Analysis Overview
Threat Level: Likely malicious
The file http://google.com was found to be: Likely malicious.
Malicious Activity Summary
Sets service image path in registry
Modifies RDP port number used by Windows
Downloads MZ/PE file
Drops file in Drivers directory
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Loads dropped DLL
Event Triggered Execution: Component Object Model Hijacking
Checks BIOS information in registry
Impair Defenses: Safe Mode Boot
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: LoadsDriver
Modifies data under HKEY_USERS
Script User-Agent
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Modifies registry class
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
NTFS ADS
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-16 14:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-16 14:51
Reported
2024-08-16 14:54
Platform
win10v2004-20240802-en
Max time kernel
167s
Max time network
206s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\farflt.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Modifies RDP port number used by Windows
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28x.inf_amd64_5d63c7bcbf29107f\netr28x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\dc21x4vm.inf_amd64_3294fc34256dbb0e\dc21x4vm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192se64.inf_amd64_167684f9283b4eca\net8192se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ndisimplatformmp.inf_amd64_8de1181bfd1f1628\ndisimplatformmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netnvma.inf_amd64_7080f6b8ea1744fb\netnvma.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netk57a.inf_amd64_d823e3edc27ae17c\netk57a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx5.inf_amd64_101a408e6cb1d8f8\netmlx5.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netr28ux.inf_amd64_d5996f2a9d9aa9e3\netr28ux.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rndiscmp.inf_amd64_81bff1eb756435c6\rndiscmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbncm.inf_amd64_9957a38c3d2283ed\usbncm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_b6748bc8bb8ccf4d\netax88179_178a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{b67d6531-d185-1942-b1e9-5583b80d7aca}\SET7D08.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7800-x64-n650f.inf_amd64_178f1bdb49a6e2fd\net7800-x64-n650f.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane.inf_amd64_20caba88bd7f0bb3\netrtwlane.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_dba6eeaf0544a4e0\netwmbclass.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl1e64.inf_amd64_8d5ca5ab1472fc44\netl1e64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net1yx64.inf_amd64_8604d8a50804b9c1\net1yx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netefe3e.inf_amd64_7830581a689ef40d\netefe3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathr10x.inf_amd64_2691c4f95b80eb3b\netathr10x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_9a5b429abc465278\wnetvsc.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187se64.inf_amd64_99a4ca261f585f17\net8187se64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mrvlpcie8897.inf_amd64_07fc330c5a5730ca\mrvlpcie8897.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlanu.inf_amd64_1815bafd14dc59f0\netrtwlanu.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b67d6531-d185-1942-b1e9-5583b80d7aca}\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw06.inf_amd64_2edd50e7a54d503b\netwtw06.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{b67d6531-d185-1942-b1e9-5583b80d7aca}\SET7CE7.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew00.inf_amd64_325c0bd6349ed81c\netwew00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{b67d6531-d185-1942-b1e9-5583b80d7aca}\SET7CE8.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netg664.inf_amd64_84cd7b2798e0a666\netg664.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{b67d6531-d185-1942-b1e9-5583b80d7aca}\SET7D08.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmwdidhdpcie.inf_amd64_977dcc915465b0e9\bcmwdidhdpcie.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\athw8x.inf_amd64_55014eff4ceefbdf\athw8x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bthpan.inf_amd64_b06c3bc32f7db374\bthpan.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.RuntimeInformation.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\cs\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Xml.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbamelam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-process-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.HttpListener.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Text.Json.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\de\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\es\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Core.deps.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.provider.e_sqlcipher.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Memory.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Serialization.Formatters.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ServiceProcess.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ru\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\UIAutomationClient.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-crt-private-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Transactions.Local.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Classic.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Drawing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.ComponentModel.DataAnnotations.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Diagnostics.FileVersionInfo.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.InteropServices.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework-SystemXmlLinq.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\PresentationFramework.Aero.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\System.Windows.Forms.Primitives.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\zh-Hans\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\System.ServiceProcess.ServiceController.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.DependencyInjection.Abstractions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Logging.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\coreclr.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\dbgshim.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\Microsoft.Win32.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Dynamic.Runtime.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\tr\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.inf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-util-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.FileSystem.Watcher.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ja\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\ko\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pt-BR\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Collections.NonGeneric.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Drawing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.IO.Compression.Brotli.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Runtime.Loader.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\pl\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\System.Resources.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\api-ms-win-core-namedpipe-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Net.Security.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.28\System.Threading.Tasks.Parallel.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\fr\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.28\it\PresentationFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7968A0D1-5C9E-4F28-8C2F-E215BC7DF146}\TypeLib\ = "{6C5B978B-68C9-45C7-9D6E-0BA57A3C7EB2}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1097B101-1FF8-4DD8-A6C1-6C39FB2EA5D6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6357A98F-CE03-4C67-9410-00907FB21BC7}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7C710FA9-862A-40CF-9F54-063EF8FC8438}\ = "IRTPControllerEvents" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{616E9BE3-358B-4C06-8AAB-0ACF8D089931}\ = "ISPControllerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E46A48DF-07CC-4C7F-89BB-145CF0DFC60A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19B9825A-26E8-468B-BD9F-3034509098F0}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{62A3C5F3-503F-4205-A044-5EA683BEDABE}\ = "IMWACControllerEventsV7" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7C710FA9-862A-40CF-9F54-063EF8FC8438}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{18C5830A-FF78-4172-9DFB-E4016D1C1F31}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{83D0C30B-ECF4-40C5-80EC-21BB47F898A9}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A173904-D20F-4872-93D5-CBC1336AE0D6}\ = "_IRTPControllerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C3249828-A4B2-4146-A323-EA5FD2F2FC75}\ = "IUpdateControllerV13" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EF7DFB76-BA49-4191-8B62-0AC3571C56D7}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F798C4B-4059-46F9-A0FE-F6B1664ADE96}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BDCB7916-7DE8-44C8-BAF6-F1BBB3268456}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{25321640-5EF1-4095-A0DA-30DE19699441}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A9AE95CF-6463-415A-94AC-F895D0962D30}\TypeLib\ = "{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC2F8F62-D471-4AD5-B346-9F214FE941A7}\TypeLib\ = "{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.ArwController\ = "ArwController Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD221458-5E85-4235-B1EF-4658F6751519}\ = "IMBAMServiceControllerV11" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E8D2DC04-56F2-4F6F-8E11-8CB2BB337FCA}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2846D47E-9B85-4836-B883-6A7B493E2D6A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D51C573D-B305-4980-8DFF-076C1878CCFB}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8CB653AC-F9CF-4277-BFB1-C0ED1C650F56}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}\1.0\HELPDIR | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E149FEF9-F1DC-4894-8A8E-AA53F6807EFD}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B1F1EB48-7803-4D84-B07F-255FE87083F4}\ = "IMWACControllerV3" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9F798C4B-4059-46F9-A0FE-F6B1664ADE96} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19B9825A-26E8-468B-BD9F-3034509098F0}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9669A3D-81E8-46F6-A51E-815A0863D612}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MBAMExt.MBAMShlExt\CurVer\ = "MBAMExt.MBAMShlExt.1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{778103CC-4FA4-42AC-8981-D6F11ACC6B7F}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B8E2CB10-C8DE-4225-ABBB-6CE77FF04FFA} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01222402-A8AB-4183-8843-8ADBF0B11869}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2870643-0645-41F9-BCCB-F5969386162C}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD6673C7-8E52-46EE-80B8-58F3FB6AA036}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\VersionIndependentProgID\ = "MB.CleanController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\ = "IMBAMServiceControllerV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{309BE0D9-B4CA-4610-B250-26CC9CDE7186}\ = "IRTPControllerV15" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B59F38D8-23CF-4D7F-BAE8-939738B3001B}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{05098CD5-9914-48C2-A453-DB782F55A65F}\InProcServer32\ThreadingModel = "Both" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DC97FF29-5CE2-4897-8175-94672057E02D}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DF39921A-6060-472F-A358-1CE8D2F8779C}\ = "IScanControllerEventsV10" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9BFD0661-4D6A-4607-8450-2EF79859A415}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D10B0F61-43AA-40F4-9C6C-57D29CA8544E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.LicenseController.1\ = "LicenseController Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE7ABFE9-8F8F-4EDD-86BD-9209FD072126}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\ProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A9AE95CF-6463-415A-94AC-F895D0962D30}\ = "IUpdateControllerV12" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\VersionIndependentProgID\ = "MB.LicenseController" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{08927360-710B-483B-BEEC-17E51FF84AF9}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 988844.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:SmartScreen:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9f4046f8,0x7ffe9f404708,0x7ffe9f404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6520 /prefetch:8
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5508 /prefetch:8
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2028,17465861112702815560,15240398430658718258,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4868 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C timeout /t 1 & "C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\Admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
C:\Windows\SysWOW64\timeout.exe
timeout /t 1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension "C:\Users\Admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -install -extension C:\Users\Admin\AppData\Local\Temp\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78211f57-af49-4eed-bdd2-e98b54ba8a0e} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2484 -parentBuildID 20240401114208 -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d4cb147-cce2-4675-8c54-f12b9575c2e7} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3216 -childID 1 -isForBrowser -prefsHandle 3208 -prefMapHandle 3204 -prefsLen 24741 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a50e312-7676-45d7-b775-22a34e202a4b} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3584 -childID 2 -isForBrowser -prefsHandle 2844 -prefMapHandle 2848 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b7d8bfe-dbbf-4721-9486-3c5829e96d6d} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4360 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4352 -prefMapHandle 4348 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9801d08-f219-41d5-ae11-82ff72a30825} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5208 -childID 3 -isForBrowser -prefsHandle 5200 -prefMapHandle 5172 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aba5725b-f025-42a6-a91f-3d38141e6eb2} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5356 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91186289-46ea-4c64-ae20-bd74e6b27c03} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 5 -isForBrowser -prefsHandle 5544 -prefMapHandle 5548 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cf9bbef-4e6d-40b7-b589-61c049b75162} 6916 "\\.\pipe\gecko-crash-server-pipe.6916" tab
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.com | udp |
| FR | 142.250.201.174:80 | google.com | tcp |
| FR | 142.250.201.174:80 | google.com | tcp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:80 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| GB | 95.101.143.182:443 | www.bing.com | tcp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 182.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 88.221.135.35:443 | th.bing.com | tcp |
| GB | 88.221.135.35:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.24:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| SE | 20.190.181.2:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 24.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | cdn.weglot.com | udp |
| FR | 143.244.56.50:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | api.weglot.com | udp |
| US | 104.18.6.32:443 | api.weglot.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| FR | 143.244.56.50:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 35.175.51.134:443 | genesis.malwarebytes.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | 168.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.56.244.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.6.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 134.51.175.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 104.18.6.32:443 | api.weglot.com | tcp |
| US | 104.18.87.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 104.18.28.127:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.87.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r1.visualwebsiteoptimizer.com | udp |
| US | 35.245.208.72:443 | r1.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | 29.243.247.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.208.245.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.driftt.com | udp |
| NL | 13.227.219.60:443 | js.driftt.com | tcp |
| US | 8.8.8.8:53 | conversation.api.drift.com | udp |
| US | 8.8.8.8:53 | customer.api.drift.com | udp |
| US | 8.8.8.8:53 | metrics.api.drift.com | udp |
| US | 8.8.8.8:53 | targeting.api.drift.com | udp |
| US | 8.8.8.8:53 | 60.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bootstrap.driftapi.com | udp |
| NL | 18.238.243.86:443 | bootstrap.driftapi.com | tcp |
| US | 8.8.8.8:53 | api.company-target.com | udp |
| NL | 13.227.219.102:443 | api.company-target.com | tcp |
| US | 3.94.218.138:443 | targeting.api.drift.com | tcp |
| US | 8.8.8.8:53 | 102.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.249.124.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71521-21.chat.api.drift.com | udp |
| US | 44.218.136.133:443 | 71521-21.chat.api.drift.com | tcp |
| US | 8.8.8.8:53 | presence.api.drift.com | udp |
| US | 8.8.8.8:53 | event.api.drift.com | udp |
| US | 52.0.218.127:443 | presence.api.drift.com | tcp |
| US | 8.8.8.8:53 | 138.218.94.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.136.218.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | 127.218.0.52.in-addr.arpa | udp |
| US | 104.18.29.127:443 | privacyportal.onetrust.com | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 8.8.8.8:53 | 127.29.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | downloads.malwarebytes.com | udp |
| NL | 18.239.69.73:443 | downloads.malwarebytes.com | tcp |
| NL | 18.239.69.73:443 | downloads.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | data-cdn.mbamupdates.com | udp |
| GB | 18.244.155.82:443 | data-cdn.mbamupdates.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.155.244.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 35.245.208.72:443 | r1.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 54.200.89.26:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 26.89.200.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 34.225.128.88:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 18.239.69.73:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 88.128.225.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 34.225.128.88:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 24.46.156.108.in-addr.arpa | udp |
| GB | 173.222.211.24:443 | aefd.nelreports.net | udp |
| US | 52.111.229.48:443 | tcp | |
| US | 34.225.128.88:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.87:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 87.46.156.108.in-addr.arpa | udp |
| US | 34.225.128.88:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 18.239.69.94:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.69.239.18.in-addr.arpa | udp |
| US | 34.225.128.88:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 18.239.69.94:443 | cdn.mwbsys.com | tcp |
| US | 34.225.128.88:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 18.239.69.94:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 45.19.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| GB | 173.222.211.24:443 | aefd.nelreports.net | udp |
| GB | 173.222.211.24:443 | aefd.nelreports.net | tcp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 44.195.17.178:443 | holocron.mwbsys.com | tcp |
| US | 44.195.17.178:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.17.195.44.in-addr.arpa | udp |
| US | 13.107.21.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 88.221.135.73:80 | msedgeextensions.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 239.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 35.172.187.207:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 73.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.187.172.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 108.156.46.24:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 34.210.199.177:443 | api2.amplitude.com | tcp |
