Analysis

  • max time kernel
    248s
  • max time network
    346s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10-08-2024 16:30

General

  • Target

    https://github.com/win2007/MalwareDatabase-1

Malware Config

Signatures

  • BadRabbit

    Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Downloads MZ/PE file
  • Drops file in Drivers directory 6 IoCs
  • Modifies RDP port number used by Windows 1 TTPs
  • Sets service image path in registry 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 6 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 13 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 10 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 22 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 19 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 57 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 60 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Loads dropped DLL
    PID:3360
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/win2007/MalwareDatabase-1
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3176
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffba209758,0x7fffba209768,0x7fffba209778
        3⤵
          PID:1068
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:2
          3⤵
            PID:4968
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1816 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
            3⤵
              PID:368
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
              3⤵
                PID:4660
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2828 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:1
                3⤵
                  PID:428
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2836 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:1
                  3⤵
                    PID:5000
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                    3⤵
                      PID:1696
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                      3⤵
                        PID:4712
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                        3⤵
                          PID:3024
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                          3⤵
                            PID:2768
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                            3⤵
                              PID:2888
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5596 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:1
                              3⤵
                                PID:4664
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5436 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:1
                                3⤵
                                  PID:4460
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5796 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:1
                                  3⤵
                                    PID:4732
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                                    3⤵
                                      PID:3392
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                                      3⤵
                                        PID:3184
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                                        3⤵
                                          PID:3432
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                                          3⤵
                                            PID:2284
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5088 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                                            3⤵
                                              PID:4956
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:8
                                              3⤵
                                                PID:4664
                                              • C:\Users\Admin\Downloads\MBSetup.exe
                                                "C:\Users\Admin\Downloads\MBSetup.exe"
                                                3⤵
                                                • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                • Drops file in Drivers directory
                                                • Checks BIOS information in registry
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SetWindowsHookEx
                                                PID:4920
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5940 --field-trial-handle=1780,i,4212214243494504173,3294552205173204562,131072 /prefetch:2
                                                3⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4332
                                            • C:\Program Files\7-Zip\7zG.exe
                                              "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BadRabbit Ransomware\" -spe -an -ai#7zMap9880:102:7zEvent24596
                                              2⤵
                                              • Suspicious use of FindShellTrayWindow
                                              PID:5548
                                            • C:\Program Files\7-Zip\7zG.exe
                                              "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Mist (Win32)\" -spe -an -ai#7zMap27328:86:7zEvent11028
                                              2⤵
                                              • Suspicious use of FindShellTrayWindow
                                              PID:5712
                                            • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
                                              "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              PID:5808
                                              • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
                                                "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
                                                3⤵
                                                • Executes dropped EXE
                                                PID:5932
                                            • C:\Users\Admin\Downloads\Mist (Win32)\Mist.exe
                                              "C:\Users\Admin\Downloads\Mist (Win32)\Mist.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Writes to the Master Boot Record (MBR)
                                              • System Location Discovery: System Language Discovery
                                              PID:1860
                                            • C:\Users\Admin\Downloads\Mist (Win32)\Mist.exe
                                              "C:\Users\Admin\Downloads\Mist (Win32)\Mist.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Writes to the Master Boot Record (MBR)
                                              • System Location Discovery: System Language Discovery
                                              PID:3164
                                            • C:\Users\Admin\Downloads\BadRabbit Ransomware\BadRabbit.exe
                                              "C:\Users\Admin\Downloads\BadRabbit Ransomware\BadRabbit.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Drops file in Windows directory
                                              • System Location Discovery: System Language Discovery
                                              PID:5132
                                              • C:\Windows\SysWOW64\rundll32.exe
                                                C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
                                                3⤵
                                                • Drops file in Windows directory
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:5180
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  /c schtasks /Delete /F /TN rhaegal
                                                  4⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:5244
                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                    schtasks /Delete /F /TN rhaegal
                                                    5⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:5284
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2823719482 && exit"
                                                  4⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:5364
                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                    schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2823719482 && exit"
                                                    5⤵
                                                    • System Location Discovery: System Language Discovery
                                                    • Scheduled Task/Job: Scheduled Task
                                                    PID:5320
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 16:52:00
                                                  4⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:5256
                                                  • C:\Windows\SysWOW64\schtasks.exe
                                                    schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 16:52:00
                                                    5⤵
                                                    • System Location Discovery: System Language Discovery
                                                    • Scheduled Task/Job: Scheduled Task
                                                    PID:64
                                                • C:\Windows\FC43.tmp
                                                  "C:\Windows\FC43.tmp" \\.\pipe\{C6F36132-70FF-4E1E-8373-3258C216A994}
                                                  4⤵
                                                  • Executes dropped EXE
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5508
                                            • C:\Users\Admin\Downloads\BadRabbit Ransomware\BadRabbit.exe
                                              "C:\Users\Admin\Downloads\BadRabbit Ransomware\BadRabbit.exe"
                                              2⤵
                                                PID:5004
                                                • C:\Windows\SysWOW64\rundll32.exe
                                                  C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
                                                  3⤵
                                                    PID:5340
                                              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                1⤵
                                                  PID:3700
                                                • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
                                                  "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
                                                  1⤵
                                                  • Drops file in Drivers directory
                                                  • Executes dropped EXE
                                                  • Impair Defenses: Safe Mode Boot
                                                  • Loads dropped DLL
                                                  • Enumerates connected drives
                                                  • Drops file in Program Files directory
                                                  • Modifies Internet Explorer settings
                                                  • Modifies data under HKEY_USERS
                                                  • Modifies system certificate store
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:2252
                                                  • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
                                                    "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    PID:2912
                                                  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
                                                    "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
                                                    2⤵
                                                    • Drops file in Drivers directory
                                                    • Executes dropped EXE
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • Modifies registry class
                                                    PID:2432
                                                • \??\c:\windows\system32\svchost.exe
                                                  c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
                                                  1⤵
                                                  • Checks SCSI registry key(s)
                                                  PID:3732
                                                  • C:\Windows\system32\DrvInst.exe
                                                    DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000174" "Service-0x0-3e7$\Default" "0000000000000178" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
                                                    2⤵
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • Checks SCSI registry key(s)
                                                    • Modifies data under HKEY_USERS
                                                    PID:4872
                                                • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
                                                  "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
                                                  1⤵
                                                  • Drops file in Drivers directory
                                                  • Sets service image path in registry
                                                  • Checks BIOS information in registry
                                                  • Executes dropped EXE
                                                  • Loads dropped DLL
                                                  • Enumerates connected drives
                                                  • Drops file in System32 directory
                                                  • Drops file in Program Files directory
                                                  • Checks processor information in registry
                                                  • Modifies Internet Explorer settings
                                                  • Modifies data under HKEY_USERS
                                                  • Modifies registry class
                                                  • Modifies system certificate store
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:2268
                                                  • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
                                                    "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Loads dropped DLL
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SendNotifyMessage
                                                    PID:5356
                                                  • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
                                                    "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
                                                    2⤵
                                                    • Checks BIOS information in registry
                                                    • Executes dropped EXE
                                                    • Modifies data under HKEY_USERS
                                                    PID:5724
                                                  • C:\Users\Admin\AppData\LocalLow\IGDump\sec\ig.exe
                                                    ig.exe secure
                                                    2⤵
                                                      PID:400
                                                    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                      ig.exe reseed
                                                      2⤵
                                                        PID:1428
                                                      • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
                                                        ig.exe reseed
                                                        2⤵
                                                          PID:236
                                                      • C:\Windows\System32\rundll32.exe
                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                        1⤵
                                                          PID:4496

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll

                                                          Filesize

                                                          4.8MB

                                                          MD5

                                                          1104d30bc3a2168af06974d91fe19b6c

                                                          SHA1

                                                          0adc46f39c7fe3b1632913baf6830e3eee65be49

                                                          SHA256

                                                          8fa8305650bd8ad0f28ba9e41a525334b8ed1fe58498c4318e95cf968607d992

                                                          SHA512

                                                          c55c8a71eecb2c8d2e74f2c735b308649046e7040b5934657c05f5c7c6c12c2d2d36c163c72888c69530d3730a185a46991b613c7dd78770034f40fd01663b26

                                                        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

                                                          Filesize

                                                          4.2MB

                                                          MD5

                                                          03d6455dc6934a409082bf8d2ce119d5

                                                          SHA1

                                                          995963c33a268a7ed6408c2e6de1281e52091be2

                                                          SHA256

                                                          82ca2aec64fe151efd59a838c1845111bfb9f94ff277be3afae4e3f684ef3a62

                                                          SHA512

                                                          a0ff71bc01a11c9a95c1a0186a7bbfec9c3f84d7e600d0bca877934fa5f84053627bc59bb355f53ce9e3c9e4c6a841b8f5cb7436fe7f43b63426a8a851392c6d

                                                        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll

                                                          Filesize

                                                          4.3MB

                                                          MD5

                                                          26e2306862a3e09489e224b8c7c08b4a

                                                          SHA1

                                                          31b054b957d27ea4b2e3270ebfe7cf62e32890f8

                                                          SHA256

                                                          c8aca420097260a96d04398a90f7c346f0b1abf94a44ffa539050e4dd06259f0

                                                          SHA512

                                                          604c980476b386d5efad2ed273a840fb92dc40bcbee78c9f2fe9d300437978c8b47b2d44e903b43c3b1127c276fbf58fd823342850e6d3effc038acb0f6b1202

                                                        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat

                                                          Filesize

                                                          75B

                                                          MD5

                                                          de4d7662da3ada12b33cc827da35a233

                                                          SHA1

                                                          0e7ffacedaceb32bb5bc67c05f3a5f8bd9d05a6d

                                                          SHA256

                                                          8780c7b89f88a6bac8cbc9a467b452c134dd879ad1289c36baeb3cfaa47d0440

                                                          SHA512

                                                          43a40baf416ee3e7d19581b88a432161247b2dadde42bb22def3094b9e4edfecf27d3ddc9dfa10a24d795908882661f22e7227af5d73eee07a1f8a980c8f09d8

