Analysis Overview
SHA256
f9197ec99fb6cfccca9b5ad6af20c455f7e0b5cf15c9baf197164b2e6f7bfe78
Threat Level: Likely malicious
The file media_images_grubyptok.jpg was found to be: Likely malicious.
Malicious Activity Summary
Drops file in Drivers directory
Sets service image path in registry
Downloads MZ/PE file
Modifies RDP port number used by Windows
Impair Defenses: Safe Mode Boot
Event Triggered Execution: Component Object Model Hijacking
Checks computer location settings
Checks BIOS information in registry
Loads dropped DLL
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
Executes dropped EXE
Enumerates connected drives
Checks installed software on the system
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
System Time Discovery
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: LoadsDriver
Modifies registry class
Uses Task Scheduler COM API
Script User-Agent
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy service COM API
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies system certificate store
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies data under HKEY_USERS
Checks processor information in registry
Checks SCSI registry key(s)
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-30 14:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-30 14:46
Reported
2024-10-30 14:52
Platform
win10ltsc2021-20241023-en
Max time kernel
194s
Max time network
338s
Command Line
Signatures
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\DRIVERS\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\MbamChameleon.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mwac.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\SysWOW64\drivers\mbamtestfile.dat | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\farflt.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\system32\drivers\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Windows\system32\DRIVERS\mbamswissarmy.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies RDP port number used by Windows
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\MyCleanPCInstall.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation | C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Impair Defenses: Safe Mode Boot
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 44.228.224.62 | N/A | N/A |
| Destination IP | 44.228.224.62 | N/A | N/A |
Checks installed software on the system
Enumerates connected drives
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{566a54a5-69a0-094f-bf28-80139a95c0d1}\mbtun.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_222cdc9568e4557f\wnetvsc.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{566a54a5-69a0-094f-bf28-80139a95c0d1}\SET3138.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{566a54a5-69a0-094f-bf28-80139a95c0d1}\SET313A.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{566a54a5-69a0-094f-bf28-80139a95c0d1}\mbtun.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_0533a202a2a4615d\netwmbclass.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-heap-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Memory.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.NetworkInformation.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Reflection.Primitives.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ko\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Reflection.Emit.Lightweight.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\es\UIAutomationClientSideProviders.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework-SystemDrawing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\MyCleanPC\System.Data.SQLite.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Text.Encodings.Web.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\it\WindowsBase.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Resources.Extensions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SecurityProductInformation.ini | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\System.Windows.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Services.deps.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.batteries_v2.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Serilog.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\MyCleanPC\ComponentFactory.Krypton.Toolkit.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Windows.Forms.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\tr\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\MyCleanPC\Setup.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\it\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pl\ReachFramework.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hant\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\DryIoc.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File opened for modification | C:\Program Files (x86)\MyCleanPC\Microsoft.Win32.TaskScheduler.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-interlocked-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\Microsoft.CSharp.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\es\PresentationUI.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\UIAutomationTypes.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\System.Windows.Controls.Ribbon.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_mbtun.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Caching.Abstractions.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamsi32.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-processthreads-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.IO.UnmanagedMemoryStream.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.WebSockets.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\System.Windows.Input.Manipulations.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Caching.Memory.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-crt-string-l1-1-0.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.Sockets.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\UIAutomationProvider.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Printing.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbae64.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbam.manifest.json | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Runtime.Loader.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Security.Cryptography.Algorithms.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\it\Microsoft.VisualBasic.Forms.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ja\WindowsFormsIntegration.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\PresentationCore.resources.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\Sentry.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\.version | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.IO.FileSystem.DriveInfo.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Private.CoreLib.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Resources.Reader.dll | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\e59b0d8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB373.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e59b0da.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB1D5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB6B0.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB1E5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\AiFilesRemoveNoImpers_2E8697F4_207E_4696_9C4F_C2AB4A1E6143.bak | C:\Windows\syswow64\MsiExec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB73F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB2A4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{2E8697F4-207E-4696-9C4F-C2AB4A1E6143}\icon.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{2E8697F4-207E-4696-9C4F-C2AB4A1E6143}\SystemFoldermsiexec.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{2E8697F4-207E-4696-9C4F-C2AB4A1E6143}\SystemFoldermsiexec.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB71E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Debug\WIA\wiatrace.log | C:\Windows\system32\mspaint.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB174.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB1B3.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{2E8697F4-207E-4696-9C4F-C2AB4A1E6143}\icon.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\Installer\e59b0d8.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB1C4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB1F6.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB216.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{2E8697F4-207E-4696-9C4F-C2AB4A1E6143} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB2B4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB2B5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB333.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\ELAMBKUP\MbamElam.sys | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\MyCleanPCInstall.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\MyCleanPC\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MBSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MyCleanPCInstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MyCleanPCInstall.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\msiexec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\MyCleanPC\InstAct.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\MyCleanPC\updater.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\MyCleanPC\InstAct.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\MyCleanPC\InstAct.exe | N/A |