| US | 8.8.8.8:53 | 177.199.210.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 54.88.169.136:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 1.97.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 47.249.226.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.169.88.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 104.18.38.233:80 | crl.comodoca.com | tcp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 23.46.73.244:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 244.73.46.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 3.223.142.99:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 99.142.223.3.in-addr.arpa | udp |
| N/A | 127.0.0.1:55882 | tcp | |
| N/A | 127.0.0.1:55896 | tcp | |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 44.240.253.70:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 70.253.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 3.229.190.242:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| NL | 18.239.69.16:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 242.190.229.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| NL | 18.238.243.16:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.com | udp |
| US | 104.18.38.233:80 | ocsp.trust-provider.com | tcp |
| US | 8.8.8.8:53 | 16.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| NL | 2.18.121.73:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| FR | 216.58.214.174:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | crl.trust-provider.com | udp |
| US | 8.8.8.8:53 | 73.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r5---sn-4g5ednsk.gvt1.com | udp |
| US | 104.18.38.233:80 | crl.trust-provider.com | tcp |
| DE | 173.194.188.234:443 | r5---sn-4g5ednsk.gvt1.com | tcp |
| US | 8.8.8.8:53 | r5.sn-4g5ednsk.gvt1.com | udp |
| US | 8.8.8.8:53 | r5.sn-4g5ednsk.gvt1.com | udp |
| DE | 173.194.188.234:443 | r5.sn-4g5ednsk.gvt1.com | tcp |
| DE | 173.194.188.234:443 | r5.sn-4g5ednsk.gvt1.com | udp |
| US | 8.8.8.8:53 | 234.188.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.intel.com | udp |
| GB | 23.194.11.2:80 | www.intel.com | tcp |
| US | 8.8.8.8:53 | certificates.intel.com | udp |
| US | 8.8.8.8:53 | 2.11.194.23.in-addr.arpa | udp |
| GB | 88.221.134.75:80 | certificates.intel.com | tcp |
| US | 8.8.8.8:53 | 75.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| DE | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | crt.sectigo.com | udp |
| US | 104.18.38.233:80 | crt.sectigo.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0446fcdd21b016db1f468971fb82a488 |
| SHA1 | 726b91562bb75f80981f381e3c69d7d832c87c9d |
| SHA256 | 62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222 |
| SHA512 | 1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31 |
\??\pipe\LOCAL\crashpad_748_ZRIMPXSLMPUBCXTZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9b008261dda31857d68792b46af6dd6d |
| SHA1 | e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3 |
| SHA256 | 9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da |
| SHA512 | 78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bca23a1e5b2c0a498d168e58cf859bea |
| SHA1 | 430642459f721f9502115b07c17641354828e7f9 |
| SHA256 | 8c137a04c611559cb6c24c63096689e206db485b119bd15d99e3c2332c788263 |
| SHA512 | 802a713a3674ebfd8c544a41ad298cd4688e779cc1d420ca09f1db3d4d6a1611bc265cbc58a81f7702521d54e01ff79af77d00837a738d177846b397db071310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a85b5a789f78d1bf673f764a367aae31 |
| SHA1 | 9f327dd18a9caf06506713e4eedf04e9fb4abd4b |
| SHA256 | 61357951d451077e152f23e8e54d40b90b3031437173d45e98ca2ba0abe11eb1 |
| SHA512 | 19e592243b39c9343ee8f6fb614895fd0a0ba33d523262fdf5b57be9d8f21c34691bb8a3e0c225bf50f9d48d8ef09aeb2090739944788d1e613899a799f5ba89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b48556554e77d5e83a75d75ae87e5022 |
| SHA1 | 73f4c5dc40b0b3aa147e761a463ab6fa8fe66011 |
| SHA256 | 1742dd0481f31a226d6dd40f3ee409f677ed043c53c97c16b0e443cbd40ac78f |
| SHA512 | 84beb3c20f566c216a9a9f03a5b637850dc4b949b3bfc0b3998195ca9b21e00b0ce3f2681319a324f9b4c780344befc1c5a4df538cd4d245cf1ca0e98c437fb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0aac282f730d8a146e69dd06780de4eb |
| SHA1 | 20a97252a62d1a2981c2b5092d9bbbc5198b4139 |
| SHA256 | 5edee13d37887368363fee5db976702f40790c78c8fbf0a2080be6894679292b |
| SHA512 | e792178cce1d6306c0bb78d9bb6c8ca755f5464010fdee9c31d7476e48be14a79d76da866ff25cc54e605bae624451d9948885e23cc4ed8dba47b072e8021aff |
C:\Users\Admin\Downloads\Unconfirmed 988844.crdownload
| MD5 | d21bf3852bb27fb6f5459d2cf2bcd51c |
| SHA1 | e59309bbe58c9584517e4bb50ff499dffb29d7b0 |
| SHA256 | de9c4e8b4b0c756eee4e39221c1e4e0e11c2e67effb828e27de3c4b4470ccff2 |
| SHA512 | 17bc7740f131a1d4e84fd7e4ab5e1ce510660f5046340ef6d09ef99c56c88da2b6be3ae5c5ddb7213841c506eaec147c65abba1a7a2a8eb4fb8f6329bbaa03d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583cd5.TMP
| MD5 | 0bd6ba14f7c46df38aaeac1ab3162209 |
| SHA1 | 4eb5bd04e9609ad5f10c9ed4395d5c53d0278d30 |
| SHA256 | eac1c2ef8067dddc68e9c69ff1a3d449d986a92a279bb8bc81a2b03964e8e52f |
| SHA512 | 8622aec39873287d41d0c26a17747895ba2a324ce8bfb1b5371440098f3bf8cd92047c8c68e799604aff3d55c7362329dc1ca47fe838b3a25a9d2a41298033aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1f500946d3d5430146ecb2024dcc4234 |
| SHA1 | 8dcab1a63027f271af5c230046d1553aad8876f2 |
| SHA256 | c660da5c601d29ad7708014ba0c8f2374840d71744e3a00eedd9fd1948a996a1 |
| SHA512 | 1def9f9760c9c5a9140a164413b9110e07c4af7cbfd04e6c799c0697cafc77e75708487273734821374625cca1add5041bf9c55cb9003e1e717dbcd48f66a036 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cda1f4078861d141b22210904d32e88a |
| SHA1 | f296216d55c18dbeffd2981698855d8e85005401 |
| SHA256 | 281f26b1d14d820844fb10a1c214270e9232f9ae37faa283631581df3840143b |
| SHA512 | a2c2ec100689c588852dd77397e8266883dbb4453b7cd36c004818bc31773a17de913efa138befe9a9a1e446ec221be7bb9be145b6b8d4c29b29723ae6df9415 |
C:\Users\Admin\AppData\Local\Temp\mbsetup.log
| MD5 | 186aff6698196c2e29c69a1f1102f0c1 |
| SHA1 | f3b44ab9a10a3169feaa7f0c4f94ef7cfdc42526 |
| SHA256 | 5f822a2a1816e3ecc125913b3ae6f0973219240f3a96f89a219545045acd4a2d |
| SHA512 | e1b914e45f05083ab26f9f7b175627981c08453c38b343e581857c0759b23f991ae25cf1aff7d35b120fa0c256a08199b0f0446cb79d3958b115c24bae29628e |
C:\Users\Admin\AppData\Local\Temp\mbsetup.log
| MD5 | 8e1220c96e8b533b5a469e503890e4d5 |
| SHA1 | d227acdbb0a8f85a2c176b628956e9268d55d4c3 |
| SHA256 | 455b08b64eca78ea300c6addee8adefaabc34c8bbd5c8747717c17e387ea97b8 |
| SHA512 | 3afa2f117f72bd62b0d79ab2b27ca7774b3f3373af77fa3a0164c905157e83a378b4eb819a71ee176854fe5269b76c3883707e88fb3bd6c30cf0bdc81d0b415b |
C:\Users\Admin\AppData\Local\Temp\mbsetup.log
| MD5 | 8516ba70c695eea8e59eee48f190d5d3 |
| SHA1 | d42dcac7494dddf0080646e2d5df19374226901f |
| SHA256 | 32c0092b464f1d56f5f83fd0fde1df1f46e94e6fbe4d4c44fd4958477cb1d1fc |
| SHA512 | 4a6428838aadc956a7951c7c0db80a07ae30bc57719ae57316df2541340cd454a2998b3da088bfe9c5b8b6b4d22465dc4f5ccdf16683cfab6c081c97e0882f47 |
C:\Users\Admin\AppData\Local\Temp\mbsetup.log
| MD5 | 86a7557a3a0c700be8d8e2a57b9a9248 |
| SHA1 | ae611550fa0866a5f7ed4a986bdca788158d68fa |
| SHA256 | d9426e7defc3f443b5e84d9853684d11225f6d733d04097e09e42688f8ea15ad |
| SHA512 | 415b8732049e20392ce77f44f6faa87a6d246a63bbb6498ef17d99b409ec290268b8caa41bff0520acaecf7f443716a402756f488ad94edc09f5dbab3b661c78 |
C:\Users\Admin\AppData\Local\Temp\mbsetup.log
| MD5 | f062fb836af30fcc237576ea9f81238f |
| SHA1 | 884e12e91dc71dbc503736422b82f653fe7b1691 |
| SHA256 | 600c61031edd8ecbfe09162e50b34377ab1b18bdf942dd4e05c6b4184e657d99 |
| SHA512 | 9cfa30eed1de5722d4901aa62c9fa493f2844941e8b5eb14941d9cfd6a7e654f6d17a050770da75ceadfdf12fcf15254e1a5a23ee21d1c0c095a26a15e784ffb |
C:\Users\Admin\AppData\Local\Temp\mbsetup.log
| MD5 | b611314c600da9ae0797e79c90ae439f |
| SHA1 | 393c37b15012b6569fce13a13ede02eb880226a1 |
| SHA256 | 9579d1a084b5b4f36995b0ad7af0080125cf6e54826d61fd4a289296e3af2c3a |
| SHA512 | ef011725f1cc3bea03936fdb150a8f5ce55bb7a61236b89ffca49845fc0c9c62d3f7fd9aad811c28430cfd5a8a1694c01070a0ec985065fb31253ef477644667 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 97d7ba923b3fa3ead3b4189412329771 |
| SHA1 | a3cb843f9aa1f47db8a8e3663533ffe334de63b1 |
| SHA256 | 975c6be9a69641bf4cdd717bb19e560ff2910d8b6033e43821b831eb03b408be |
| SHA512 | 5706ddfdfcecfbbf2863ccf6833accb6ae46351d7abe9da650a5b90fc71605f35477966b1bc1e087506b8716a1d67270b77975934920e4d827462241c4e23427 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4abc1807d71a95c60c8c7126a329342a |
| SHA1 | b0ccd2ef611b8b5d46c58d9b01aff0a8dae9b3db |
| SHA256 | a860a759eb1331d968abe5440a911ac0e5542011d16e00929e0c984268203367 |
| SHA512 | bd8545ce9e3f49bf14d6c4770a2d7d863e046b8b4479d841008d45220da660e3fddbd2d3242a3f16e019d814548416bf34428a221b5e55398e07240407da0f39 |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | 4dc92b52e48b9a7e209307def43f0fa4 |
| SHA1 | ba0640d5afd2d5b07fdfca4d2a37a1208bda1b94 |
| SHA256 | 461727e42566cd84e4161d5332131956041e02e3d81cfec07c22862fa4b6d3d4 |
| SHA512 | cb1b2f63befed99c26a5f4912f5e9e7a315f75414097e66a2c2768573425129d18245e515d2bf38e352eefd78d0e61407d43a09993edf0aec6e2ff7c296d0d8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | fe5e6f5147fb83e5922d8a305bf97d98 |
| SHA1 | 1c0dc077a437fb3823693497f3b4a843baaf19a1 |
| SHA256 | c7f351a380a3f454588ee82c7f5e98c990302415fad08a839ee4edd0ab62a6f2 |
| SHA512 | 9817bb0868e646df6b846ccdc2df012349cac2259370d2aa0ab1e965772818e5b622283ed0670ac987e0f3b519eb3d144b758ed8251dd131339272ecb3a2dd37 |
C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\7z.dll
| MD5 | 3430e2544637cebf8ba1f509ed5a27b1 |
| SHA1 | 7e5bd7af223436081601413fb501b8bd20b67a1e |
| SHA256 | bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa |
| SHA512 | 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d |
C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
| MD5 | 3143ffcfcc9818e0cd47cb9a980d2169 |
| SHA1 | 72f1932fda377d3d71cb10f314fd946fab2ea77a |
| SHA256 | b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7 |
| SHA512 | 904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b |
C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\servicepkg\MBAMService.exe