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb

                                                          Filesize

                                                          14KB

                                                          MD5

                                                          5ea79238339662eb95ca5ca5fe909192

                                                          SHA1

                                                          fc22a888e665636db6fb9535cd816523e24e641d

                                                          SHA256

                                                          867a523b44fe0e5e05a1e5d49a244b74d41c0f981fe730c8028d6cdfd52ca5bd

                                                          SHA512

                                                          00a6c0696befe2fdf3d99a1ca8b14f203fec400b5f87f3174e1f975d6d98e186bdc8c387a67c6dedf1ae4b2b311bbd9adee43185edb72d5884d9d99565c6cf2b

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat

                                                          Filesize

                                                          924B

                                                          MD5

                                                          e2d1f0fef79837a782d9b4a89e699c78

                                                          SHA1

                                                          b5793dbb4b432311cb2ac9492e0dae0e0548cbef

                                                          SHA256

                                                          27b8b2df2134dd12f16f4c736c5c57f0258cd975418d0d48ce8828b2f0654ec2

                                                          SHA512

                                                          1c903c9470a67d9720be00d6c69c9a2f47a8ca84dbab0f8883bd264a6e3d9c9f629582ae2ef8eb535cc2e57098641fd8695dd5b7e8dba57a14a05c74d97ea11b

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat

                                                          Filesize

                                                          39KB

                                                          MD5

                                                          10f23e7c8c791b91c86cd966d67b7bc7

                                                          SHA1

                                                          3f596093b2bc33f7a2554818f8e41adbbd101961

                                                          SHA256

                                                          008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

                                                          SHA512

                                                          2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt

                                                          Filesize

                                                          23KB

                                                          MD5

                                                          aef4eca7ee01bb1a146751c4d0510d2d

                                                          SHA1

                                                          5cf2273da41147126e5e1eabd3182f19304eea25

                                                          SHA256

                                                          9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

                                                          SHA512

                                                          d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat

                                                          Filesize

                                                          514B

                                                          MD5

                                                          ad4a01e84c546c1bc9b40e4d0d286a8d

                                                          SHA1

                                                          7e25c0ece735fc533b95f5e876c04ab2e4feae86

                                                          SHA256

                                                          4f1a0fcf117652c7e0b73f7df783f322d6948cdd116d91e4b8b84d817d5404c5

                                                          SHA512

                                                          5105b29ecd96783af0900353b127f0caf66f22c4f1eaa7da4ef6500067d62c16adacf2843d910eeaaa0fe655148a6d50e889d25b7fc4b1dd83e3cf5dfbbbfdcd

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb

                                                          Filesize

                                                          24B

                                                          MD5

                                                          546d9e30eadad8b22f5b3ffa875144bf

                                                          SHA1

                                                          3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

                                                          SHA256

                                                          6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

                                                          SHA512

                                                          3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb

                                                          Filesize

                                                          24B

                                                          MD5

                                                          2f7423ca7c6a0f1339980f3c8c7de9f8

                                                          SHA1

                                                          102c77faa28885354cfe6725d987bc23bc7108ba

                                                          SHA256

                                                          850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

                                                          SHA512

                                                          e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb

                                                          Filesize

                                                          9.7MB

                                                          MD5

                                                          ab6b9a05b7a055f3cfb4486f61c28a50

                                                          SHA1

                                                          3f5918a4ca013128fcc13fecbe4be7cccdd539e7

                                                          SHA256

                                                          c1258662254d0b484b55f1499bd0e8e2fd9fb7c274d4a197e965a807d0c20d3c

                                                          SHA512

                                                          a4e3ee4ad8306ce9946e3dcd3bff03e59692fd18b168c732fa80e584f6fe561a3abf7e2731bec8652c1c8bccd39254a915aa1f211a6dae8e9760a13eb4e014a8

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb

                                                          Filesize

                                                          822KB

                                                          MD5

                                                          a2d401c69ce21c6a0c8f591b1885d99c

                                                          SHA1

                                                          96f344f8a7d9bb2831b3562788fb8f589a16eb37

                                                          SHA256

                                                          051c6af799e1704a27d834852f3d6d061e9e1c8c916f1d9ac603ef54ff475003

                                                          SHA512

                                                          84682a61bf79abbd3a3301bba6f163b761b3ad45f87745e89832452173594710f98fdc985cade1b68a6bfdc48c7d5fb3c467ba46cc289d1b57073c861d99bdaa

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb

                                                          Filesize

                                                          167KB

                                                          MD5

                                                          a5d4e3b4f5622381005fb237372aac97

                                                          SHA1

                                                          b271637583c7a069be55ac37bafa90719ec1d7df

                                                          SHA256

                                                          a65819e35dc06c0aec5b516db99fab153549563086efa15b8abf9ffb581db477

                                                          SHA512

                                                          54760b70fcea209f7325d7be13f792bbff996320d0e236935a7c09e8549b43596eb7195bc00d77583acc5e0bdd53f279519d90057d948492061e20f11ca9cc52

                                                        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb

                                                          Filesize

                                                          23.7MB

                                                          MD5

                                                          acb7e1f74e40b7ef5b59a3c009579d3a

                                                          SHA1

                                                          ff1523b36cbb05b16f9f97106655f64cead43a15

                                                          SHA256

                                                          444ed0b8b4093d5fd8b26d1a394301d93ea2fdbdfaca3bef95e39751fd8b83d4

                                                          SHA512

                                                          7f9d820f32bdcd37d88d040c72705abee715f46251d998ce74d885f1a4ef3bdc25b2d832ce5506ca44d09df54292600caf1c35ec4227e03b3dcf2cbab68f6616

                                                        • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat

                                                          Filesize

                                                          10KB

                                                          MD5

                                                          8abff1fbf08d70c1681a9b20384dbbf9

                                                          SHA1

                                                          c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6

                                                          SHA256

                                                          9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658

                                                          SHA512

                                                          37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

                                                        • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys

                                                          Filesize

                                                          107KB

                                                          MD5

                                                          83d4fba999eb8b34047c38fabef60243

                                                          SHA1

                                                          25731b57e9968282610f337bc6d769aa26af4938

                                                          SHA256

                                                          6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c

                                                          SHA512

                                                          47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

                                                          Filesize

                                                          8.6MB

                                                          MD5

                                                          4dc92b52e48b9a7e209307def43f0fa4

                                                          SHA1

                                                          ba0640d5afd2d5b07fdfca4d2a37a1208bda1b94

                                                          SHA256

                                                          461727e42566cd84e4161d5332131956041e02e3d81cfec07c22862fa4b6d3d4

                                                          SHA512

                                                          cb1b2f63befed99c26a5f4912f5e9e7a315f75414097e66a2c2768573425129d18245e515d2bf38e352eefd78d0e61407d43a09993edf0aec6e2ff7c296d0d8d

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

                                                          Filesize

                                                          2.9MB

                                                          MD5

                                                          46f875f1fe3d6063b390e3a170c90e50

                                                          SHA1

                                                          62b901749a6e3964040f9af5ddb9a684936f6c30

                                                          SHA256

                                                          1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec

                                                          SHA512

                                                          fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

                                                          Filesize

                                                          291KB

                                                          MD5

                                                          ff55b92da0100783e29683ba226a6a96

                                                          SHA1

                                                          29de03346703b4280a0d016bbb6b7da03487a4f9

                                                          SHA256

                                                          f36144ce786daa8de23831ca21dd0ea7c02afaafc7d20a8a4d3703918a16c162

                                                          SHA512

                                                          dd1ced0c037bfa7e82e8980ff8336e192cdad52246bccbb85332e9b0533e4adc991168cbd16aff7c37f5418162533d9fd93ab4cacf9d6538cced53b8fec63122

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

                                                          Filesize

                                                          621B

                                                          MD5

                                                          85c1b5de6ddd337484fa38f098f03707

                                                          SHA1

                                                          e933885eef2f4b0b1133eb78910390ac80750650

                                                          SHA256

                                                          6010febcd277ca25af1755fa749ea2cea6cd01bb61336f35e3cb86c671a0ae58

                                                          SHA512

                                                          ace7dee53a39619842d4202a45631c998e6ef0d8d059c5bd6dd3d6c8821c7b8c67b42600463c1c53bcfa8081f7ddb20e30df01eb30f4e9a867c68bcda6b329cc

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

                                                          Filesize

                                                          654B

                                                          MD5

                                                          d1802829b28906e13b5e06caf7311cc2

                                                          SHA1

                                                          e80f9de42cad49d863d314341db946a0622c4e8b

                                                          SHA256

                                                          1c29e7c70d8f98353dc5dd1a7ff93f5da1a975ab2a9bef7458ec9fb61adee835

                                                          SHA512

                                                          338830b2fc77a98a5421fbe81170f014e826efa361b4c69685ea36c971ba10f3d7330b26e9dd553de9996ad6b20a9f8f9d77e8b38a3d0a062085545a5e5e2450

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

                                                          Filesize

                                                          8B

                                                          MD5

                                                          08c0520c18431ff523091aaf8bb38fb9

                                                          SHA1

                                                          fd864c138b0cb68c361e754a463bc34a87fb3fd5

                                                          SHA256

                                                          7365b33553803ebbda706e612d72f0cb6c255fe4326454fc46e6b805d9af3b29

                                                          SHA512

                                                          b87dd80762dc8d7209947eba125a8a09dd3aef005910cc2da044615d906916b91cf1a475ea489222c809ca7170fc1b5c192b210c34cb4d4fdcbde2f2b49a45da

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

                                                          Filesize

                                                          3.9MB

                                                          MD5

                                                          b672a064c3cfdf56ce0d6091edc19f36

                                                          SHA1

                                                          1d21d4ca7a265c3eafaae8b6121be0260252e473

                                                          SHA256

                                                          04fdd99a4e8ded496a99c9d3c8c0b6a9a9bde9c4187d07342260f63852ef6273

                                                          SHA512

                                                          53e6c4bd68a0cf36160b21d63e7a6152ca78f17c76ccee9e185c1cf3f5a254c05f401f91501ad3d6806d5085b1f58322e6b7ad483fb813b86cb8570519410680

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

                                                          Filesize

                                                          2.7MB

                                                          MD5

                                                          b7e5071b317550d93258f7e1e13e7b6f

                                                          SHA1

                                                          2d08d78a5c29cf724bc523530d1a9014642bbc60

                                                          SHA256

                                                          467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

                                                          SHA512

                                                          9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll

                                                          Filesize

                                                          2.8MB

                                                          MD5

                                                          2bbf63f1dab335f5caf431dbd4f38494

                                                          SHA1

                                                          90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0

                                                          SHA256

                                                          f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364

                                                          SHA512

                                                          ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          5d1917024b228efbeab3c696e663873e

