbam.sys
| MD5 | 272e9fb7d4c15649d793c5e9f54e8535 |
| SHA1 | 3dff8612d3123339f1d9466cbee5df79a43513ef |
| SHA256 | b91e2408552dafbbe1977e1c273e78ff2a24f170f92a1f50296812a31f621a4d |
| SHA512 | 984b9a6a94f23ee53c0237c75ed96195a0dc9fe358a4acc665c59819b01328913f321758eced19a8e100fed4ca8f24187b54f7e1ed913e0edef19524a8ecf841 |