| MD5 | 2d49262ee00ca948aefc1047d65bca56 |
| SHA1 | ae60524cd5d0fc2e8f32b38835667871747db3fb |
| SHA256 | 6931bb215c086739a7b2ab089a8bd9cd4b2acbb9f44a32ec1b420f216f6ff782 |
| SHA512 | d069d4f20d69aa102438f1779f6222cfef7967733cce8d744bf6121e8e22bfc8dee4ee6887cf13e17ea173a0db4c52e3009fe85b861f5c7622294b63b366877a |
C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\dbclspkg\MBAMCoreV5.dll
| MD5 | 65a49aa18cfaa688a43a62e2821fbd77 |
| SHA1 | 2ff08fd8149e1202e580dad63f7ac1fe3130464e |
| SHA256 | 7dc3f946efc0cba5e4e6285bb0c77c20e04ae473f41ba58ac1a7ee539168e6ee |
| SHA512 | 4e0a6c1491f398ad9ed4a0004b0e6e0c6a29693f7c225d93d567ad356a9a6423b35cafe2ae5dbd8bdce9b034b35055ec1c3e5248a09a3a209116ed1f7e62aea1 |
C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\servicepkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\servicepkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\servicepkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
| MD5 | c5655eafbae3d85507c93a2a585c0dfb |
| SHA1 | f6abe776d55940c74c20632d36839a09aa571008 |
| SHA256 | 36310f22e6a5e06e5572f0dc42a97330a9807486ebfa04a3860f7e4d11f06877 |
| SHA512 | 92f3471770f502a7f71d895a3664e929c8f1a08c39b100919b47677fa3f510ce43f1679e663d108b351a85948822dc24dbb7f7d4ea090f1081de6b37f7e9ed19 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | 6f96b5f5aefcb16a87b609e71ffe4102 |
| SHA1 | ff6393b0735c17b45af2e67f4a097caf3dd36764 |
| SHA256 | 2a14ea7aa0a9032941be509b5e767562fe64e5d66fa04f5c9bd0553815ab18f3 |
| SHA512 | 4a37f2f3cfff9d790bd0023774338ad3e370678bd87d5619c4f0938f6a92838c5bca91a0c6461a9fd137cf928b1903d4c5ca5b8b4ea1c59c7abeecd0ff387b93 |
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
| MD5 | af6060defd600404a141d27f07fff6a1 |
| SHA1 | 9a1aa568da808ef501356530d89458a87b0880ed |
| SHA256 | f1adffe26afd5d1c786ba6d2c8c0852a2bc99ff10fc67b69027728630fd8c35a |
| SHA512 | b2c9db90668355bb7afe4371cab09aa5767837fef1121b46333302a1fde5f4f1e11f4897aa58dc9b7cbbe6cb83ee4f5f82a89254148b19eae9283c73eed2037f |
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
| MD5 | c9d055c8b473ed36b102277e246eab96 |
| SHA1 | 9f21d44a5457fce59151391faa4830ed0d3b0631 |
| SHA256 | bd83ce37859006d7c8e9b72ba335363b4ccd98778463d076d3f1be55147c26e2 |
| SHA512 | 31375edd020a38d018744b127764ae883a02acbdbedc663355dc22b402711f24b9dfc2b4faf09fbc0b7b5b89e7f851d9e0e16dd0dca000d395c7bc8e3fd1c620 |
C:\Windows\Temp\MBInstallTemp28a5e7e95bdf11ef9b0d4e01ffcf908d\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 2994b82c0587eee0b82291782ef31895 |
| SHA1 | d6c30765a2dba5359cd057504d2b68767c47527b |
| SHA256 | 7f8e25441413f5728506c84093be0f02c646f19143561731e2033a2a37e1d295 |
| SHA512 | bd8d7b9c063f5e856f1c010985bd6bfc7a9d4a7570063424be9de2966a471a3b4d971c899fdaf9b5939791aab48ff2fc2df219b9ce5ad02bd4180649eeddada1 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
| MD5 | 2bbf63f1dab335f5caf431dbd4f38494 |
| SHA1 | 90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0 |
| SHA256 | f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364 |
| SHA512 | ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 7e485f31995f0042dd9fbab97dbcd70c |
| SHA1 | d98398fb20184d285bbbc5bdbdf757b1c8533c44 |
| SHA256 | 77ee3634e237587727bae8596fef2c0b7c6ce29da95535180a99684dbf8c6d8b |
| SHA512 | 93a22e02f8f6321cd665d1d09adfb653fdd91aa330198e96ced42fea0ab176808231ba89f4adc2c1d55cb02623a163a3f595b6604da52d929651af45c6127d25 |
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
| MD5 | 2ccb84bed084f27ca22bdd1e170a6851 |
| SHA1 | 16608b35c136813bb565fe9c916cb7b01f0b20af |
| SHA256 | a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb |
| SHA512 | 0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986 |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
| MD5 | 03d6455dc6934a409082bf8d2ce119d5 |
| SHA1 | 995963c33a268a7ed6408c2e6de1281e52091be2 |
| SHA256 | 82ca2aec64fe151efd59a838c1845111bfb9f94ff277be3afae4e3f684ef3a62 |
| SHA512 | a0ff71bc01a11c9a95c1a0186a7bbfec9c3f84d7e600d0bca877934fa5f84053627bc59bb355f53ce9e3c9e4c6a841b8f5cb7436fe7f43b63426a8a851392c6d |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | f7d1311d37db14454505c85acc18d1c0 |
| SHA1 | 39b422abc1027c712b058607d5ccb4a77c4e7fe4 |
| SHA256 | 13cbb7654053232e1c9f4fc37c2176bf0ce2e154f10d4ac1713545639290ef84 |
| SHA512 | 6c12633e5565cc7dc4374f64d10b301d7e0f1f17fb4bd99e674b764971d26d44cd2427f267758e8153a63178ffc7bda3a96938d70fd83d7ee5538ec17128390d |
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 7bc9a3af7628b63db7eab0f860662f05 |
| SHA1 | 362bf8e00a79ea9a2f1ae7540da0a98c83f2c156 |
| SHA256 | bd68c5e395b72458402d86f96134d7708f43fe56f51031106468eb332ba73a89 |
| SHA512 | c5e9d7acc577585565174001a852f7ea8ade8ad4e4e550f63c2aaff364f967fb90151f12c0a7aa6bd64f77fe169714bb32404178ef491a7ac982c52790a6ff46 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 894c03ecc9540e813ca0c0764a146af5 |
| SHA1 | 6f4811da74e575ee841d454815504d14317fd728 |
| SHA256 | 140d9a999f4af5947341a892275b1b4b4eea02fdf902d3cb984076b4c431c8ce |
| SHA512 | ac8ecfe90483c76c7b0ed628adb4c3dc94524888872599bf6c48a2952a6f96f4a52b09e70c0a704d19b25f5856329564f7743831e8a35e0e76edf3aad9645808 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 1138541e20e4b146f60b1b32a1d601bb |
| SHA1 | f06230b2d22c6a0ffb4268dac05566f231f1d16c |
| SHA256 | 59bea7d6a8c0d38692fc03c59600cdaae1736a8025738cd2b31eb8020dae147f |
| SHA512 | d7381c5e083df4862b29da17fa44c684a3eb145a359aefc25e050463b7858acd032bd43995d8f4c14bc12bd2a4c58724fbef0a26eb75c22e519ce7324e2aaed4 |
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
| MD5 | e71f2368a0b7cbd09dbf3453b1a4661e |
| SHA1 | 0f1114b55a41e88e6c13636a6db32c02a7615d64 |
| SHA256 | 887af2346f87c4e89434eae1a3aa8cce36b5c02717221d71059bff8f149b7799 |
| SHA512 | 8617f18097c10ef892fc95178f75d9041755e6747200759be9c5d35c336db0d1f86950a8b0ff65a10d7d5bd621e9d68e49d2ecb6881c3dc2e705c91e97877eb4 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 95276bdb2d72a931afcbf2f1e70e05b3 |
| SHA1 | 8625c9b2157bb42421e3b13fcf14e15f6548184c |
| SHA256 | 89725b9281c647e58903dcc0df260b8407ffd398ad2a4dbdbf14daf01576a82b |
| SHA512 | 2caeb10c3cb97317bc560b0f2b642c8348a0d6e792c6c41068c3347cdefc1a17feeccb46ec22068574d085e1da2b13c93b778e70b24b50a2ea1e748a698d76bd |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
| MD5 | 8998a29f002c7f7e65f54e950c92a52c |
| SHA1 | cec13cd76f6917ffc8cc75d8f4a0a5f08321210a |
| SHA256 | 58430a378b16b2b43c3beaf998629d28ca22a0c5bfd9b97e315d9cc8c7f65b9f |
| SHA512 | 96b966dcc681057faa25bad5536b3da5cef07089300d113a7da2e7231eea337883826fa21e9e35dafc603bbe1ab88a4a68ebdeda83a841d0a8d5c51de7b4a07c |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | b955bbf2fa8937afa88f3c77dc8353b0 |
| SHA1 | 482fae3b035f8fb2f105995434e471f0bfeb05f2 |
| SHA256 | 1c6e9956a78d2c510fb65f059be0b9b37347e606e7e527895d44a232d47a9f9d |
| SHA512 | 6a48aa5beaa3e5f766e311cc11cd06fb294e77ad8fd7cda655a74460fa1f2d40d3888dfc9f245eb7636759452ffef8d5d4c40088a058b7e4413bb3c7d64b3edf |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 76240efbfc36cb4b32892259bb161063 |
| SHA1 | ad92bdf95c9e78731d551d9018bce638c1f3052b |
| SHA256 | 490daea9ea72fd89aa899a26ea4c7ddc25f65efc82c7ea9fc6454214ef1b4608 |
| SHA512 | ecce93e3a12f58d65f7465fa60d15b2ae99c86387833f11f75d9f2f1920dc74a1c6adf92d96fdb743d37e04e0c5306c5bcbf2229ba95f0ea83f9f9ee2c157d88 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
| MD5 | 2f7423ca7c6a0f1339980f3c8c7de9f8 |
| SHA1 | 102c77faa28885354cfe6725d987bc23bc7108ba |
| SHA256 | 850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55 |
| SHA512 | e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
| MD5 | 546d9e30eadad8b22f5b3ffa875144bf |
| SHA1 | 3b323ffef009bfe0662c2bd30bb06af6dfc68e4d |
| SHA256 | 6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f |
| SHA512 | 3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
| MD5 | eae498ef7101deeca3e8c07c87d715dc |
| SHA1 | 64c704e82ee4f7eb672f4a75918c18d51eedd87c |
| SHA256 | e3336ae362842ca94c93339c2c095cd5b6b4b27bdcf455007d0cc5354bc1bd5f |
| SHA512 | fd171ec6a59be58b79d9f34769ea0dd3dfdcd58a1c76b9ea937a08ce7c5578e838ce9aa7cc4b4fcef4aeb405661f31e82e9a5e054ed16811f008726ad6b0db1b |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
| MD5 | a4c6180d6a7209b39f9ffb2cfe2ae0f6 |
| SHA1 | b78a5b365295ed3dd40ff22b0bb9ec547a5685a1 |
| SHA256 | 5893f0a5eef19afa9a72d07566b5b2291b40c251264f02c98d6b140c7293b8ca |
| SHA512 | baeaeb90a49555858a0e4855b7714607a836f5d8bb1c3fc8d5ac03c3b50ab3c4fd39b4ab4d824eb343e262c9496c208368dc87e7e55e72886dda15b16f3a3b72 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
| MD5 | be14ad57c940eabbe886143187e161c1 |
| SHA1 | b05d2661863a6ccbae4ee913efb401cf072904e1 |
| SHA256 | 8181b88e870da5f0dc848e32a35eb5663781b026dd596844e02910ea29e94757 |
| SHA512 | 29e295c7b107c6e8e2d406e874a91169fd7356165fe5d22603e3212940d917605ba7954be34353a5ce3137b63ef33080f5d8db0852d694ccdc38ccde0d207c61 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
| MD5 | fdd03b6f2a274b6fb1cdc48d9366466d |
| SHA1 | ff65c21ea4d2b9124174ca24a3d6d7dd30cb8e7a |
| SHA256 | 36d0eb5f7696b7e227f268a268bf121de65f3df675306447c1824e5b41295e31 |
| SHA512 | c5a7e72548e2ef415bc29814e8b2d1e738383f446784fbafce5882bacce5ecf889704c4e55980cd1ff14ab3bad3958ddf0443febe79dcb41a81fa43e3559b9aa |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
| MD5 | 68633cf09a383e9bd6fedd2730d4d4f2 |
| SHA1 | f36fc3026d42738f614a429fb8d68966c0508654 |
| SHA256 | c6f45e2f1e6befad211ef91bb30398c8cef8e71e2d1bf82812af1044dff9d32f |
| SHA512 | d57699c9ad4dfc4038593de92d1bd87e0fe3efe47f8f953e8f68316adf1cddca66d2bd0ec954c0671407980e7b83f07dfb151206defb1eca7f327499d834ebe8 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
| MD5 | a8e4820e175f7d9c0f37c4f63bdf44bc |
| SHA1 | e0aa265a99ceb65255ead59d54ab2e044c7f63ef |
| SHA256 | 4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b |
| SHA512 | 68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
| MD5 | 8fe32009056c02b97598df10c491a849 |
| SHA1 | d6df776478d6ba453553e209caade04a9530affd |
| SHA256 | 8a4eb08c10270b7788679b9bd373140fbc9c0e2cf719bd8b2eaba918be0ad1f4 |
| SHA512 | 38426667bf93f570a2a906690d62cbb5cfa3883edb53804e1f3e461809bd64b486068132053a86ebbdb706e9bd22b7250a11217a8ef8ca7a1765ff2713c85350 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
| MD5 | e53bc4cc5e1a2f91f3ebef0eaa13e8db |
| SHA1 | f57df69f04492cb287a847e3126104e5863f1d02 |