                                                          SHA1

                                                          cec5e88c2481d323ec366c18024d61a117f01b21

                                                          SHA256

                                                          4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8

                                                          SHA512

                                                          14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

                                                          Filesize

                                                          113KB

                                                          MD5

                                                          2ccb84bed084f27ca22bdd1e170a6851

                                                          SHA1

                                                          16608b35c136813bb565fe9c916cb7b01f0b20af

                                                          SHA256

                                                          a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb

                                                          SHA512

                                                          0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

                                                          Filesize

                                                          9B

                                                          MD5

                                                          a58601a3ccc71c69736ff3f16e3faa50

                                                          SHA1

                                                          4ef363a438a28e0c966f055f89788c9292b8e091

                                                          SHA256

                                                          3edae4348be02e88de39aed7fce3aa4e781afb6b7728121777066ef9b9b17555

                                                          SHA512

                                                          d23ae01eb0824a7e1865f9a7389bac349373a90ded9e46937f331bb44aa4e9b275efd795b346270497fa67f2afb9624c8a088cf923e3029090ddda11c8ad6ca7

                                                        • C:\Program Files\Malwarebytes\Anti-Malware\version.dat

                                                          Filesize

                                                          47B

                                                          MD5

                                                          ddaf1fc92a5fa73b8407398e7765c580

                                                          SHA1

                                                          f5a29d707ca2b36e4547f01570e1233178e4e71b

                                                          SHA256

                                                          8b1a3e7f19be83f0948571a9d84701c1d42839e0832e3d9b54f634a8769b8cea

                                                          SHA512

                                                          03df266b3142287d20d0217954766c4c0f8534481c97399a8a19ba5c4748cdb297f927361b1d5950b3f24dc10f64caeb9059b7b2a91bf29e409b51abad17b55e

                                                        • C:\ProgramData\Malwarebytes\MBAMService\ScanResults\7388bb7e-5736-11ef-889d-6a02b38d1b32.json

                                                          Filesize

                                                          44KB

                                                          MD5

                                                          4e84bf122c00509d7dcbd3cdc4176cd1

                                                          SHA1

                                                          2c0c95c5ccd96696da2fffc29fcf3ceb15526ea7

                                                          SHA256

                                                          7378fda7e1e69a9626fd14213be746b8ce04e7f724acbdd4a9a6e2a2a6e26589

                                                          SHA512

                                                          f246ddf502f834b5c2d80d8d8447590e5d78392b5587dfd639f8ab9fe7fadc9a78d63309528cc1a71c843e7ad0cae837cc2379768d6d5707dfcffa5648a21f01

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          aaf9425328b413cb3e7f7d0fa2891730

                                                          SHA1

                                                          80712cab60a80d1d11f86814c0e1d7c31918b427

                                                          SHA256

                                                          4c1a1ba7324f6df282da8304a64645ec3ba762847630ee71b9aec7f0f882ab9d

                                                          SHA512

                                                          cf4a63ede90e699482846f4f08613e7306f364babe7ac9940b38706bd9d8e19b9f18ef72d38ce937f9718c8f4c1fbea9d4392dcd9f800261db118e9081297686

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

                                                          Filesize

                                                          47KB

                                                          MD5

                                                          17da5ef44bf938086643b14afa4983ed

                                                          SHA1

                                                          cd6ba87b0b62c479bdd10ba2382d13141c04baf9

                                                          SHA256

                                                          953d1b75ec36b7f2fa2b0d546e8ae2f6b1b5f73bfc9f354bfec82dab2582fd3c

                                                          SHA512

                                                          b2929fe948351d440ac4374e04c73e9e70d9226436b9d3f6bf976af65e0ab2d2efbdb269ddafd26b9970f808b3fa2b8045589dee0cf5e50e64291594bae9d2f9

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

                                                          Filesize

                                                          66KB

                                                          MD5

                                                          d461a04e1c93844717990d5f84af6bdb

                                                          SHA1

                                                          23473893b7b2acc0aedfd89a39748c0cdff2c57a

                                                          SHA256

                                                          aaa05973889c2e22bc6e55ba3ac18a4032414653f09d644fda23b64c1f33edf9

                                                          SHA512

                                                          249187709e5ac795c87c35120f36c6676cc4434988b501f92c7492ea3b1950f5e21f46efe04928f5e4dd64d3ddebf6ddef86e8264c909ca6f96177e5e727e5ae

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

                                                          Filesize

                                                          66KB

                                                          MD5

                                                          c52665639ad3e1ea85890e82362723c4

                                                          SHA1

                                                          d99897094c744a60265685373e1b9dd94148c24e

                                                          SHA256

                                                          729eb9575c6804ea2a8324f9c8d5ac4b4c9b440d30b3d573cdebf01a21fc57cc

                                                          SHA512

                                                          2af5d8b7fc61a3223ad94d23d8ac2899f5b0c35f92b494ecc859255131dd212205a726174620aa8ed0f145ab456bd71e80a08d0e5f06ed35e05d06ec9c88a181

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

                                                          Filesize

                                                          607B

                                                          MD5

                                                          bb1d3e60d493ab6be0565d14daa9b70e

                                                          SHA1

                                                          cb9aca45b3009788617b5225d6d093b40998054d

                                                          SHA256

                                                          428ff150a6986e82d3f793e2fd7e880613665c09991d2422af3e6e8feacf9b0f

                                                          SHA512

                                                          0d3babdcbac02f2ed67eccbff77db0225f374908d437acf4e38077c462154a037a0758a040f0196965afc8f294bdbf0ffc10aed7bb128cf00ce3af4826c91dcc

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

                                                          Filesize

                                                          847B

                                                          MD5

                                                          85ba8944b410a861dc243d47782f618e

                                                          SHA1

                                                          f466a4475665465c507e4a0852f3d2f3492011f1

                                                          SHA256

                                                          fa6b829477837e264137394ba3f637419af37289b27be6e1127c689883d2ec7d

                                                          SHA512

                                                          250d29fabda1ad8952981ce426c8b27dbf8f521d531d3112766dd64d28e76a8368b8483f77135544de2c2049d2ebe78337239fcee6d810a2f11c4ef6ff86086a

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

                                                          Filesize

                                                          846B

                                                          MD5

                                                          aa628d33e4ce8a0709d096ca063a8aaa

                                                          SHA1

                                                          169afefb9ecf912500776583766dcdc1cc70c204

                                                          SHA256

                                                          6dce775cc3a37d93f439eea31b1320e7f9da39b1ac8396dbc7e74a2dd19978fe

                                                          SHA512

                                                          ad3459a1914d80200b1f107e28274c577c65fe8b10773bdcf29423d7a25049ff38f8284e91eb77734096870a3ff02fe99af64f52b00fedae4410d5abb2b14c16

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                          Filesize

                                                          827B

                                                          MD5

                                                          78085590b8cfb0dd3c5e228b8513fc46

                                                          SHA1

                                                          32a482087ac2d418d9df8542dbe956daacaed712

                                                          SHA256

                                                          2c91935d5b45ea6751df2ee7b4804095cb337fa165305ed644a7a332605a3c5b

                                                          SHA512

                                                          1ebc8e5954d651e3ecf5ca80941fbb034c397dbfcbf4c6ffab5eb86da24325b524f0fd275a9e4c6c71fe7908b921ba927d57a5205b86b006bb359fc48bf794dd

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          85d00e7d11f68eeab02d8c7823e77061

                                                          SHA1

                                                          a32eca851452b751af65484633b7c03a880cbd86

                                                          SHA256

                                                          37d8a81082cc5e0345d259b35db63cc44acfa444f66632ff3725fc39deb961b2

                                                          SHA512

                                                          d0a070ef0737cde523eba71f6bfc6a77206b37518e03ceca2a3431cbbe5cf1584d9bee996fb83f597581ae41998223c35ff384027fccca74490789e68926b3c0

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          200b2dc1e2c9f3ea1dd7c6245a8398af

                                                          SHA1

                                                          785b56577c9dc26df7fbe4dc40679198dd66a951

                                                          SHA256

                                                          221f906d3407a8378b4ae41e48ab84677a134021a5dbcfd0b136e55b662bc44c

                                                          SHA512

                                                          20e7dde3d2770be0b12dcdde462c01e8564a1d0f6b24274b746b3a125c854b08518ee81ac787750cf4621017b82d070e749fc5a8806924a8eaa43fc2c5257d74

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                          Filesize

                                                          3KB

                                                          MD5

                                                          86e98a2309aa645ca4658834c3ac7270

                                                          SHA1

                                                          3b793628e4a25ae0a21da5d38dd70ce645e45b59

                                                          SHA256

                                                          e86282bea23a1e0bd68dc37b18664e733570f3ad19ef7a183230337af0038759

                                                          SHA512

                                                          584b80201dcfd4b9027b6a91e6619c178b8cb8f95e223623134dc4b4d9f10d2a0143c10d1af5d8db6cccb01d758512ec7ebd2ec6f7e237e2d6c173718996061d

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                          Filesize

                                                          5KB

                                                          MD5

                                                          bb26eb657551f560cc7c04d38bb1dbda

                                                          SHA1

                                                          3bbd09157f0dc8fb62aa00c083c04cbbdfed7de9

                                                          SHA256

                                                          97c5028604f8f0a0fb2abffb8506dd2cc9ca2ad2a4fe6f44ecd62a8b8f3ec8eb

                                                          SHA512

                                                          3702164233a388e197befed5874411dd875efed3b55f2f01c7c23c75e5676cfa1ae5ac392faf98cbd9968d747e03c12e42011baccc6cc9ef49d28efdc9238b4c

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                          Filesize

                                                          5KB

                                                          MD5

                                                          a57f95a0346f3cbf867161ad8a54e682

                                                          SHA1

                                                          f62f89074cabfbbace1adbac1a8f5fca773bc5f2

                                                          SHA256

                                                          cf6ffef4795759fd1e02c323ddcdc05820c1f1f386e383a2f132551e9fccdecd

                                                          SHA512

                                                          313ab3009e063ce3478d94acb951ab599c4ceef46602e55df51ae847ca205b193b9b8bf2d4918ba898bb9e8dd2c6ff45270883d3b12e55bea4e3b3f8980905d9