| SHA256 | 6075fe87a1cadbe820d0fdfcc46f3cab1afbd7cc43b3786bf1769feb75b819cc |
| SHA512 | 30dc51a34e9fa64d0cc7d94b56b45ec68718734c5cef569fad2d63bcd01fd23ecc0add59586ca90671d6d3728736521211281ff2b24cfd15c01bf524ccabc4f7 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
| MD5 | 10f23e7c8c791b91c86cd966d67b7bc7 |
| SHA1 | 3f596093b2bc33f7a2554818f8e41adbbd101961 |
| SHA256 | 008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc |
| SHA512 | 2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
| MD5 | aef4eca7ee01bb1a146751c4d0510d2d |
| SHA1 | 5cf2273da41147126e5e1eabd3182f19304eea25 |
| SHA256 | 9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f |
| SHA512 | d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
| MD5 | 5016024d2aafc3842dcdc934f5f3952f |
| SHA1 | 9538432bf77f3305e7e13df8005fe8da2e7dbcc1 |
| SHA256 | e5fe66aa5a1b2060b92db5ebc8c2694b4abd4276b48b6abb0d72a69cd4d5c63c |
| SHA512 | 8ff79e34739358739cd0547343911a2e9c47ef9378d682fd6019963c408ea4db37a59b4c8593b69d3252dc88ac9c8306658c8dbfb664363331deb43322e314e6 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
| MD5 | 15285e0259fd1758025c1ffa083f220f |
| SHA1 | 91244a5a77b6ac640faf88876c63227f98849768 |
| SHA256 | 52a41bca3f2eee3a158665d0217d52477e4b055e4f03179b7f615746b195e484 |
| SHA512 | 361c6e3233397361bbdd44e9d6128a0062773ef4effcf25187e6fb9e496d07bdc0a6af35828b1b14ea8fc08f1ad4e5bf91b584170deab316448583ddc701a5ba |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
| MD5 | f802ae578c7837e45a8bbdca7e957496 |
| SHA1 | 38754970ba2ef287b6fdf79827795b947a9b6b4d |
| SHA256 | 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b |
| SHA512 | 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395 |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
| MD5 | 956b145931bec84ebc422b5d1d333c49 |
| SHA1 | 9264cc2ae8c856f84f1d0888f67aea01cdc3e056 |
| SHA256 | c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3 |
| SHA512 | fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
| MD5 | 00bb4872fd3c456f23b2b00a679b3890 |
| SHA1 | b2f98fc663e37bbfda7398079d4d483d862256a6 |
| SHA256 | 1bbaa5b2a9e7423568aaaf7b6c2939a6ea784e0b8fb5e428b6e7423927e0c9ca |
| SHA512 | eda71ee5c4bb9490e9a303347180e94425f2228476a45d983ee4ce5ff1c84b60c359ad29d545b0bcc8dac0aafc6cf0d4297560bdd2e68587aeb0137de61f19ae |
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
| MD5 | a8de0cb6e0103dc9dc9f1a7f4f35f819 |
| SHA1 | 27674efbfcc8975b4a372742b141ddce47cb540d |
| SHA256 | 87bc58ad3b68b87620c543f54f1e5ecbbb49b7468aa7c271a6d9ab95ac9beefd |
| SHA512 | 6688449e115b0403e08cb24c61f961c74c27cfd6609af360c251eb446d294e42ab1323e34a4e3992020d8c7fd0e8002fb7b96329cdf9c486910508d81429a072 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 5ea25629dda932c06243d2d4b7a3f117 |
| SHA1 | 56ba555e9600fd6df6c8885925544d5ab57ef6cc |
| SHA256 | bda70ade8e44d7a8e29387bfde6aa46f495b0be9b5683b0a109d76bb8700ec5d |
| SHA512 | 6ddd4eb0f3e0b1ab8acdd97868797e0c073b843d43a707d83d02562329a57cf45972d8d62405118b1a6c135988ae743c8fefbed1a91b256e002f7fb63b128d56 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 77bb33a24edd66a3d2245c5d7f2fa5ae |
| SHA1 | 1aec0a4738a7c4bc55cc59cce1b51b6ce072be7b |
| SHA256 | 27409d2ff141d11b174931c687eeb69b9175c076970d29f39e0f6225850770c1 |
| SHA512 | 78f9772247c61782e38f8f4c453a5e74e542c68b51d2dc54ec2a3d86eeadb8d05095880edb30fa6754d6c2eaffe897827db22d5c20f53b6fe96da26025a361c5 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | dafb7153d02e156f1bcdb7355bad84ab |
| SHA1 | 1ec1976bf7ac0651d413818707a1ac66a29e3eee |
| SHA256 | b859f122763c14991c0e121fb8fa449dc21d2033128704d889f2dec79b82ec4b |
| SHA512 | 7807d287a75e837912e271b467c3f268f1478236f307e80141e1585ffc8369194bb58a5790832b55b40301ade5c80da876891ed693e7a24cc1e1b9e828e84c7c |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | da8a3fd6dc76f243fb3244de8bbc6f60 |
| SHA1 | dbea2d100f858c9720eb80672ddb5cc718b092c1 |
| SHA256 | 7006ef6f0e3901f8a78ab0d04f149fda47078840610ce19db0239244584be119 |
| SHA512 | f120a79d743765ef122509a1bc1c3704effe8986525ea50d2263bd8af3845dff046c7ab45628143103549d586b90618bc41a6673b53131d4811d8127ebdbaf21 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 8c54498215b14014c42a748cd41defb2 |
| SHA1 | e1124d4ccc6b97863ebd148acf75974cc5494b48 |
| SHA256 | 1a9e0b952a9bf0d784c6e2458e26b1c7f591afb78ac38b1d41b7b7aacbd6aa34 |
| SHA512 | 87f9d41e9c33c6ac8664ce4c7a84ef5c963cd1f3a40ffc75ec010691b9426a24d095efff8b4213d15fb64811010ef9dcae5e5f4cdc3c627ce2408b4f5751f303 |
C:\Windows\System32\drivers\mbamswissarmy.sys
| MD5 | 246a1d7980f7d45c2456574ec3f32cbe |
| SHA1 | c5fad4598c3698fdaa4aa42a74fb8fa170ffe413 |
| SHA256 | 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147 |
| SHA512 | 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | f6b5b9201db1a6ce11e1cbe3050b1175 |
| SHA1 | e262402a132b62e75b1c0f76a37f696d3d33fcae |
| SHA256 | edb4afe1fc42d7af19fa9af9c17d13db22abe6c9a907ebcc369feb0e453962be |
| SHA512 | 52979672bc3184b29f0ae008cecdc9577007a475c22988844c09a131ef9ba2c5e26f7acb6162fea93167b2df030ff557710db48cad9cc0c700428be0a4e799d6 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 6780262c0a2a445f72cd95717dbf438a |
| SHA1 | dcfcb911341ced36711f5e4f42beea94e0a694e0 |
| SHA256 | cd57ecd68076b017e83dba82cc883347883d1e96893674415e9034a6eeef8a9a |
| SHA512 | 8f4195d791a1195fe5b50c165f629d64cee8563bafe64426a30ba23340aa61415754759c150350ebc5c86483292c41e129845808542f29f58f135b7772785c41 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | b70a3cd4366c9a703cd185615a957196 |
| SHA1 | 5be69033463ef15f5f90a81f5176c00a4ee010d5 |
| SHA256 | 6739c56b928ae8416cf621bbff7be6bbf996bdf7a66441ee0c2c5067a2307b5a |
| SHA512 | e2bef3ee523de49fd39a5c7c02668192841c7da8f24f52824281914a0f49493f0845d72ba460b3ed8e6b8e1819900e261c22e2c52ff85ad0afe8bb841cfac6d2 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 452f004454f093b10fce2150239b2ff0 |
| SHA1 | 60c778a36ec6eaf4a1885d996bcb6ac1b7cc91c1 |
| SHA256 | f6a16069a4b70edd030a5079cc7192638f77d59b8e570d739898d49ca06455d5 |
| SHA512 | 271d3afb8fd3f38c2279acd5e87f536d4b88ffa792a6bb61d7b0e035bb36afaa020186b6a5f76bdbe3b06cbcd1478996997778fa1ba544eaeb9c53af1abb7822 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json.bak
| MD5 | 59987e19121a905e244888c3ea7bf470 |
| SHA1 | 69aa5f8b3d0f42fb9d06081d0bc2b2f135885083 |
| SHA256 | 8822c6f1348e2197f6f4412526158f114da63f4af9d28155b1ef43fd8d36174a |
| SHA512 | c28412ae0c455821455393872c622f81ba2b81bcb80b9843478b78780f6f86cc5244c6017a3d3a8f3d1eb57b10d8c7a4de8f2e95214828592b0dcfeeb10963e3 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | be6086708e50cb5b193e3fa95a41df7f |
| SHA1 | 5a17ed6bae4ff5b9c58d28e225dfcdf97d168961 |
| SHA256 | 8328423058245fe28dc99f5fc76906695af8225f72afcd5c9809d0f4d78ee2a4 |
| SHA512 | 7dc0b4f9494895de9ee923b65693cd59433627ae73067d4b4aa77b28f629ccce36a1b9e797e997a410645a002d13e376011cb5a77e17e0e34662613d9175d0b6 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json.bak
| MD5 | d0c0719786aa24788040879f5a8545b3 |
| SHA1 | 9b39368247834f13bc4b0a0055fdc83123418913 |
| SHA256 | 90da5d286f01090be2e9fdf848055272af22ddbe210453722a7f374d7a77ccf4 |
| SHA512 | db09d4659e2b223aab5b9148d9b5d99468fe475cf82bd17ac845dcdce4c893d6d66dfdec505312235bfbf80cdac4459fe36689489968309de9e3bb4cf12abc03 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | d4547c6b61917ff7dbccdf697abac893 |
| SHA1 | 74e063318258ba73aafa512cee7478369f251925 |
| SHA256 | de935c1d04ac387a9f690a8d2bf6cd2f955eba08dd85a0efe9f0db35c8bde1cc |
| SHA512 | 5242e4b25f80759340b56f9fa45541834891ee602667ff2f2e49d5ac79d43727b14a7e7237e13b42c97feeeb48e9f05effe757a4d4670087de461ccb561710d2 |
memory/5988-3674-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | a08b24f122e4e199727ba9c21e1c4bbe |
| SHA1 | 7921a38e9246ca1664271f120bd1d4029a2f6463 |
| SHA256 | a1cab05446efa17621550e1d57d2365c96c5c0e8bb0471077f9265cd40bb8243 |
| SHA512 | 5458e7d98cb1f667c57ee7123b3638240e1e4d63abac7415b1ae25662d4325d91d55983f29bded9ddcfe022a96018f697dce3dde590ef854060a7da13ed57112 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | afe050acd9d2370a2a51afec96d73656 |
| SHA1 | 14ac24e7aabffa1730a84db723a239dd53b8b5bc |
| SHA256 | b843a337d984621643a92f3144d31dad01235053910cd460dbe84407a1f61b83 |
| SHA512 | 2d33647c56b9fdfd106c66425243b292afa18225b873564afef8fef0261205ea3fe06dfd1ee29de3ded478c75cf7f0c8c3af9f79e2c3955f6ef63bbb179955d8 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 8df1e23831b0a96021d47ee08ffcda80 |
| SHA1 | 95a52e4dc5f5670ef384ef2fb9ec38d1ec27fd58 |
| SHA256 | bd3dd990f3bf08b38b903e467c919f72bf0e6ad39920697455dee3cf39bd8bd9 |
| SHA512 | c9d5740e113e23c10431181a610f36047c4f95ee3860c0d2652689c378f27577fe82475629d6248f95482e013111f9e94bfd44fe25bb9fb93206db883224e2b1 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | e759027e8ecf049029da7208b3c04ab3 |
| SHA1 | a37ef59d78c2745e7c394069753a90321ac289e0 |
| SHA256 | df10de8dfb99c6a74914853992661aa3fc5fecbfa169e92116d2a4b47d0793cf |
| SHA512 | 35afededbb2d5445e992ca004624c7b72500ace074630e9a8f6d66915eaa73663931fbf0731eb0d18f706964cc2c694f682cbb7b146a00aa585dd4b8bbf01920 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 5d4ed220afefca6d51b89f0a3120855f |
| SHA1 | dda9809c484de60e4638e4ff2e29ddbd47d1a9b6 |
| SHA256 | ce6d9c85ea55e20b887404fab6659e3e92bf043d61b649020f424d1a767e7524 |
| SHA512 | 7ceb7b6d97f85490cd91d0e4df774954718ab379ac61fb296dcad8e100e45a2e5a52fba7f8fc66054988af63c3b6c599834e2bd38c0efbb6d2fae79ffb4d639c |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 4c44dbd8277a073d4d6963b12eb9e510 |
| SHA1 | b4987310a9756c126ed3d96889091027925c9718 |
| SHA256 | bdc9f0a0c64f8f5fc4ea221458f67a1777bfe2021623e511e8c041eb90ed2266 |
| SHA512 | f7cf5486212e006cf890a1b88bd986ff1c87a2638b487d06984a1312708aaa7dcd5fba863665168f22810437ba2564d635a02911d2341d16dc435d983c4df33e |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 03a7cb2d2c98ac14e2678b40cf62b8ef |
| SHA1 | d06f4114521fad70139e110a32408d6d311b14c6 |
| SHA256 | 2fea51979eac90aa8cb988325daf0258dd770203d10cf5ecd501195c8c236e1c |
| SHA512 | a5aa734dced73dc2cf7d0bfa703bde8ac8fd9a6317fabd76a3a02ae1ca082c6f79a2dd2b067c5ed715bfb5673530b6b3b7f3a048f874814f44d434c8603f935a |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 6a6809ede5ba8e4be984ff627d402a73 |
| SHA1 | a88cf1a14f74e80755a6047b58df933f05e0cd8e |
| SHA256 | 4b44ee3cd92995600d0177607325a37bd2023db71a9c05c8562fee2b5c2f41ba |