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          fbcfbb3675e11f3ed13f036eb1320fbc

                                                          SHA1

                                                          e5fd34a0dd7b3ce256ff0a47bea950eb8fbf0686

                                                          SHA256

                                                          3aaa2878926565675dafa8e785d7769f31530c85714cfab43a8065a94a5f61e5

                                                          SHA512

                                                          459854ef9f4ba32cbe12e56d2d9948d774b4b922bdff26dd733eb9a15a3770057b09e369a83b986f84fb2aa0c90acde7f42e4851898b5d37a06707ea738c2d07

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          a47e59e707d0d3ea25c7c09a222ea9d1

                                                          SHA1

                                                          086dc2a16215b74774ad8201f558817dca1212bd

                                                          SHA256

                                                          36b63cb6c2ae18c788a16806eebeabce2656cb49cafb7a3c9ae4ad8e7f3e861c

                                                          SHA512

                                                          040865fcb1bc21a33f604306700d1d4f48974cfe289c38d1c44b3921e74cc9325cf8b1b4e885c672833749246ab00635b1988d25f22e94041c6ba590da27b6f8

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json.bak

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          e6e5d76960ca4c888f424670cdb9acf5

                                                          SHA1

                                                          f4d1f6450001c30d867d9ec9e9cc3eabca683e3a

                                                          SHA256

                                                          4ce3e603e226d4a376b20e3f53d6db11d6579c99a6a6b5f10011c474c589c2bc

                                                          SHA512

                                                          039b017b910711c85434e8b0708c88be82850608ced546e3a6178a047347b077c5a63949e251d6244650670160416573bca588b3d36dbb2d6d2b575dde307d33

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          b9fb56203a9688f413abc0fd261d905f

                                                          SHA1

                                                          21ebe48fbab10fcaf2d0acdb87d9eedcb2044e47

                                                          SHA256

                                                          bdd52e392fe6efaee7b6cde8a0444a6674b170c9ff0b15c636273944e1146ab2

                                                          SHA512

                                                          4fddaedeab5a4716da34d8e42c99cdc78f84f7f89956976ff6778e8d97e728bd6c0af9317badd91ffc44055e9d3eaf190f271441f15a14c1334095f82c2f4d55

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

                                                          Filesize

                                                          12KB

                                                          MD5

                                                          3350f0ac42602b28900a6bd4fc8ed651

                                                          SHA1

                                                          4725f78f2b37161f747251e8439169a6b13f35a5

                                                          SHA256

                                                          fd93dc1f4068d23b5e0d5cd3a2849a2c3b251cd0fad4ac3add154306b2ed4e47

                                                          SHA512

                                                          faad5fcc8191305e0432105d095b7c3ea43c611a1f527109ab03efc1004d525574aecfbe013ca375af7ebf7541b8c814a3e2479a571fadd108618cf263d8ab70

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

                                                          Filesize

                                                          12KB

                                                          MD5

                                                          cae18c69ffbdbad2555122a10a90407f

                                                          SHA1

                                                          fdba96434b15ebb15da012a23322ff32e9943852

                                                          SHA256

                                                          1e93d189908443f9b45f6a6881dc94b48e8234af858009a197d054b7def094b3

                                                          SHA512

                                                          06a990a97507f8d44a81c26459d25e259a5ff8e29a409355d0a9dcb59bf8844a6e5f8fab854c6f20c510774f726231c765a06106c1ac11093e55f9b1939eea18

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

                                                          Filesize

                                                          12KB

                                                          MD5

                                                          45b3139271cc4067386aab157155f3a5

                                                          SHA1

                                                          67a8ecda5061da4171591c6f50e9e82904d4923e

                                                          SHA256

                                                          b7e879fc30a5cfa8123ea8790e82ff2928555a880a1f2e215b5c6063f518cd7f

                                                          SHA512

                                                          f8cfc0cae0c0566fbbba61065122a092ac00d9fb722b85c1d5a7eef15517bbdef568db850cb5b8da420ae5ffd705d85de083e540b2281578805e7391d82c7efd

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          100d9ee814d2fa367c95bd8b79a7a272

                                                          SHA1

                                                          0982b9df7e863937317f226eb93252d8890d40fa

                                                          SHA256

                                                          5c13180a0b3fa0f86ed247fe601cc05df9a6fe133e5110e6182a4d2b52e84058

                                                          SHA512

                                                          39967ab196b55fda851fd174d113638ea5f664bd6ed5969d65ae1a1deda8ae6ad606432086c0fc203ba04337a7b5399de2a5c05ce23de7ca9329229d3bd5baa0

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          19fdc7820c4cdce6c9707ccca9e53baa

                                                          SHA1

                                                          e71d3417f2aa543a15d13e666dcd14bad4924e24

                                                          SHA256

                                                          6c09f8d9c76b6fbe66d364caaf8cffd262a44c99ed5b3bdd9b1d44dab0cc9925

                                                          SHA512

                                                          777881171356a6b8a7dcc96e49d546fa5580e3aeea176cfe3545971df4f6b5843e862b22c1090569b9ec496b2f6b35c747983120b9a86d5d6120ca96a534de3a

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

                                                          Filesize

                                                          814B

                                                          MD5

                                                          c7d9415fc98080a54be6b479f124671b

                                                          SHA1

                                                          3f7e80700f1dc7c68735b1b768cc13e88603ec00

                                                          SHA256

                                                          6e31f544905d3a963827cf4fca39dc71b1a8ac2733d2ecc0d71555628094b2cf

                                                          SHA512

                                                          449c312e00dd787c853e1d3c13b671364c6c889caf9e02f4fd1802dc10cd64daf9480c5016cbaf47b07a69b0d8cb01558df327b7a07bbfe2ae49f7efd8b2a953

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

                                                          Filesize

                                                          816B

                                                          MD5

                                                          327a2864bfe26432e89fba4ac3d804da

                                                          SHA1

                                                          4cef5d7f7e3ec22ac5e6581f00f10c8e1397d695

                                                          SHA256

                                                          3787dca15fbb4587eeb4849a661256e4980ff3f5d04aa6b7b228ee639b5de454

                                                          SHA512

                                                          7876295a28d5c694f2fd03204140fbe8a61715bfb8a70882f362d6678896662d2a22bb643e2d2ed7a6b25372959e9e0f9a4ac953866acf526f14903d08883a7f

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          cf12e4262571c348f48d10cc120c3f09

                                                          SHA1

                                                          2e0926ad1a2320ccf689ae9309b48ea1d5d770ce

                                                          SHA256

                                                          86c84344210ff0400dc64c933ec69e6413325f2afa116c5c6468e615c346c702

                                                          SHA512

                                                          7d217c1731a16ff2f30976a49359f195307c97c5f0c620bc39c539d4e08a7a892101b75060dab204c02cfcfb85b22bd3e9a6fdf8db3c3e144e70a7b10a41dc84

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          783b37eda1561cc448cc73574cdee1be

                                                          SHA1

                                                          fa901db2036803602dc0fa46ac6cbda73d8967de

                                                          SHA256

                                                          a06a24d0d6aac0446d791996fb07a8d9c17338ee040bd1b4d2b7bda5daa5a785

                                                          SHA512

                                                          0d48ddeaa2a41e9c85b18e11c5b13c59d92ee4584b11a1f2c2f5e91f7d39aa5c3c084470b9c16473b2224bc03d481c238beff8d867d3b6ff9f06c9b547daac03

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          f6c682d4a6aeb7a0f5f7cb720af199b6

                                                          SHA1

                                                          5100b60cf08f4da731b79d30eda6fc41c7a8ab65

                                                          SHA256

                                                          cf12dcc68416b37349b26bb1dc8cc37d1f21ff4b544f05262b6bd830fe0fd316

                                                          SHA512

                                                          c3bb233c4c76452ac69fe276a1c8454e1df2845659867a9cc274bd4d2f2ae5a45f5587ea79eeb17c4e885aa2cac1ea0ace4761521e75871464ca0a9488c3327a

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          0fdf4a60822c9b8ea8c15a38e3ca9138

                                                          SHA1

                                                          3101442a45a7f8ac276cd4dd189d645ef52538b6

                                                          SHA256

                                                          9f89fb2abacde0878b903595ccdae0ff3ecacb11cca0248d5a7e7d9f3c6f6834

                                                          SHA512

                                                          4be010df0c33971bc11739e5ca39c65ed7106ff80e56a6032cbe57c1decde181d4daee62b774b8b5a7c58c72405632cd86911e672a54996647fa5566e8e5c09b

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          684044fc28b01c074a0f302bcdb284eb

                                                          SHA1

                                                          9bbbdcc54abbdf31cf4a421ba370495ab9fdcf6a

                                                          SHA256

                                                          8be8de7369aae543f42c56dc838a57c2b89f323586e3600eb666f74c1b0c19c1

                                                          SHA512

                                                          b8902ad4149cc1fe7c78cb4ea188440abc5683be06f33ed78ae598e3aa3540cac010dce1b23e78978bdbc6dc23eb3e7bd35471514446aac78e3b13e482bdfd35

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          1e0483280a92326729cf9b36f59cb763

                                                          SHA1

                                                          ae0cea8aae156be307ff82ad2ef84d9e573e34fb

                                                          SHA256

                                                          f7f30853144cc987b483a932666cbdea1201775482ee37ca34f5221de2d0f20b

                                                          SHA512

                                                          6e978fa8c5412a45cbfacf43dded28b6c63a239f8218d779316b0693d26c82ff00d6312c22718a6251495f2444a2b0453b8bd9473607047165b0ff0418863129

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          5b079f7eecb2123f6140011777dc6c1e

                                                          SHA1

                                                          c94fcfaecd3d9d33e8a19835321d44d679821f52

                                                          SHA256

                                                          8dd23bd400f06292af12ce0b05ed533e19843eea231d0c35814db521c97fff8a

                                                          SHA512

                                                          cd4d9508c88a39795b83ace9ef8efe2fd3ee1c4e9cfe5d6de352ce7fd09fea3a06824483caf7985da95554e9535b97a84063cfd04d7d222fdc0046686019ebdd