| SHA512 | 904e00b0b379440588ac4f18640dd3b3b6c9e64c8584e8629b2c347d3f3e5b8c0a9a30acbc67ee95b7f5ab738debd260a2493ddc139e5406263db8485c3b75c8 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | afb962661ce920363bc84d7b6f4fbf51 |
| SHA1 | c78826a9ca72785bbd5f6e646494b7f51657612d |
| SHA256 | 38f0695432665bc237eacab9382a8890780d381a58f253888180dcc0f275bf3e |
| SHA512 | 1472abe1ea9c50258d63cdc93b2f833756a17e58afa00a45b0e78e3117128d8569daf88e7ecffbcd7a481a3cd477024666bbeb94e724f05d3277b2df6b7b79a8 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | ef538acc79b30c2f3c92c6507f799187 |
| SHA1 | 59882d6973a1d56fa806d43de00991a5d50bd65a |
| SHA256 | 8afa878dde26c8e7f32172f0ddb0f98d0ca782814651be6d46a20444afc15f38 |
| SHA512 | f94e42f9005ba346d5f0044f0a21b0fdb94d8efab32eb9da96b328cb5fd757a480e63d419bcf1b2294b69eee590be21cbe892885f86732972bbb13e3a6f854bf |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 7d728264818ece4d31138bca3a79d339 |
| SHA1 | d2b67b6fb059a17112adba5ac9039ad93d816586 |
| SHA256 | 51f7d398851f969b3aef10e97536eaee6a6284310beb69ec0dd42fb4017ba9a2 |
| SHA512 | 46e228554fd02a03633a25d29a2aaad2916ac53aad038d8180d8ac6f5d026f2ef0f661acf6aa87ee404e14df10d95029ab9bd8b87924dd6797d6d143c78c9710 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 817666fab17e9932f6dc3384b6df634f |
| SHA1 | 47312962cedadcacc119e0008fb1ee799cd8011a |
| SHA256 | 0fcaebe94f31fa6e4d905b5374733d72808f685fa3bcc9db9a8a79bd4a83084f |
| SHA512 | addc9a5b13da4040a44d4264cbfe27656b7d7971029a0ad53c58e99267532866f302ca8831a3f4585bbe68d26ec2d11a6b43de9bf147b212ab1f05eb4ed37817 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | d9366fd761c5112b6c9adc198969f92d |
| SHA1 | d62ec5157be6343726b32989e164ff56663e4414 |
| SHA256 | 06109523c26095ead99c10ec196db67642459c253a871c5b4f3e5ad76b3c4b8a |
| SHA512 | 6daf725dba971bab7dba375be28cda517db647a82d959b8c3300f1147d1be6269e604f45e273e40b4f44920f070dcbf648b091d05ec2b83de94fa8227158e9c4 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | d4e178d87262fb9753d0165c4f07717f |
| SHA1 | ec860fee001a8ec507b5431eabbecbbf518d855d |
| SHA256 | 8ab0b14f51ca32168626fccfe011d2059646054dbc2fa8f792edf111d71f73e0 |
| SHA512 | f3aee05aa1f082daedfbafb25be66ccda12f2bf464b3cc3921d91e41cd1d5892220e4b6c454e0923369bef1368d19dfc2e7345101a900c2d081deff78a28a2c2 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 6a9eaca557db82f1e33f0fee64eb5557 |
| SHA1 | 9aba1c865ad9178b8f420667cb728ebb6c355346 |
| SHA256 | ccf6e20f8af67722b40d7716bd3f8f57fd6721193b1a167b7d34018f27c2803a |
| SHA512 | 79e9b835f1a17830c3576a622889f30c547df15d19800e9a0909a900c115132fb0d974e2a201303e4f4b70da342e79f45bfbecbdbe6c8ef0c699be2910a71458 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | e1f5f35852353493e8babd2df9ebbba3 |
| SHA1 | 6d6a4880dfc6ec562e6ab0a26b6cc2d3dc3290d9 |
| SHA256 | 8e6f6c741bf2ab5851d966850ffe34662dbd36fb8cc0455cfb33efc8f1312dd6 |
| SHA512 | cbcbfc97de339a46b370b7131a42a98fec198890fbb6298da122d53dc8c74117bb0fb41cf9a65b75df987274768103e6f6392a626e4b804d51ef0e5c3622edef |
C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
| MD5 | b672a064c3cfdf56ce0d6091edc19f36 |
| SHA1 | 1d21d4ca7a265c3eafaae8b6121be0260252e473 |
| SHA256 | 04fdd99a4e8ded496a99c9d3c8c0b6a9a9bde9c4187d07342260f63852ef6273 |
| SHA512 | 53e6c4bd68a0cf36160b21d63e7a6152ca78f17c76ccee9e185c1cf3f5a254c05f401f91501ad3d6806d5085b1f58322e6b7ad483fb813b86cb8570519410680 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 3bedd32b02c3f9814f597305713ac856 |
| SHA1 | 464c4418f40c3275529d644e8c8e88641645a2e4 |
| SHA256 | 0f95ad30ab72993c28acfa1246431381b0bb87e78c0493d5d4d674fb133028d9 |
| SHA512 | 82a11426473bb82c912ad212b56ea12733549bde0eebc1f4628bcd6882a8b43aad45a72078b3317d6e03e6e1a0bb600fd57798f6deab7d4b01af6d8e1d82d436 |
C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log
| MD5 | 2ab6efd9915d75ec1b7edd6940d8f2e2 |
| SHA1 | 97981acbfc1f61f26f39ab13c0a884250ba638d2 |
| SHA256 | f27417c4773bebbbdae5b6a079eb2f0de6bb61d63179dad46b7ac56c1ec3d666 |
| SHA512 | 7cfb980be6da53947896da189db8d8af76d34fc73c142d2560793deb564ab486c05401e280fcb6d31522a55813800e779ee0dcd2e0e9dc2033b21bfd45b2b9d3 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys
| MD5 | 954e9bf0db3b70d3703e27acff48603d |
| SHA1 | d475a42100f6bb2264df727f859d83c72829f48b |
| SHA256 | 8f7ae468dba822a4968edbd0a732b806e453caaff28a73510f90cb5e40c4958a |
| SHA512 | 0e367ce106820d76994e7a8221aaaab76fda21d40aede17a8fe7dedaca8f691b345b95cf7333eb348419bc5f8ea8618949783717100b38ed92544b9199f847f0 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf
| MD5 | 358bb9bf66f2e514310dc22e4e3a4dc5 |
| SHA1 | 87bfc1398e6756273eee909a0dfb4ef18b38d17c |
| SHA256 | ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17 |
| SHA512 | 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\78e9b2af-689f-4e87-bd67-13cd5d759eca.tmp
| MD5 | 3fa8301631713857043933d22bff830b |
| SHA1 | 23d3674b60424a31a752e4c58338c0c89d838b89 |
| SHA256 | 373fd27b19bb8c50ccc4189b2e86359a8e364d8fc3a16659ac50f6ec35c597ea |
| SHA512 | e8b661ee0df9ed39c000926560657f3e938d019caf9e5d14894a282600a3eb8ef0405f5dded0317897c820023e43d035cc76c6a49d9e0b0f5359dd526c6e2123 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat
| MD5 | 1c69ac8db00c3cae244dd8e0ac5c880e |
| SHA1 | 9c059298d09e63897a06d0d161048bdadfa4c28a |
| SHA256 | 02d57ac673352e642f111c71edbb18b9546b0b29f6c6e948e7f1c59bd4c36410 |
| SHA512 | d2ec2ff9fea86d7074998c53913373c05b84ddd8aa277f6e7cda5a4dfffd03273d271595a2f0bf432b891775bdd2e8f984c733998411cfc71aff2255511b29c9 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 7696f11b4ed942a3a8c2cfe61993c690 |
| SHA1 | 401a064298f154ded0bec4dfe71fedc0d0924166 |
| SHA256 | f039d3f0d05a052eb78a1fb8fefc034d071310ca3a88f601c79bedd6011052d9 |
| SHA512 | 5d96cef79788f89af13c3d6e68a6738433af21910ac02d75071934812c1d5aec675b26018936cbf1fe4ee50cc16e16365ae75c3f3e45dd8325440c0578b7cb95 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 9918d9507a7bed49077c44e84c476861 |
| SHA1 | a0c76a551f7e6d1e0a57f359ef220e1ccb9f7e41 |
| SHA256 | 3b0e2fe1734a9d2cc028d0c11ac95a088d9538a6c35f3bc5b078c8ea8a50d4bd |
| SHA512 | f1f9cbff0e11f8642f72bc4237eca2a13e199878f76e468c416591ca7ca518c154cb30e510027e6062a04999ab59ebcc79bb1f68b11e8c8c9246ba5fdff9c7b9 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\425399f81e4ce7cbd967.woff
| MD5 | faff92145777a3cbaf8e7367b4807987 |
| SHA1 | 9c293328f39dc54bd654d273d0cc5af0d11905c6 |
| SHA256 | 95b6a4840f8711ecab427bc236eb86098db7e5c782bafb139c8c30805aa5ffe1 |
| SHA512 | fd55e196c14d6482a5fdc8d43ba04c4e35935b49682688de96d82b85d10b95d8d1f639249cf9a1974d619ac9d3c5bf6cdcf76bedce35318e93e6859673e0d16e |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\38c6d8bab26db77d8c80.woff2
| MD5 | 0ab54153eeeca0ce03978cc463b257f7 |
| SHA1 | 6ec6d36cb2464b4e821cfabb532f310bd342601c |
| SHA256 | 434466b59545a8a1cac6ddb38197cdc6b35995a98c3f3812fb88d61b1c300dd3 |
| SHA512 | f4b03963386fc05a28adc3905cdd361905bdbad1386ec8d1e8a4440af778e311bb46b41da4b46288291ac3c174d727addd62ab7c27513bca34079c6a2c3cadc2 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\content-scripts.js
| MD5 | ac1c95912676d54d31195f9618087a13 |
| SHA1 | e20e5ea8688e7f7795a19761f30cfa18566a2e0e |
| SHA256 | d59304922654c4afcbaf1b487de95d01500d673407af26c3ee89456648b20a20 |
| SHA512 | dd4648e4f8c787eaa62a1c3e0e69dde3bd5bff4b5cbe13c4a30cd224a6cd3e46cea100ccab019990af943105df95ee4daf80833280068cef097ba136afbd46b9 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\content-debugging.js
| MD5 | 9b531261f75b30f9b8855f6effb18f93 |
| SHA1 | 5d4730aafc4a2c47e8ceb4ccab7fb46abc2afcca |
| SHA256 | 14a8d4def5b4844c5e5b1cc7fa814e28ad7a059133aa75d5062df23cb3b60c00 |
| SHA512 | b142567b1f8279bf3c3e243dae4e79ec565a5ecdb7e8367f638f092a010f998c0bc4d1cffb42f7d22438c11ce0b609e9b925528ddd1f63814af3e0378986ff76 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\c656b8caa454ed19b9a2.ttf
| MD5 | b87b9ba532ace76ae9f6edfe9f72ded2 |
| SHA1 | cedd7227091b22f873e3856d84c3dfd974745048 |
| SHA256 | cb7f81f542f5c418a3bbb9ad3f9fbe784151d13b04cec50ecedec6013324a3da |
| SHA512 | 530ac5440dbe30baaf85589238fba550b8054885ccf71ce3347be61682378d071536d80284d883cbfd5d09d7fdfb38fc7c498dd158b76c4a40a96490eb3f099e |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\a01e3f2d6c83dc3aee17.eot
| MD5 | 8e3c7f5520f5ae906c6cf6d7f3ddcd19 |
| SHA1 | b7de2e1d65766852486de24b36a46240f4ae5994 |
| SHA256 | 8b4e1b847e22233d4f467d34faefe7bcbfebce6fa9bbbee560c45cd894868751 |
| SHA512 | c0f6c4d32c3e326ed78da7fa193523beb48469023740eea56171d4b570e522e3acae11319cad27a034b8b1f43f8b8038da29a0299e61055dab11e699d6d5dc76 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\_locales\pt_PT\messages.json
| MD5 | 7b7eeeebe008b02c1f88fc9f44229e85 |
| SHA1 | 3919d61edb5628073d291e6483cf279ba42d8b7d |
| SHA256 | 29fa3f3bae25643f2e04e246a7b8db148935c066a19aaca05580aefe7eb93a62 |
| SHA512 | 3d511d036ef312f55ba2a044439ca4c6173297fa99149aa822c92901ad90e49949950b259e83993fef40005e25768755c23beb7ceda4570d4273864f96ba27b6 |
memory/5988-6118-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.malware_1.json
| MD5 | 1911ec9341772ba8c675251712f62b1f |
| SHA1 | cbf42772839425dcd2395cc6e256f497e37e8951 |
| SHA256 | dac31425488299d24963b61f469dfce855ae70c1dbf515615189e504fd145801 |
| SHA512 | 99bb3ed901cb1f410ed02fe31bd100d9c4656978b807e1fa36408719df5a0ec44ca4a55391d654dd9b45fa5e22a9670dc50a5677cd533a3a158c80ebf9258f04 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.whitelist_1.json
| MD5 | 87ec7f10e6f26422cf13f29f4efdee4c |
| SHA1 | e581c5c380906973344801eda2c839ff69707e19 |
| SHA256 | 778f1ed4ed13536646435a4aafbe83c95935ef8e12ab6946f3e0a48ba7b0a00c |
| SHA512 | ae17d486cc92411146844081ba44a07e738dc1bbabfbf8aa98f0988241ff89db0e68a70289122e3e24883312a58004b69ae7215b9d3213a33cd5face0a37b2a9 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\cog_icon.svg
| MD5 | 644fac82b826dfed1fe991fc34de5abc |
| SHA1 | 21b9b3cfd7a1e53ea9318d0ff30740e14d8d93a9 |
| SHA256 | 9b1ae662ce0ee13b4cf195be75b1e1f7d1bc07140ee167d2c7e2d55007efb6d8 |
| SHA512 | 72b8a9750602142f240f0a6620188f7b13c1f534bc17ee50ba9a9c39fa7fede67d63afb0ddf18f851db7fcd856e46ba7ab34e699c8f0eb0211cdf8991908d3b7 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\close_icon.svg
| MD5 | 5773d0129091debf0a7f17aa001d9e26 |
| SHA1 | e2d75bcf624175150c1bc6fe224ca1f43f533697 |
| SHA256 | 986ae7cd13eea34af51835d3883733dfcc13d6cb827da099ac7098e7642ec923 |
| SHA512 | ddb3c52ef1f97f423197fab6e53801f2fbdf49d36bb529f3a73a83d6019171bbc1495b4887069b516cd065a2f1a1d6aaea1a68cc19ca0e02249562111568aa77 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\block_page_back_arrow.svg
| MD5 | 40c3547cbcfd2b62e83c7d4569dc3e48 |
| SHA1 | dec17685ead5db29cdf70c02ad6b489280d0fe26 |
| SHA256 | bf995d63320762b2ab0d33b26348b1b6c0599cb6f9cfc3a3befd42bdcea32a0f |
| SHA512 | a6409ab0b7d05dba3981e93d75f23fa9aff59ea8b38d0931f625b56e47fedb7743e8160bb8976c1f1c011f3efb63b24eb2c72e301a16b75f4cd25a545805d06a |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\dark\no-items.svg
| MD5 | 647ee72468992a14e8681d23d7e28540 |
| SHA1 | d46eed64dcbcc625d83d2b6f8f2f2caf82f1fed9 |
| SHA256 | 7b43c21f8e6e0c1208e8aa36b6702271686f8fdf7c82cc046857a35997b271b7 |
| SHA512 | a595487f3563c20ef43f62f25fd144a621357d83e298d1bf9c1854960b30f00de52a4cca863ed9ae91305916f22d5d47c8ac19afc0b0e144accb23b7a4678156 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\dark\level_up_illustration.svg
| MD5 | a9e3771385f296e75ebcb2d007a6373b |
| SHA1 | db8327c0ed04e15d682cef672a519e99d4182cc8 |
| SHA256 | 900d8c36d1dbc29cb7d14c435a42d8e0763b98bbfcb7372a3031f90e992fc8f1 |
| SHA512 | bba6c401ded4ed75fe64d7d3a7dc24858a82936441c176c7cc4d1df4632bf18b89d15cdd89795634be9e5b218ecc77013b24225fe6afc172c27efc727d033e3d |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\no_items.svg
| MD5 | 8780c0229fd120e5f8866524137542f5 |
| SHA1 | 13e7d9f5cda40cfa1bd7b372346f066594cf9f1d |
| SHA256 | c6a3b0fd7fa7b49e717737baef5bfc2e320768b94ec98d49d6be121c3b011055 |
| SHA512 | 9512d941e14ca0b9ea3f7518787b5b5b27b6d03d37e65a82a7fb057fb118aec87ce8f4e155bc1a7b564d95c52fdffd52629fff3e3db4e69571b6694c4aee836a |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\level_up_illustration.svg
| MD5 | 654530887587ea6c25496619b01c6d07 |
| SHA1 | 3387fc1420016445a51dde530582a86bfd49adc6 |
| SHA256 | 9d4425b5d11cf9476b72a37b836d23d6bf340bb4648fdc7fa0d443c6987a7b6d |
| SHA512 | 4ccadb00a920266eccfff6c63af10eb09259aeb26b1fac71bf246c70a20fad08eaacd4d751959ee6e474481cbe5915b56e68550fce8fe46e3a54e07d0a2185d5 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\assets\images\light\learn_more_info_icon.svg
| MD5 | 7fa6ff207c7ee40d20e8bcd8106fb3f7 |
| SHA1 | 536e31442aec3b14845ba1ce6d3ba2d67a051421 |
| SHA256 | 318f6d36200609a8f82e336c7c0eb5627a9e970c67a1d3c5e87690d26097d5a4 |
| SHA512 | 787cd6555279de9b3edd73180e547a6ba4863a10a81d1de562e91ae9a40767c9b15198c9d21e05250d734e31ac22861ce00e0cf06de08a1d9f6c1631c23d3538 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.easyprivacy_1.json
| MD5 | 9f73e2999104f6b79abb8d547322b338 |
| SHA1 | a675dc5139770a9f3381c6b839aaa47094df3f08 |
| SHA256 | 6122080ed36b7851e616cb153407ebe29514886e553a73eee48016db7f32149c |
| SHA512 | ac22f1280978145755bd154b2d6613992840c5105add6f5171c2f3145de20922647f438e5280ae57a52d42944c9d9e0864f1e1bb707780a05a5c9801d4a217a1 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.easylist_1.json
| MD5 | 3aa3bd5280ced6dcbc7b8217aadb1c1e |
| SHA1 | 6be0a6e7610ef68a6e3988e0b2403f21c1e1153a |
| SHA256 | 98605bfda727f82dd70f1438096360ed36b8e6eb01fd9bd29664b2f9c556a225 |
| SHA512 | 4449ad8803f58b221b976851e214e24c33926b59ff6bf7954c9852813410157a112e4986c76310f18f4f36fa3d95e542ca98a0c9a09011f88b7d7e02238d67f1 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.ads_2.json
| MD5 | dfa1ed1cef6429188b662874927473d3 |
| SHA1 | 0d807c7eea3bf6f0e631fc28ea9bbb4fad29fcad |
| SHA256 | 648cf07e6c251c76d8d17d9a8a78903b517bea382dce181e294855cff4ab1e8c |
| SHA512 | e2d13d9ccab336362220e02867117ac317317ee69d7850e6dd35291a80ab1903d4fa0faedcc883f2249b91879b332e019482558b5018fb70f5fad89a8a8abf65 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\db\mbgc.mv3.ads_1.json
| MD5 | 2154735d35b98d6254c079df4231e8b8 |
| SHA1 | e74056fd55979b0e1e7c901e51d26f6955a142b0 |
| SHA256 | 83098f8ad5c3e3542c04630ebc600574bc951612de5778a3a061fae6db4e642d |
| SHA512 | 77a9f95138e5c43d8b1c337d5b16f8731656818a26208f63364fa2cb1c6bd79506b4127220351d0c94557eca01479be3c12e005b2d5227bbdab8997a249bd084 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir748_1608205470\CRX_INSTALL\app\eventpages\block-notification.html
| MD5 | 5df1099b937768be5160bee76da34f52 |
| SHA1 | 92c52171e2b3dcd3d26fa17facb319f9303d6661 |
| SHA256 | 647c9302484e34897944a169f63280418edd584c0a0ed968e8e384acfa7844e9 |
| SHA512 | 786293f0ff8478756a6c8c4d2df6e4def4594218e167aad4b2a2cfa96f1b647d6550f8fb19ed18b0d38abbd1185edf6985fe843174ebbcdd636c920066f78af7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn\3.0.7_0\_locales\en\messages.json
| MD5 | 81449a1b908c124963a44dd4b5cf673a |
| SHA1 | 12ba4dfa1266512f328625803f450a68c5e695c2 |
| SHA256 | 0307c9d18530e27d5c83b905b741f0bb2a92b8d8dfc830e4dd7c90f15349caf1 |
| SHA512 | 10260357ad81b81bfd27a68bd456703f1d887d42c72d6543243e6bf91679d38ad74624075caaaa2bd5eedef9d1e64b0cbf95b2d43d7eb35d9374bb02372fefac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn\3.0.7_0\manifest.json
| MD5 | 3063bf8c8f142b4f1e65af3ccbf76f6b |
| SHA1 | 135aeddae1e8125cd36b8ee51e8698ce17aed4a9 |
| SHA256 | 862bf5cefe9664d1a30adece566185e71e8e8c6ddd2e3f6d4dedf7f8b97f2d85 |
| SHA512 | 1e3390f0c5048dc5943c3128d78e4e7a3d9c33881543595bd4d5156a149c29a2e8c85990f15d39c7ba5a13a9c864b247ed78cb98fcf878b1a4e7643f0f9d7151 |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | 9c91df487ce52a5de8ce17c37199fd72 |
| SHA1 | be2d8f72e36d3d533a37fecea645096766ada144 |
| SHA256 | 5be11e9eb310e2dd1529d806ba9ce2b10efb91deae0ab87c8424847c14e0a755 |
| SHA512 | d7b16236d4f73d5de8eaea2d1f3e1af3695f5fde87be1cae819d6fb5a59c981a249de07377c750b26dbc839f72265e1b5b791c3af3fae87e6e3c8afc0d96ff42 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\58165975-4490-4254-945f-f796df414111
| MD5 | 179348bcb2d8dbabbce2e23e05200930 |
| SHA1 | 248777c87f854c32e0a6edf1845a1aede12692fd |
| SHA256 | 6073daf9c1eda23b9330577a634ecf43d55ed493217e6c348e1abd4814db396c |
| SHA512 | e65249b85538d2cf05ddf1247194891066e33aca6b65adf9aed235f312fbcfeabbad5273910014b859d29b85b5b8cdf3a1d55b9506e53494d68719ef9775c4f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\705c325d-40f1-4250-9acd-e6a444c8c079
| MD5 | ef30c5ddc6abc3a8419c50621e17e443 |
| SHA1 | 0f9760a94bab088afbd82b165a78beb846267623 |
| SHA256 | 08b21c9b88755ce94368d857feec9636a0bf7bf6f1efcffc16b7164bebbba398 |
| SHA512 | 7c5e369783ba9b20b05c38afe6393b20aed70808fb7b15f66c6e247855eb548022c2a33d2860453335658d822cc55334aa75db117ba30db41ea573ed081e4327 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | cc88ce0d93b716c224785832c678d804 |
| SHA1 | 5a94f0b6ac1cfa45783da60cae4678dff33540b8 |
| SHA256 | 42bd00ac8899d1a48905a0842863b47a84e3f40c24fb807636ec29957fdae0aa |
| SHA512 | 8d767f40e0cb567dea75f021dc7e68fc634bd2ccfc59fdc0551a48ab3748e4a47ff4e9bb3f3080651f9b4b24dd95e92581d17ab645d2dd90de99768d7fa7b49e |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | 16f43d8bc0f34b3076c77f2de58d6a19 |
| SHA1 | 30530334cd8b6abb265d0bd8247a89293b83683c |
| SHA256 | 4f207c38b3b21c36d336e6fadb3b94fdbebe5691bf4309d1dd69a982e68be6f3 |
| SHA512 | 0ca2de0f1e5d7c7ae4db20b71756c4ba1c53f4c34fddaaa4378347ec9e4e656516e4aaab2846545d83eec6fcdda96133c4aded664b9764bce5d0611746d49e2c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\pending_pings\4acab052-5fd7-4cb2-906a-13a22440f575
| MD5 | 5eb0fe89b4954caa421005ec324d30c1 |
| SHA1 | 5e92435656d994848d08fd65c87512fa4599cf70 |
| SHA256 | b6b18a3c113d2e7e98725d174da29d456ccade853e2f164c2fd4822095161993 |
| SHA512 | f645d0d208d15798b696c6ca5bb0c848b6c6d0048e89b1ee72350a5304ab01d4c16d49fd07daa68c01b145d48a66d1766750a0155f658b6358aacad50345b79b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f8c91e3a3b4e1808830bf15a6863475f |
| SHA1 | d4b7d20b143ae81f201c6929bf7691015902950c |
| SHA256 | b7c8ca3c325510d106eda2fe7ee1cb4e4a22bfd49068281455d2a068ba8cf49c |
| SHA512 | a985bf72fd49d20cbb48ce98afe1e1439350049529fee9f378089561b1cbca84256559799182fcd0399322a48a128d449abf795a33f4f7649f45af18b5aca45c |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 29700cee0e07178eabffa5f542890ccd |
| SHA1 | 70b52731446645d34a05098e508972c0f51858ee |
| SHA256 | b2194d063a05299baf8c924312030debbe8875d7a0ab4d648e50c913d8363491 |
| SHA512 | 4094f04ebab32f23c78df0c4b20e8d52137f6ab01da56ca54429f153afa0b7b18276ade2255bd970fb6c29b8380f65fc3206f7ceffe2d832550a0e23ec034c2d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | b2ffdf91136912f51c05a89f53617aaa |
| SHA1 | 4347ffb695e8f6d707a5a0b36650cd64b1930e58 |
| SHA256 | c86092e53f255a8e2aebd24c75d57d59c262b92894f4913e8f1f9323b18e625c |
| SHA512 | 77228c4d79eeeebb967e75daa1226b0b3faad704d75f91c9b085b200b601db80e6e17d26d2abadbf7efb9ae0ae9bafd4fe8a2ca8d11cff11e8b38709dd9ece9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | acb71c0b470f9477afd7f37da3f42364 |
| SHA1 | bfc0607c58efc7d678d75e9f13f209d9260b9369 |
| SHA256 | 2039b9353f3c6fcb63809b94991db1a0568dbcb0259fcc2defa27169eda0dfc5 |
| SHA512 | 591b310fcad1c67f24f8d5a455f60b2c3028465e0b1bb74572a9b56f3c1f2c18bcf8e866ee81d5b83bf2c6fa16df961bb31681ae86e6e153ca61f73a1ba59ee4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs.js
| MD5 | 9ff05bc4503efd121cecadddca6789df |
| SHA1 | 8d7e207cea6dcf32936a7bd0f109c25d0400c609 |
| SHA256 | 625ebbac66fff444e5b652674194a368df6d7143fd32ee0a77edb3233d888958 |
| SHA512 | b6c419cf835de3a4e27fa511977c8c844228f6957177c6a19e5a28471554c90cc63fa4200c32d1e52391babf780a43d168f9f54e038774aca968f6eaea849ecb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\lirn7gz7.default-release\activity-stream.discovery_stream.json
| MD5 | 05613171da47bd4c5a45e6b83482536b |
| SHA1 | fc9aed22759525f1246b15549a3d49a28bff3d5c |
| SHA256 | fd8d1a992760d1ce6f08c04e38aa583ada5569a684a526615d2d7df3c408e2ec |
| SHA512 | 88f921f45f21e95daaefdc3e37031bc4bfa29c143969d405669f29c2f451c7a59cc30fb2a92e23cd42e0bd4da69afb6f2a919d6fcd186c29f1c4c811826183b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 8df7db25a4c0d8c189b86c0f20b713fb |
| SHA1 | 9641d7d1533966bb8c531e45e1a0cc38c396c2b9 |
| SHA256 | 936b961a0c8d2e8081e1cfad0f7e24940de0dd78c01d04b5bebf91de679882fc |
| SHA512 | 55883ae32f19ee18258d8825f6448e2017c231c4382ee47cabb8aabc1349160746e5a7c7ec0bd06629e55007ae6a92aaafc6b9b54f93a4a3e69e07143c5186be |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | 3da850e8540c857a936b3d27c72ed0af |
| SHA1 | cd5b3a36b1c3d762835ed2f62a151c5127f01dbb |
| SHA256 | 0c77c63c9eb8eef49e833dfbb2d4f0e91bf9aba6bbea1fbb8ff8d1cdc16f7e38 |