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          e2429912cbdeeaca094a83d992ef5401

                                                          SHA1

                                                          32312d1085fd239454f3877a2c3baf1b27d308ff

                                                          SHA256

                                                          0962036ee6bac01ac87a110f40994a8998e7bead104c68900b2f817a0389dbcf

                                                          SHA512

                                                          65acf0e3155805f770b854795573470138916a8aa858637e1caab687dc5f3c3cc26191244b9c659a74517277883160480c76959ebe6b54992f1f81c6abaa9a4a

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          d4e75f729238a0285b6b35560bd0527b

                                                          SHA1

                                                          8fd5ff016001bd6822413a7cb018b56a45a0dc5e

                                                          SHA256

                                                          858428024e6800794c2f87ead3d98474364c9b303fd4919d31adb8d982451e41

                                                          SHA512

                                                          9e106aa98b4615ccbfe19198f60d5854a3d7413bb89937910da7934eb0def2b687bab7627724a23a36445d860613e6656dc9fce209b1e3b0ca2664f19e1ea122

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          72cf2c923df349ae20053c44d0b954ca

                                                          SHA1

                                                          62219e8f10dbf8f7376aeee5791d55355fbcc16e

                                                          SHA256

                                                          3697f1bdd3fe5f97f85f4d499b1ed055f894d6b0fb2e99c0b0e6511aa9eefd23

                                                          SHA512

                                                          9d848e38430f0645d1b288202f9275e9795fab74b3246fdea9e23bf06090ca399c8823562a76e698dea618ca370608fb0faf6f681042b2113932e7403fac2d13

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          298744a69318df174354f88441eb4b50

                                                          SHA1

                                                          24afc497ce2c36f1b71e16b3847effdb0218e8a4

                                                          SHA256

                                                          61dd67b8f2c111ffaecf82e280ccbb8d0a7408829bfab132e48f25bce5675263

                                                          SHA512

                                                          fb85c595033f8aede06f1fb8bab0c24959f9dce2dd1c9e5f8e23a29cdf2f5160ccad1a5f57d37d03b1e8aabf92b5421e29868c22dfed75606bcb5d00e1b65f0a

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

                                                          Filesize

                                                          4KB

                                                          MD5

                                                          a73f08553ccf84d13f11a7a0e5b59381

                                                          SHA1

                                                          39ca77865c17c674097177f1ae9886eb726f7855

                                                          SHA256

                                                          5e3ed0ff3ac72e8d1c54c377712002566f7242f9630877656621c37d18014902

                                                          SHA512

                                                          5facd946179d3804f2750c77eb9ee27c6b567e38f00ea42534c017e5ab6ccac164708af46e0b0ab1920e03b3aa93507dcd7f0fcd8ae0fc7f5265688944f26eda

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          4b951cad0feb5150f08c0ba69e7f0c6e

                                                          SHA1

                                                          93937cb9e1ca0bcfc7d90627ee185dc948deb813

                                                          SHA256

                                                          6c5fcfdbbab2773f150093b871c9bb030b285a9a815493d878e390075f097530

                                                          SHA512

                                                          4f2f244af3985dff14c76bf56d156a9676a14d3aed85d1b3e8c2dbdb34e11742c593d209cc8e8d36f452c4cfc166dcc2780638c6d625eaffd6124b2973395ca2

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          7b482aa49f9756fa63ffbbf0d499810c

                                                          SHA1

                                                          157f91df7b72eacc5637aec32e874dd940d2bbac

                                                          SHA256

                                                          e2ec4b2643998432c36f0aae9eefbca2eb1b9314ae2e4489ba7bd606ecb45dfc

                                                          SHA512

                                                          259762dac118b80cefde41da3da402e21db704a9ed1a90670936e181d3a1c65f641519aadd206e4506706f90f2fa21d17cfcc29a97aad3b9c48f57f40028e303

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          17ee5e291ba5d0607e59b44055aef10a

                                                          SHA1

                                                          9f29c7e8010c9c5446fa4e1fe1f4ba3381f94c63

                                                          SHA256

                                                          7ac9513f34d3cc3ea8b9456c0f47cc04474c1bae4f2afa75a96a1a401e4c1f20

                                                          SHA512

                                                          5164e5c215641f3f1c8414d9ee3a75566d5382c97bf1c836c7f5d943489330c140ece39c80f0d33b02aa02099c5c1752b8bd9e097efb4b591d0892df4bb75c8e

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          4a6c5854f7c43d0806d97070763e61fe

                                                          SHA1

                                                          9b4f7955fa7df9aa72b93c24b51545dc1a831c36

                                                          SHA256

                                                          056559999c0a33d5b1f19878bc07be8f0ce7582799b239474ff9c0d1d9fe4a54

                                                          SHA512

                                                          e73476b6f869198d2d269058d372cef60e861bc8b1b0e6cc51e84fe696767bbcd8835c4bacb1392b4589f548ddfd8cf933e6f2d4fadde44e858b578037ed5052

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          2bfe4093a26c9e6d1fab4e10ba791cc3

                                                          SHA1

                                                          c764e5bcb89f31761c6544c52317561f4a3c1b56

                                                          SHA256

                                                          a8eb31c32da1a265b9392698d77ebff44afb622412326a8167965a89752756cb

                                                          SHA512

                                                          13092d6d1052aca0eb847c4cc30a750c75623ca74a429208a42b16645ccb40bad4a328fea65a9ec0d37ee71ee4e2e23778fd71bcdea9106a5e127a2803cf3fbf

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          44955fe2752fe29bc028f9e919b83d3e

                                                          SHA1

                                                          d169f81f596175d3b4a5411d6e991542321e23bd

                                                          SHA256

                                                          a0d17dc4232c39507116e5557609ee72887ac860584ca1762194884962545c19

                                                          SHA512

                                                          bcd33649216617510b2a894cab85330cbb46c2495a0ef6975d1e6933b4d4073a89e368c5b62d5d9f9642daec593add448707afdd1a576f3eb50d6c27848e43a3

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          fbac842de20051756948e9d3edc399da

                                                          SHA1

                                                          1dc5a83985673672cfb5993618ba2c6ae5e79d06

                                                          SHA256

                                                          9493ba32e6ce30b8e00cb16c38dbe0f0816f2a56d72664061e21e2f68287a026

                                                          SHA512

                                                          299e1b249c481b9da7c18d5fc10d2f4cef60366caed8fd1238479d3a23961f14ac47e0aa2e9a97e5cbef35f355d35de28e9eec68744a7a48a32a450ef4110530

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          9ada8e7477dd8cd56f216219403b61a5

                                                          SHA1

                                                          0d0ba605ec34c31f906d8947439a681544e91475

                                                          SHA256

                                                          2963dea0bcc6761892256feb8c6331dfbc5c840f90ca5b25e90eb128ba336e10

                                                          SHA512

                                                          066cedd48c017b5c93e5c4dd203d9c33dfffb4fa600bddcffeba7e34a5e6a98b42becdced5575774888f55811485634dd411c20b018bc22dcda200302667ece5

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          d65d1c852cacb159d45deffbe2db0b1e

                                                          SHA1

                                                          d13dc0b6642c5b2d2458365fafe49f3907276a90

                                                          SHA256

                                                          15beba3b81688b5e6c0d2d23e93bb41452ce13caf4e076e73569e408b4328900

                                                          SHA512

                                                          10f55eb829717077f9bc869187ba844088b3c7bb98e868419e6f2848b2bbc20868e581c9328896e83fa503ee8bf729476339ee122c9152c6ac0019171ac57174

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          ecb91619bdfd6309f1a2b284136abaa0

                                                          SHA1

                                                          4e70c0811736879a3c07e9fb14a67f597f2d2af9

                                                          SHA256

                                                          14e534bf55d576ea2a27c15122b4f4ec9a8d2a4c30b2d50ec6c7ca2b9f47347b

                                                          SHA512

                                                          4ff0dd71da4f64310d5935b7e630899adeacbfb6b6778f8971775fccfed3eeca5a82b332ae22741d9210f1b0ad9e01cc939076ff1ceee50a2118ee35240a23bc

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          23a6ce41076300a57ca70b1b62a0e503

                                                          SHA1

                                                          4fb19bb963905b304bd165f6cd35b274da103907

                                                          SHA256

                                                          75aac2aa0578bde85db06b7b11967ddf475f9590fc9ad2063146ce2d0155ca4e

                                                          SHA512

                                                          9903be2245c5a1c846af4fdb7ae79c42e395ce9fe1787b7836d8b289f637d17a31d34814113557f30a3505ea4c4056230e7d8020e16724a7bf56449e3bb8df18

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          e480722a353f085cc2322080ef16902a

                                                          SHA1

                                                          0f998d18e49835eeb2d8ab77a6fb769f3266c529

                                                          SHA256

                                                          e65d1fd8b915198630167f2be8c1b3bf5ba716f1ced9d945558d09de1e5321cc

                                                          SHA512

                                                          92b1f318484ec8b541b7b48987cb038205fe3a55662e1a951f199060ff43ccac99d27f6a03aa049a2290adef9eb0e66ac2b9ad4620250f3f43221e1379dd1f8f

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          cf86c97f03b9355f812c9a546ec3f1e3

                                                          SHA1

                                                          c091f69ff496d00f4704fa51bf69c7546a591f1f

                                                          SHA256

                                                          46876951c8e1921406b4628ba0776b4a7d81f87caa0a49d919eaed96e91795a8

                                                          SHA512

                                                          51f3c91a2136696600799fa442030fc0dc449a75baa50e90bd2690e28f3d2f5e67f800a1652cb0183663bb83db7dbcd9dbaa03a5fb1f86775c41507ff388ae0e

                                                        • C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

                                                          Filesize

                                                          125B

                                                          MD5

                                                          24ae00951a0e1b224b9828eb3b210205

                                                          SHA1

                                                          e017c0374380438e488e01c20223073c6d3297ae

                                                          SHA256

                                                          58d0a21e7e8d12ecacf815918fc7d471fc2519fa47f277508b7eb457acc9ca57

                                                          SHA512

                                                          d81afd99831d4387d383ff7d2a4670c56db0ae916f3634fc66363002833ab117c902c991dc7279f4467972c884054156a2250da20a9c278715573b5df0d164cb

                                                        • C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA4.tmp

                                                          Filesize

                                                          68KB

                                                          MD5

                                                          54dde63178e5f043852e1c1b5cde0c4b

                                                          SHA1

                                                          a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd

                                                          SHA256

                                                          f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d

                                                          SHA512

                                                          995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

                                                          Filesize

                                                          4.5MB

                                                          MD5

                                                          f802ae578c7837e45a8bbdca7e957496

                                                          SHA1

                                                          38754970ba2ef287b6fdf79827795b947a9b6b4d

                                                          SHA256

                                                          5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b

                                                          SHA512

                                                          9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

                                                          Filesize

                                                          5.4MB

                                                          MD5

                                                          956b145931bec84ebc422b5d1d333c49

                                                          SHA1

                                                          9264cc2ae8c856f84f1d0888f67aea01cdc3e056

                                                          SHA256

                                                          c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3

                                                          SHA512

                                                          fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

                                                          Filesize

                                                          335KB

                                                          MD5

                                                          44fa8780c71be7c399a6d2c1b8514eb9

                                                          SHA1

                                                          2d93013fa337e38030618b2e7e3fd45059c719ee

                                                          SHA256

                                                          b00773f27d645f0a462203bac214adf86e0eea1e7b8cbabef4334f4df2cbf72a

                                                          SHA512

                                                          3dfc1d2200d827adb2c60d8011639df0cd013e4f8eb838d9905d73a81aed904823a03d184f6c264590357d6a0ac3f5ef987c9e1646b94d613b3083100ec21c53

                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

                                                          Filesize

                                                          19.9MB

                                                          MD5

                                                          b566ae7db868bd38fb07af494d061590

                                                          SHA1

                                                          fd4cf6084f6cf62fe3441094ca2a03589705191d

                                                          SHA256

                                                          d85148ea43943ad6c5892dd15bc3ea4e3b988b41a39c319268b8a330a9844e9a

                                                          SHA512

                                                          090bc1a36623def6a5eb2735dcd4b222967a04c3d33acd87d9a0dd757682eda165167613c207b124e0a40ae728e3dcb4aa524eb84fee9b728fbb7c01e4ba90da

                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

                                                          Filesize

                                                          995B

                                                          MD5

                                                          a8e4820e175f7d9c0f37c4f63bdf44bc

                                                          SHA1

                                                          e0aa265a99ceb65255ead59d54ab2e044c7f63ef

                                                          SHA256

                                                          4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b

                                                          SHA512

                                                          68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df

                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

                                                          Filesize

                                                          1.8MB

                                                          MD5

                                                          00bb4872fd3c456f23b2b00a679b3890

                                                          SHA1

                                                          b2f98fc663e37bbfda7398079d4d483d862256a6

                                                          SHA256

                                                          1bbaa5b2a9e7423568aaaf7b6c2939a6ea784e0b8fb5e428b6e7423927e0c9ca

                                                          SHA512

                                                          eda71ee5c4bb9490e9a303347180e94425f2228476a45d983ee4ce5ff1c84b60c359ad29d545b0bcc8dac0aafc6cf0d4297560bdd2e68587aeb0137de61f19ae

                                                        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

                                                          Filesize

                                                          528KB

                                                          MD5

                                                          a8de0cb6e0103dc9dc9f1a7f4f35f819

                                                          SHA1

                                                          27674efbfcc8975b4a372742b141ddce47cb540d

                                                          SHA256

                                                          87bc58ad3b68b87620c543f54f1e5ecbbb49b7468aa7c271a6d9ab95ac9beefd

                                                          SHA512

                                                          6688449e115b0403e08cb24c61f961c74c27cfd6609af360c251eb446d294e42ab1323e34a4e3992020d8c7fd0e8002fb7b96329cdf9c486910508d81429a072

                                                        • C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll

                                                          Filesize

                                                          2.6MB

                                                          MD5

                                                          52c4aa7e428e86445b8e529ef93e8549

                                                          SHA1

                                                          72508ba29ff3becbbe9668e95efa8748ce69aa3f

                                                          SHA256

                                                          6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63

                                                          SHA512

                                                          f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7

                                                        • C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll

                                                          Filesize

                                                          473KB

                                                          MD5

                                                          76a6c5124f8e0472dd9d78e5b554715b

                                                          SHA1

                                                          88ab77c04430441874354508fd79636bb94d8719

                                                          SHA256

                                                          d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d

                                                          SHA512

                                                          35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e

                                                        • C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

                                                          Filesize

                                                          5.9MB

                                                          MD5

                                                          24f879dd9efea23d9b6bd16b6d66d924

                                                          SHA1

                                                          ee6fe50cb38accab0695cd03088748d7164da65a

                                                          SHA256

                                                          2a5dfdbefaf9f96aa03d930322e600f7c91be44c7c16801c787816768d8f4d85

                                                          SHA512

                                                          d589c08ce0967eacf806d8a4dd6bbfaf1d1d09a60d4411ee275408f6e250ea9d1ccae8de7c3ceb582ada31222851b35229ca8cac76cb71d7f8fe9a523bf08dcc

                                                        • C:\ProgramData\Malwarebytes\MBAMService\version.dat

                                                          Filesize

                                                          26B

                                                          MD5

                                                          1c34643ff06be17f94b4b41e1b75a183

                                                          SHA1

                                                          518cf8659e4319ff99b40dcb492013da2e5185ac

                                                          SHA256

                                                          af74cd445b5c0793143fb8f8ed9a1f42c7cf7e0105512a7ecf71728b308dfc10

                                                          SHA512

                                                          167bceb8fa6dd57363e2ff7eead755ce0063bc62c31771032dcc27449b34c246a474af976df3d9f90f24ba63e518a4e768b666a4f40459d94f1626cddeac19c7

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\0d517b6f-5bd2-4e22-9880-3f169b0e6b49.tmp

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          d4c1b5cfaae329a4394b33f4475b9040

                                                          SHA1

                                                          7309cb08524e3454a1b15681d3860e94ac927614

                                                          SHA256

                                                          d5cf9bfaa76c72fe38340b50a1a2ae41c37f8f079acc3e7de74b75f707855a9c

                                                          SHA512

                                                          c6f8a376b9505936a892fed19b231d976df3a0970f09f5315797e9d108675e2f8de22409986246bf21f833520d0769cf2e2569e6f54c6dc2c69441e65d15ac11

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

                                                          Filesize

                                                          3KB

                                                          MD5

                                                          be78b4d6c8f9f365e2cfdc59c6c0ae6b

                                                          SHA1

                                                          be958664e78357e0cbdb5e850a186ed21ccbfb8b

                                                          SHA256

                                                          d17d8892326c450a7496c77d0e7fea169e6aeae5d3c46cb8767aa5828a668f57

                                                          SHA512

                                                          1672dbef3bcd180d2178ebcc3cc5a9c0f91b2fc832b36e93468b27d95b4a0f8bbb5e4a8f116237353bfc12b94e94f2c3b4534afc101339dd0c325e623bdb548b

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          b81c40812193b7f5c9899f0de3113d8c

                                                          SHA1

                                                          c610e82b3f485a55c6ac8c3ce073e96211878a31

                                                          SHA256

                                                          9d6650a2cff4b94e2da0798f56d4dacf096595fe8e1a057d6bae6d393705cca2

                                                          SHA512

                                                          7499dae7a645f1ac23ec9e60b801dd7421e826453cd9b8d55f03cd86cedafdaee8ac3d758230b66da10d5467e9e0b28fa54566a96253127c4ea9b586e5928e3c

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          3KB

                                                          MD5

                                                          dd1bac591b207ea2b1cdb340d7217b94

                                                          SHA1

                                                          d3ff7826f624742a755e2c6c3031beb00ffd9b95

                                                          SHA256

                                                          2104c986a6da4c045bb2a2ef2c88d7b56ba5471edb6ac477ca449d22f5f45ed2

                                                          SHA512

                                                          f71c3ed65bf7a422973d3768fad8464ce88473087fdeb7d8c90a085cd6b16e1f7e58d0d44ead252207a4aa00d3082db35e549ad0b9e7cc8cfaa988f8b26b6d4a

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          c0b44ae582004ad158b16e10bd40f2e3

                                                          SHA1

                                                          08721136252c6a234ea92e98ec2b530f568eeda0

                                                          SHA256

                                                          97c7a56d2b96d9000a366586b25f8717c8281c869e78fc2403564fc33d31bc78

                                                          SHA512

                                                          d8cfe919d4f4ea40a317aa25fdc5612af14ba7785b044f61277527a890a90ce023f179a9c12ac8457486710f7693b8092aa48e5e0384f9eaf0418e3a36d30396

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          3KB

                                                          MD5

                                                          425a5867460b57b2a156b42223a4d265

                                                          SHA1

                                                          3efce2503813796af4404af986807ba5f2f8b83b

                                                          SHA256

                                                          e89d902f231bf5b67f150ed3c9ba722691a708aa0055d64a7c6ad32dde55c212

                                                          SHA512

                                                          5b71b64517e114228c96dc0757a92877337f37572551345c7f410bad70edf64f89c5571ea706369de788571bfa62bd1756f9b955523230a9d9fc2d36ab24b2bb

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          1018B

                                                          MD5

                                                          92d89888bed2ca40ae8b28ac48d40136

                                                          SHA1

                                                          93e19ced33450267a3c5b03dcb650122165ed96d

                                                          SHA256

                                                          998dc37acc947e767169a34ca3ca839a9a96a9e3a3280658ebf4013a7b95c5c1

                                                          SHA512

                                                          0d783e5a88b0d4b31b9c0f86c7d0182b36eab723682590ea3584c685234d80da55a6f841c25fba529cbd1a1f76c58c3ef235fdeca035b5e2973e76c4204f58e1

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          f9787906a389b4ceb83700e46968a178

                                                          SHA1

                                                          be743e1df5ced3599930c5648fb91ccb9cc65532

                                                          SHA256

                                                          55457ae439f11dd6483d80f44f802247bad1d6b59d1e0c87870606e1b665306d

                                                          SHA512

                                                          7fea7f45d2e71ccd1029faaaeb5ec810a36d331f56f98b2f04d4da14b4c3c6a7cf4673ce1f903551bca456cf0508e2f1e5292aa6e6186b106d66b439e29e8a82