| SHA512 | 5c9d5add57ad377cea6958e13e515053ae8aa9f9d8471e8ec57064e5bf8f5c1f3efdf26078aa287e63f38b528333c69be0745894cb2c0b427d78775f7605507f |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | f8b2a251958469415c2410795e7842ae |
| SHA1 | bb030454631d2d0238e1784466f2e9200d5de703 |
| SHA256 | 9fc2bcc3bff1991394fe758d30d04714020a67fa0555741c05fc7d57f4b727bf |
| SHA512 | 77d9ba983d00b79604916340f57bb44514cedbc02833b67c5f9a54a11f2028c24ce4db801023be44e1cb440544f3601c197b8cdf140fc79058bdf7f537b61136 |
memory/5988-8412-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 930d757091ec7263e6a71da40fc36c84 |
| SHA1 | 4c50328e052c867135542daf224d9ae1ecfb6c54 |
| SHA256 | e47638dacb5263724ac5c16eadd46dd890f8019f56346e41e3450a536e953db8 |
| SHA512 | 98e2039164d0d510a3b95d86f6db70f0125375c9a3418f4625590d4bacbbcebe602d6eb045e34b6c88829ed0e84ad2f14f633404e17af1e42e5a5120f726a1f6 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf
| MD5 | c97bdce34905d88028d709cbeb8396c8 |
| SHA1 | fee05f9fdf2f52c3b13de2e77e6ff98e4df485a3 |
| SHA256 | 72e4695c9c70d5bb90bcf4d4f6b20607ca25fcdcb1bf9c5c77a062c6eae77370 |
| SHA512 | 31ef1b6219d6bb7d723342e2f94e8199fdd517cae7008ad1f77e064f77eea0f6a3c0823269e55285a27137fe0234cca731829691f84f100ce048a5f62f7466e0 |
C:\ProgramData\Malwarebytes\MBAMService\ARW\mbarwind.arw
| MD5 | 31f4ed6c2077a6712cfc2b27762b580b |
| SHA1 | 57c68266fc9b49c5d7dc62a15eb6636befcbc84b |
| SHA256 | 1ca6574269eb2e6daa059cec58c5e999fc6345bb8a93a7b3e22fefd34a7ea8b3 |
| SHA512 | 13d9727a694c88fde149517beb4d16938f328486065b9d491151b06855312cd0b5deda67a2ee4ba85280d19d7d6b648bf0b6ffd3ed9cb346ba9ed0cfe9ceeed6 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | fc015a8867b79dadac7a30b7b1a513e0 |
| SHA1 | 664215a5978a73f33854201abaff11fa28de85a3 |
| SHA256 | 3e71b9ac6c43fb252fc4dd831357eb8072ddce4ca33828b70c1088c7953dd99c |
| SHA512 | 1e1d79d1d5c71ba33654070fcc2b14e343305c85301c242151efee4ba761895188b54c62ab0fa82e8c61cca013299f02fd83da29ecdda06f0639512006ca5159 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatrV5.dll
| MD5 | 52c4aa7e428e86445b8e529ef93e8549 |
| SHA1 | 72508ba29ff3becbbe9668e95efa8748ce69aa3f |
| SHA256 | 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63 |
| SHA512 | f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 9f3d3138e3d2354df25f715dedf9cf8a |
| SHA1 | 46d2de4e5d5199444e89868f320332e62019f62b |
| SHA256 | 50f8859e81e3f43a83cdaf4a6d042b7e29f7328ad3bd46310e5ff8f9102815a9 |
| SHA512 | 57ae211643a87f50a4b050b81f4f4c914f1daedb08a81b8b2e1591059f8561d1a4efd17d5716c716d8fc36e82f2bff27ad2f18753e7a47a278a3fcbb15c54e15 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | 9761279abf322b5679210cdc11ccba78 |
| SHA1 | e3956b256a2d34f2326f9956129a2d2c098dbe01 |
| SHA256 | 73514832c7e23866058fc434ff282be593357f086d84550299c3ed3bc540d221 |
| SHA512 | f1ecd3f05dbd1cbfa3086ff4c21c957ab720f7786db32a3435d9333508112a767fed8f289a33c7c7799931d9ed1dbf248aaca6bfb444e351b763341f3b435c89 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 90ecf7e933d884948d074e45fc12e802 |
| SHA1 | 6f4a3741d9621da465b2a14797fe876c309207cd |
| SHA256 | 2c15272e9fe056b313915abe9ad7b8217c70abb3e21b298c2c9bb3c843a257cb |
| SHA512 | ee5e62843a24bc0937f6aa3bc17ee60f2d871582ff512a0d3e10f738d56ef62d34827ad37f98131de2e17e203cd8dbd34c9172ccb72d086bf448cc4c92211fd7 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 41744a2f2f37dd5b139c5b6a07fce1e5 |
| SHA1 | 8d36608ad1293f4cff4025d1529cde961e3cc429 |
| SHA256 | 87a1dd86b9986e0e76dc948a8530c5a50d7071139e643ace9ac59d979a83a3e6 |
| SHA512 | a03e0adfedb3fcde6ffed28a0c0e4512a011b8c4f1c312b30ebc88613f24553efd49b291d32a1e3af1488c536d37e1f559d39158d3e3f4bca08bccebc6727783 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 6a9674849ec1d431e255b22832852797 |
| SHA1 | 7bca88a07b13556a807061d051876998c5bec84a |
| SHA256 | b5b55a0617412988c59a8315acde178ed7ddeb48403a5442077641ef19dfd628 |
| SHA512 | 86f12e42a9bf116f00d9f32ba3577292b627208d4bff40f612fabba5cfe464315e7884cc680acc4a9da3e5b7bac4063f2867d82487ff59cead841ad633238873 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | ecd5800598b2a541575be98d3d47bcd2 |
| SHA1 | e8d59cbf23ed62eb0e4afe8c186effb365f0e66b |
| SHA256 | f0bd25725f15a5cfe8c5e160b09fcbb3f6ec6464576951c9f7bfab0447620444 |
| SHA512 | eace60930980525faa22134f8f3fff0291faa93188c5f9702efbb4c2fab9c5d35a8bfe857c6ea28a172c02adc7dc51526ae951aa4b42abf99d18291b3eb66511 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | 127adda43e38df3e6ed637e7a35ccb1c |
| SHA1 | 3e33127bf7d13c48895510e41b0e9a0484ceb62a |
| SHA256 | e849cb1d34077a5e8ac7d5e7c5039178f05cf6172646dee6d81181465c015ac1 |
| SHA512 | 2ff923a4eaa38315deeadfb308db63e56229f37caac5d3092ab81c69ac31459ad90f4a097dce3cd9729de57e8af9adb551e95c07d82f5cbeb65bf7b00a1dfb6b |
memory/5988-8601-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8927bff3e13556c2f0650160bb016234 |
| SHA1 | 55e50b275205ad5ad0c84988162b86b4337357b7 |
| SHA256 | 12815ecf44b7d834ec623f342292c32992ceb7ae0438bf19d3d3a344056263cc |
| SHA512 | 1c0c257077e18b0e54a6be224fe878c5cb126b9243cf8d75ea96a54536278bf510d88bffc0b6d68c769371812fcceed66ed1ee6f78a2b1c892a2ac1397e8d92a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\prefs-1.js
| MD5 | 49a08c8bae14e5a3600106873d2ce6b8 |
| SHA1 | 1b6d46bfd757406bc3707b6a54ddf0e7fb95484b |
| SHA256 | 259f9832ed437f7d1205a82b5e340e7a44b9be1e2aa07e35aea3a709cc19029f |
| SHA512 | c9fb1e2d89df1ab928ea2491d22c1a3c55cc1899528a03d5907fb18e826f5f5ab27efde0faef38e3b9cfe602aed9d4dbe9db0d8251f4ac734d49f06f6225f978 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 1526feaa24bd5ce63a54e4fca00dd5e9 |
| SHA1 | 6e110ddbb40eb48cbee8893bba018bf7b1460bb1 |
| SHA256 | 2446f69f85db77a0c060346e52f10c65012feea55a3fcc6db320c929dbf3fdc8 |
| SHA512 | bcae8fd52862547f3d180ca9bbf07212b79de53f147c65a129bc73741c67ee652476c13022e46bb04ae1ff99ef8377f1966c4b3f1cf2dbeea4c0ee1716b8fa5b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\AlternateServices.bin
| MD5 | f7a52664c4784396c8b891f78c957046 |
| SHA1 | f6beecf3a9971445310613ffed40bdaff281a2f4 |
| SHA256 | 3be155519a5c2c64156e6112fb9cf0112453d90d21d8a06fa35f0f3a59c6efd7 |
| SHA512 | 6d39897e9367fd6e7ac40f618d627691ba7484fa20ac554c44fe69df589383c1fa8e3301993fc6feb0b55cd90034ec4e5f19ff6fa745ff37f451f3af6a12d1fe |
memory/5988-8684-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lirn7gz7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 01990954fc90858078f0f364ecc6fcf3 |
| SHA1 | 73a4f1d169228cb4c955d8c66413086c308a9aed |
| SHA256 | 1561c7a5b32540e7be6daefbc9d5d0f40b39d6ae0caa2af576744e08c34896f5 |
| SHA512 | 77a55ca39a3b8771bb56bd08a20a87375b0fc82d8db8b73be6e84783708386fc159658a0c70b903b7e35a4c15ebd80d1cd68b5493d316eb54d18f6ff83f7e7f1 |
C:\Windows\System32\drivers\mbam.sys
| MD5 | 272e9fb7d4c15649d793c5e9f54e8535 |
| SHA1 | 3dff8612d3123339f1d9466cbee5df79a43513ef |
| SHA256 | b91e2408552dafbbe1977e1c273e78ff2a24f170f92a1f50296812a31f621a4d |
| SHA512 | 984b9a6a94f23ee53c0237c75ed96195a0dc9fe358a4acc665c59819b01328913f321758eced19a8e100fed4ca8f24187b54f7e1ed913e0edef19524a8ecf841 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAEBE581FCB73249406FC21094EA252E_BC0CE803EF41A748738619ED7838EEFC
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll
| MD5 | 43ac1c20beb5002fa077cf957f4acd1c |
| SHA1 | 26d293956846ad24faf3c7269654a58885256c5d |
| SHA256 | 1367ed1b5a3eea658b136d7e04598cc8fa9652bebd2e301bea0042c108ff1754 |
| SHA512 | 3526000c38985e8da22d245ab944545ba8bf5a4ff2611c45c4602259c86b800307330dcdac9ebb1a0c3e12c3b3649825686737d4417d2580f3f5e0bdc05ef39f |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D3.tmp
| MD5 | 699dd61122d91e80abdfcc396ce0ec10 |
| SHA1 | 7b23a6562e78e1d4be2a16fc7044bdcea724855e |
| SHA256 | f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1 |
| SHA512 | 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff |
C:\ProgramData\Malwarebytes\MBAMService\version.dat
| MD5 | 14c0edf2f8fb8c7259bb351c281dfbb7 |
| SHA1 | bb48bcd5efe065f13b2eceb3b29198f8c1109c8f |
| SHA256 | 37c30323de24022ffcb5b442310c5e39f5dcb4b9cc23aa6897019ac223196c2c |
| SHA512 | 4fa8385a7f80693366129157eba57e7ed58ddeae5163a958e515dd643030cd0170e11ba6f16888a637f2c60e0024ab8ab811dfe7bec977c6a5f5646c05d8d994 |
memory/5988-8919-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D9.tmp
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\Windows\Temp\TmpA7BB.tmp
| MD5 | a254c7bc721b6e718446f5e2cb353862 |
| SHA1 | 4b09787f9d821173c508486c858f5a4adb86645d |
| SHA256 | 46929fe718e86ae6ddca0a7855282935392fe4cf98b00768cd73b68a3cf00a6e |
| SHA512 | 10e00f032ad81d691325c8f4cf264268c59c9c36f2f258e65f2410830ec5e277f5c863116bf00df7c07ae369a5a4eca2935cdb9d1d96501025e5f7c443f41544 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 27512216ea6576bf7a4e9e6e2caf30e2 |
| SHA1 | 2c79df68f522663b2c7a7b856ced1f6a2592f555 |
| SHA256 | b29f96c2f0622aa64bc3983877efd95aa18ff29f7160a685253838d4974fdc4e |
| SHA512 | f40c3b7d919505078af58f5c7a89a44ff3e0b80e17216e87cc7ff2cdbde4939dc6aeb536fc8947acfd8161e8368e87d1d9553f61acb377e4708335f73a5973da |
C:\Windows\Temp\TmpAF5D.tmp
| MD5 | 2855cb4a14433aa6c82402462a4754a2 |
| SHA1 | 70bd750ce3d1f0bcc1ddc6087b5eb99e6f3aa8a2 |
| SHA256 | 30b569325a385a2622369d725fb32def56229bb94b0879b3344ff01f008394d2 |
| SHA512 | 4866e10a68b4db966cebec5bca90d663491737d56c9ebe3622ca7aaaf37cf5dcfd0c3df24f121264e5f3793bcb0ebabe82d4b1f7ca777a1ec13ac86407c5b658 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\expapply64.dll
| MD5 | 76a6c5124f8e0472dd9d78e5b554715b |
| SHA1 | 88ab77c04430441874354508fd79636bb94d8719 |
| SHA256 | d23706f8f1c3fa18e909fe028d612d56df7cd4f9ad0c3a2b521cb58e49f3925d |
| SHA512 | 35189cc2bf342e9c6e33fd036f19667398ac53c5583c9614db77fb54aadf9ac0d4b96a3e5f41ec7e8e7f3fe745ae71490bdcf0638d7410b12121e7a4312fae9e |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\D22.tmp
| MD5 | 804b9539f7be4ece92993dc95c8486f5 |
| SHA1 | ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c |
| SHA256 | 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b |
| SHA512 | 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 76379d5bf419ad4cb108cf997acac362 |
| SHA1 | c9d78bae8562ffca8560fe1cd8d3d838e1e9344f |
| SHA256 | 22e6316e17fd82330d25327d2baa296a972a7f006ad6107b7fab8bfa360fd760 |
| SHA512 | 064eec674d1d9d51993cebcad3287090e2fc279fe1d5756130c3912c3b25536b4ba2565252acacdfa91890f3eeafb2caae91e7e33c3cc81e9694c05e9e7a2636 |
memory/5988-9105-0x000001E1BDED0000-0x000001E1BE3B8000-memory.dmp