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          9700fed5b47600da8f8fd957ec1c6fc6

                                                          SHA1

                                                          19962ecd6ee32b3257472ea708d4992f516410e4

                                                          SHA256

                                                          a845b8454032af35bd8d8a2bc82111ab1415416d1747d3c953ef05b481a2e431

                                                          SHA512

                                                          2fb4e5c4d0545d667ee794688adf36dbf56c2aba68805bf218bf7111304c71730bc0258f32b24f94ae78ee77931cff5aa45c722f36b9be27731464b737ce66cd

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          1e54816d589a7b385c5bef953ccbb8ad

                                                          SHA1

                                                          cb50b634bf8e29c074edb8cd40756db60a16245d

                                                          SHA256

                                                          05d7ca59138171449e91bfe3ae4a902bf21c0120b162de2b97c19e15c82f039b

                                                          SHA512

                                                          9aee66809bc1d8cbdc9cdd53d1495d9b5463fa92b54af4d0eed46b65dcbd45713e1c93efcd01d9d7f900fd1fb0f7f6d0ae6c55af924f039dcf9cebb05ab32dcd

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          5f14935fbabe1b23c8d2b50c291b293c

                                                          SHA1

                                                          308e3b303db7cd717ae44c733371fcbbfbc51e50

                                                          SHA256

                                                          1aab475c09b21a387d3131dd69a61a49b7d137d0497568eac8e59223c237d26c

                                                          SHA512

                                                          d968687e545f46177576bcdd0d8dbc3414ff0013557c9933e8867d39e155fcde1a97389b712334f708d55b14c432cf345db05084e448bbf7c866dc4b4ba92f8e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          1c17b94e9624c285edafc991381d72c9

                                                          SHA1

                                                          64f25f0439c9e73478043e098ee36a210ae0c7e2

                                                          SHA256

                                                          a3ee8cf7852fbcf39bd075b64bb62c0696899953ee67fa07b810721e32af0b7e

                                                          SHA512

                                                          8e1f5121cd3951de6536b716633f7e289a9f15632a9b3a7eacc4cbc7ffb959b99e9ef6cb0fae02f1e10eee17faa8d026d62659088a430cbb68b677ac0ce09197

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          2b64e771f097837e36109ee4e7a391a6

                                                          SHA1

                                                          feb52a9f802e27e7ee63502476a001d3c26d6fee

                                                          SHA256

                                                          0c40905d79d48c6edc383181455cda49259c645c44f8a0392b6520ef7d24674f

                                                          SHA512

                                                          da00181fc1669a3703914518a851afc3216b81b8ce89798ff5fcaa871026d4317a1be001de14d843035c85f60f381974631a803e046b90f3c2c47e6635ec45cf

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          96e83f7afd5f44fd81f663df41394a4b

                                                          SHA1

                                                          350fc6673584170bb76f06579904da17ed169dbf

                                                          SHA256

                                                          e8f8f27a03da00fb3421410019a53352005dcdf8b1fe7f5fbeeef83565b8ecb8

                                                          SHA512

                                                          aa727bacbeb6b5abbadb2254ec131bac63491e19f58c6d918b91b9c1457d4bb882777e24618cee4db666327975eb712388c4cf5492e75757caafdb349af2c403

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          7611a7eb77c709578f95038de9d55af1

                                                          SHA1

                                                          187d5508edae35632400141db4dfc6d5c7cc9c00

                                                          SHA256

                                                          41ab6352d5099dfe33dded75568621190541e2e72a2e9818f00acb0c5d042ec6

                                                          SHA512

                                                          9deb2124dae99e41598b950d0a3939640d1f5931c613807b2bcfb1e81dba6455e16954aaee45dc6addc8b8af1d082077e5730a085b76bdbfd2a7ef42c9b6930e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          7c5c15b5d6b48dd0829829ac1c9038bb

                                                          SHA1

                                                          9562456a53b69dca383b3be061be51825c40b892

                                                          SHA256

                                                          8aa7fc1fbf4212af5d447f6d9cf7b18bce34169d34ca385c3802fc083df7815d

                                                          SHA512

                                                          83522728c68cf458cf8df9e0ba1792a6cf2cc948a6dd3241feb7e556e60e23c51865b2fd8a02ff84949dab81485ef6fc4e4cd2f5595efc16b7280fabefbc8b9e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          e1056968b9634b81f07262bd22a4f180

                                                          SHA1

                                                          ba3ab92e2ee48460554bbd1f60b586abf1257f78

                                                          SHA256

                                                          71a9c26fc126e77853efcfc3603222ab4a852e2ae55f8e3344e571d18d616e14

                                                          SHA512

                                                          209635939e25de90f3b190c379e3253151584d24d86dc8d818253b3180e0ae99c3aa54a10899a84cdfb8c04c0d815b26a6f36a8d809edcda0e9c8663366d2348

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          136KB

                                                          MD5

                                                          3a9fa2d88244358069ae6bbbd564633f

                                                          SHA1

                                                          c4f9f96d0642779f0799f132ac2a91d3c4c39817

                                                          SHA256

                                                          32e710bfc4847c1548157fa175cb3225c96a9e878241ad6121ae9b1174772f6b

                                                          SHA512

                                                          cb9d38e3dd3d3d3728e4d60d3d0ff3e76f7abd0822b12b6e4f96c4ff92c34b1fc5baa42cb7d93fe489af25d737211e25d0706e8a132e116f01b9d00c36e38be3

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          136KB

                                                          MD5

                                                          cce29cbacf4f4fbab0cf1c219fbb7312

                                                          SHA1

                                                          a16290349c08dca338b1bf6a53c6e5ee7e028cce

                                                          SHA256

                                                          d7e5e2f0f27857fa421b842e3598ad4a65dc25b287de40041be8d8cd2803eee9

                                                          SHA512

                                                          fc54e9cabe4029fc86e7aa353a68bbf75392de133977213cc8a12ba4d03ee94dd9a2edee1bfad2264039be907683ce6d657a33f2818713a58b72820a1c928c48

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                          Filesize

                                                          105KB

                                                          MD5

                                                          572c19fc46affa204e5259957df4096f

                                                          SHA1

                                                          ca747f160545fbec2ea422df580096578adbfd52

                                                          SHA256

                                                          55b004b650d2a7e6ac552bee41f7f71cc76f145b1ceda63b46f72d4eee2d4db4

                                                          SHA512

                                                          ea10d4c6a8dec1af85eb5591107242a4ceedfd40be807a5266ac236e1e1664f299c6f557f8b296ec6303843cacca663e46a703fdf09df6696b48f6f7b55a9c60

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                          Filesize

                                                          111KB

                                                          MD5

                                                          bea1d3ba485948356bad312f06f35a60

                                                          SHA1

                                                          ad4ff5aa5263a14d7b6adbfc49e117467561a339

                                                          SHA256

                                                          154f4185116ca3a3fa3ea165e3156c5d27319e319acf39bb8ff94b78c4584f37

                                                          SHA512

                                                          33eaba135d5961a3c3e7ffb55d1ed93bc7c8052bfd39d3ddb67fced1d8b83f811c7d1c1fe8e34db5147a6f6fbde1d635fc2b66374e0af4d98440abd846073718

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58509c.TMP

                                                          Filesize

                                                          98KB

                                                          MD5

                                                          10a7204bedb5507ac31208ba932e1cd3

                                                          SHA1

                                                          ce4d5b64d5f7626a0f67c2257c90d2dfeb9a2733

                                                          SHA256

                                                          e6d2b2c6ff86a5c57fa8b44f533d7a61ca48683fbd3a540702a4c8e77719e6c3

                                                          SHA512

                                                          069f24a97425ddfd9604a9f13562ff2c3efdd5096a3b95205a846279b835c1d315b74b7da5aa130505db13a5a30ec0bfe452486d6c4df577f9af4f7b7c65ec64

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                          Filesize

                                                          2B

                                                          MD5

                                                          99914b932bd37a50b983c5e7c90ae93b

                                                          SHA1

                                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                          SHA256

                                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                          SHA512

                                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                        • C:\Users\Admin\Downloads\BadRabbit Ransomware.zip

                                                          Filesize

                                                          395KB

                                                          MD5

                                                          b303526df291ef092a7650af3d4d63f8

                                                          SHA1

                                                          97c6532d1df35b3e5c352c29006985468eb7abc5

                                                          SHA256

                                                          7da4698bb24746aa5349e9e0b3645a7fab8a977308e06c90f5282dbb5ea7d00f

                                                          SHA512

                                                          603ff899d40df62203cb1d945bb625f10d6eeb439ae5588175fb04c9d850b07517f2b82d2a02f8b8f8a493660cc2a8b592875fcee2376bb6e7fd322398a0ce66

                                                        • C:\Users\Admin\Downloads\MBSetup.exe

                                                          Filesize

                                                          2.5MB

                                                          MD5

                                                          d21bf3852bb27fb6f5459d2cf2bcd51c

                                                          SHA1

                                                          e59309bbe58c9584517e4bb50ff499dffb29d7b0

                                                          SHA256

                                                          de9c4e8b4b0c756eee4e39221c1e4e0e11c2e67effb828e27de3c4b4470ccff2

                                                          SHA512

                                                          17bc7740f131a1d4e84fd7e4ab5e1ce510660f5046340ef6d09ef99c56c88da2b6be3ae5c5ddb7213841c506eaec147c65abba1a7a2a8eb4fb8f6329bbaa03d1

                                                        • C:\Users\Admin\Downloads\Mist (Win32).zip

                                                          Filesize

                                                          16KB

                                                          MD5

                                                          ffdb143a25ea7861e023144d1d046fc1

                                                          SHA1

                                                          40f56b80406893d98bbfa35d4ed18264373eb88d

                                                          SHA256

                                                          fccbab8802d6072de8e54f8f83cdf140eebb2f0e2eaea00e159d480bce93e003

                                                          SHA512

                                                          d1621fa91a97a2ac69c67d2dd4080c2003359b09f97a9f5a7fea7f09bf9a5da28efaaa79c4327b3d56239455dfc10caa74af2b6daf28a6da2630141be89e1c39

                                                        • C:\Windows\System32\CatRoot2\dberr.txt

                                                          Filesize

                                                          93KB

                                                          MD5

                                                          35d145cc88bebdac63a71995eeadb963

                                                          SHA1

                                                          a5bafae6bb897f79c97075546eb78ee9e7ab0f08

                                                          SHA256

                                                          57c73c7834166b0b53da666141a8d2161b4254ba305f9a7088be0d08d3a20cec

                                                          SHA512

                                                          e3cbacfcfb693edbb8051003764d5008f0dba3e6b36983d631bfde632ebbe2e8565846f01c82e8ac850e0285530c109fd8ebb4f24aab0d17c2d2be4120638ecf

                                                        • C:\Windows\System32\catroot2\dberr.txt

                                                          Filesize

                                                          93KB

                                                          MD5

                                                          f696676a73b11ca91a8595c079be296e

                                                          SHA1

                                                          761807d0a2797a36f91fecfb1ecf02bc16bf660d

                                                          SHA256

                                                          62fe1812f8c815c22976748dc0a472c82491e1b654c9bb6870f117526c80df5c

                                                          SHA512

                                                          72cb82c9e8c6064ebc69732376fdc8862a529dc9252c6587b1b2f408ee3e8415cd9e9e89746f56930e7a2d7b8b9519a762660c984937a06818c2966fc4285a18

                                                        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D84E548583BE1EE7DB5A935821009D26_5B98B6CD6E69202676965CF5B0E2A7A7

                                                          Filesize

                                                          5B

                                                          MD5

                                                          5bfa51f3a417b98e7443eca90fc94703

                                                          SHA1

                                                          8c015d80b8a23f780bdd215dc842b0f5551f63bd

                                                          SHA256

                                                          bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

                                                          SHA512

                                                          4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

                                                        • C:\Windows\System32\drivers\MbamChameleon.sys

                                                          Filesize

                                                          226KB

                                                          MD5

                                                          817666fab17e9932f6dc3384b6df634f

                                                          SHA1

                                                          47312962cedadcacc119e0008fb1ee799cd8011a

                                                          SHA256

                                                          0fcaebe94f31fa6e4d905b5374733d72808f685fa3bcc9db9a8a79bd4a83084f

                                                          SHA512

                                                          addc9a5b13da4040a44d4264cbfe27656b7d7971029a0ad53c58e99267532866f302ca8831a3f4585bbe68d26ec2d11a6b43de9bf147b212ab1f05eb4ed37817

                                                        • C:\Windows\System32\drivers\mbamswissarmy.sys

                                                          Filesize

                                                          233KB

                                                          MD5

                                                          246a1d7980f7d45c2456574ec3f32cbe

                                                          SHA1

                                                          c5fad4598c3698fdaa4aa42a74fb8fa170ffe413

                                                          SHA256

                                                          45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147

                                                          SHA512

                                                          265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad

                                                        • C:\Windows\Temp\MBInstallTemp2e52c651573611ef85126a02b38d1b32\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

                                                          Filesize

                                                          372B

                                                          MD5

                                                          d94cf983fba9ab1bb8a6cb3ad4a48f50

                                                          SHA1

                                                          04855d8b7a76b7ec74633043ef9986d4500ca63c

                                                          SHA256

                                                          1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

                                                          SHA512

                                                          09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

                                                        • C:\Windows\Temp\MBInstallTemp2e52c651573611ef85126a02b38d1b32\ctlrpkg\mbae64.sys

                                                          Filesize

                                                          154KB

                                                          MD5

                                                          95515708f41a7e283d6725506f56f6f2

                                                          SHA1

                                                          9afc20a19db3d2a75b6915d8d9af602c5218735e

                                                          SHA256

                                                          321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

                                                          SHA512

                                                          d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

                                                        • C:\Windows\Temp\MBInstallTemp2e52c651573611ef85126a02b38d1b32\dbclspkg\MBAMCoreV5.dll

                                                          Filesize

                                                          6.3MB

                                                          MD5

                                                          65a49aa18cfaa688a43a62e2821fbd77

                                                          SHA1

                                                          2ff08fd8149e1202e580dad63f7ac1fe3130464e

                                                          SHA256

                                                          7dc3f946efc0cba5e4e6285bb0c77c20e04ae473f41ba58ac1a7ee539168e6ee

                                                          SHA512

                                                          4e0a6c1491f398ad9ed4a0004b0e6e0c6a29693f7c225d93d567ad356a9a6423b35cafe2ae5dbd8bdce9b034b35055ec1c3e5248a09a3a209116ed1f7e62aea1

                                                        • C:\Windows\Temp\MBInstallTemp2e52c651573611ef85126a02b38d1b32\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll

                                                          Filesize

                                                          1.3MB

                                                          MD5

                                                          3143ffcfcc9818e0cd47cb9a980d2169

                                                          SHA1

                                                          72f1932fda377d3d71cb10f314fd946fab2ea77a

                                                          SHA256

                                                          b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7

                                                          SHA512

                                                          904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

                                                        • C:\Windows\Temp\MBInstallTemp2e52c651573611ef85126a02b38d1b32\servicepkg\MBAMService.exe

                                                          Filesize

                                                          8.6MB

                                                          MD5

                                                          2d49262ee00ca948aefc1047d65bca56

                                                          SHA1

                                                          ae60524cd5d0fc2e8f32b38835667871747db3fb

                                                          SHA256

                                                          6931bb215c086739a7b2ab089a8bd9cd4b2acbb9f44a32ec1b420f216f6ff782

                                                          SHA512

                                                          d069d4f20d69aa102438f1779f6222cfef7967733cce8d744bf6121e8e22bfc8dee4ee6887cf13e17ea173a0db4c52e3009fe85b861f5c7622294b63b366877a

                                                        • C:\Windows\Temp\MBInstallTemp2e52c651573611ef85126a02b38d1b32\servicepkg\mbamelam.cat

                                                          Filesize

                                                          10KB

                                                          MD5

                                                          60608328775d6acf03eaab38407e5b7c

                                                          SHA1

                                                          9f63644893517286753f63ad6d01bc8bfacf79b1

                                                          SHA256

                                                          3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

                                                          SHA512

                                                          9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

                                                        • C:\Windows\Temp\MBInstallTemp2e52c651573611ef85126a02b38d1b32\servicepkg\mbamelam.inf

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          c481ad4dd1d91860335787aa61177932

                                                          SHA1

                                                          81633414c5bf5832a8584fb0740bc09596b9b66d

                                                          SHA256

                                                          793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

                                                          SHA512

                                                          d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

                                                        • C:\Windows\Temp\MBInstallTemp2e52c651573611ef85126a02b38d1b32\servicepkg\mbamelam.sys

                                                          Filesize

                                                          20KB

                                                          MD5

                                                          9e77c51e14fa9a323ee1635dc74ecc07

                                                          SHA1

                                                          a78bde0bd73260ce7af9cdc441af9db54d1637c2

                                                          SHA256

                                                          b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

                                                          SHA512

                                                          a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

                                                        • C:\Windows\Temp\TmpAAC3.tmp

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          a254c7bc721b6e718446f5e2cb353862

                                                          SHA1

                                                          4b09787f9d821173c508486c858f5a4adb86645d

                                                          SHA256

                                                          46929fe718e86ae6ddca0a7855282935392fe4cf98b00768cd73b68a3cf00a6e

                                                          SHA512

                                                          10e00f032ad81d691325c8f4cf264268c59c9c36f2f258e65f2410830ec5e277f5c863116bf00df7c07ae369a5a4eca2935cdb9d1d96501025e5f7c443f41544

                                                        • C:\Windows\Temp\TmpAFD5.tmp

                                                          Filesize

                                                          6KB

                                                          MD5

                                                          2855cb4a14433aa6c82402462a4754a2

                                                          SHA1

                                                          70bd750ce3d1f0bcc1ddc6087b5eb99e6f3aa8a2

                                                          SHA256

                                                          30b569325a385a2622369d725fb32def56229bb94b0879b3344ff01f008394d2

                                                          SHA512

                                                          4866e10a68b4db966cebec5bca90d663491737d56c9ebe3622ca7aaaf37cf5dcfd0c3df24f121264e5f3793bcb0ebabe82d4b1f7ca777a1ec13ac86407c5b658

                                                        • C:\Windows\Temp\TmpDC07.tmp

                                                          Filesize

                                                          3KB

                                                          MD5

                                                          0becb6301e17778ee4bd9c0b00aec1ad

                                                          SHA1

                                                          6bd301974f29d22e56ce41e6c7e9112f20fe451d

                                                          SHA256

                                                          20610dd27e0370da956d855a190148ec138cc06ee5893c0cab177d3123e0184a

                                                          SHA512

                                                          60734dffcb6b7c8adfd0af83b11b90dfe48cf8a6aa860e1241d1247cb705e1fff82ae582fc945fb2993f0e544b6f0cbf2311dca3e91ede55b5136c97fc023c79

                                                        • \Windows\Temp\MBInstallTemp2e52c651573611ef85126a02b38d1b32\7z.dll

                                                          Filesize

                                                          1.6MB

                                                          MD5

                                                          3430e2544637cebf8ba1f509ed5a27b1

                                                          SHA1

                                                          7e5bd7af223436081601413fb501b8bd20b67a1e

                                                          SHA256

                                                          bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa

                                                          SHA512

                                                          91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

                                                        • memory/400-6179-0x0000000000920000-0x0000000000B0B000-memory.dmp

                                                          Filesize

                                                          1.9MB

                                                        • memory/5180-6069-0x0000000000F90000-0x0000000000FF8000-memory.dmp

                                                          Filesize

                                                          416KB

                                                        • memory/5180-6061-0x0000000000F90000-0x0000000000FF8000-memory.dmp

                                                          Filesize

                                                          416KB

                                                        • memory/5180-6077-0x0000000000F90000-0x0000000000FF8000-memory.dmp

                                                          Filesize

                                                          416KB

                                                        • memory/5340-6289-0x0000000001150000-0x00000000011B8000-memory.dmp

                                                          Filesize

                                                          416KB

                                                        • memory/5340-6297-0x0000000001150000-0x00000000011B8000-memory.dmp

                                                          Filesize

                                                          416KB