System Time Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MyCleanPCInstall.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\msiexec.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AB5C774-8EB7-4C1B-9BBB-5AC3E2C291DD}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090D2E82-C71B-414E-AF6A-6681A92FF2B3} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CE94D34-A1E4-4FA8-BEDC-6A32683B85F5}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F6A99D88-2CA0-4781-86B9-2014CDC372E8} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController\ = "MBAMServiceController Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\ProgID | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF153224-DA64-41F1-AA87-321B345870FA} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{309BE0D9-B4CA-4610-B250-26CC9CDE7186}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B1D8E799-D5A2-45B4-9524-067144A201E4} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31BF2366-C6DB-49F1-96A5-8026B9DF4152}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED06E075-D1FD-4635-BA17-2F6D6BB0DFD6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\Version\ = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7995CBA9-83E0-4F28-A50B-DFDE85EBCCD1}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AFC6D7FD-62B9-4016-9674-53BAC603E9FC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4412646D-16F5-4F3C-8348-0744CDEBCCBF}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D10B0F61-43AA-40F4-9C6C-57D29CA8544E}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2058A31F-5F59-4452-9204-03F588252FFC}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F656FD9-2597-4587-8F05-781C11710867}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6724C143-DE69-4A93-80ED-19B75DD2AA99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD6673C7-8E52-46EE-80B8-58F3FB6AA036}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D10B0F61-43AA-40F4-9C6C-57D29CA8544E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2870643-0645-41F9-BCCB-F5969386162C}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F7968E2E7026964C9F42CBAA4E11634\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C0ECFDC-317D-406B-ADF5-C0E8217E244F}\ = "ILicenseControllerV15" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{616E9BE3-358B-4C06-8AAB-0ACF8D089931}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{09F245DA-55E7-451E-BDF3-4EE44637DFF1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97EB7268-0D7B-43F6-9C11-337287F960DF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MB.LogController\ = "LogController Class" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE9646CD-EB6F-4835-9BE1-364F8896D71E}\ = "IMBAMServiceControllerV12" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4BDE5F8-F8D4-4E50-937F-85E8382A9FEE}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}\ = "_IMBAMServiceControllerEventsV2" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E777BB2-8526-437A-BBE2-42647DE2EC86}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{02E9FB91-8E7C-46BF-958D-EAF5002A59B8}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9669A3D-81E8-46F6-A51E-815A0863D612} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADCD8BEB-8924-4876-AE14-2438FF14FA17}\ = "IPoliciesControllerV5" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\Version\ = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{02E9FB91-8E7C-46BF-958D-EAF5002A59B8}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{77EC89F7-64B9-4192-930B-B7B0A3976BBC}\ProxyStubClsid32 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44AC1571-055F-4CC8-B7D8-EA022C4CC112}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{638A43D2-5475-424B-87B8-042109D7768F}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4215DAB-7574-44DE-8BE9-78CC62597C95}\TypeLib\ = "{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED06E075-D1FD-4635-BA17-2F6D6BB0DFD6}\TypeLib\ = "{EEC295FA-EC51-4055-BC47-022FC0FC122F}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ECDAC35E-72BB-4856-97E1-226BA47C62C5}\ = "_IScanControllerEventsV6" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ECDAC35E-72BB-4856-97E1-226BA47C62C5}\TypeLib | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA} | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{738848E2-18E4-40F8-9C08-60BC0505E9E9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CE18DD5-2BD7-4844-B9AD-DF6A995750A1}\TypeLib\Version = "1.0" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE}\TypeLib\ = "{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}" | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\MyCleanPCInstall.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA | C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\media_images_grubyptok.jpg
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\media_images_grubyptok.jpg"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1908 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42c102e1-e196-46a7-95d9-fd0d96ca101a} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2597342-d132-4d4c-9fad-b1da795cc17d} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2972 -childID 1 -isForBrowser -prefsHandle 2756 -prefMapHandle 2988 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0620495-c9c3-4cad-a6ec-d7d81265c678} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 2872 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8fa435a-64f0-4ec6-8890-75ac91e868e3} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4924 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4820 -prefMapHandle 4904 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2faf14e-4d3d-487e-b063-6645e36deac4} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 3 -isForBrowser -prefsHandle 5316 -prefMapHandle 5352 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93066ee2-13aa-4fb6-bef1-b2cffefc6b93} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01f63efb-1761-4c6b-9a37-15c08dc372f5} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 5 -isForBrowser -prefsHandle 5680 -prefMapHandle 5688 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff231ce0-6d48-41e3-9116-de04e2b9c25e} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6312 -childID 6 -isForBrowser -prefsHandle 6304 -prefMapHandle 6292 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ce372e1-9a7c-4ba5-a3df-a0d21a9b2692} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6552 -childID 7 -isForBrowser -prefsHandle 6540 -prefMapHandle 3808 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7c87598-9a5c-467c-b7fd-d3ea05d620ca} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3280 -childID 8 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f681369-89d1-4a58-a3d0-81c0774cce3a} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7080 -childID 9 -isForBrowser -prefsHandle 7072 -prefMapHandle 7068 -prefsLen 27322 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81f53a81-1104-4b8c-99cc-af81972ad37a} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 10 -isForBrowser -prefsHandle 6444 -prefMapHandle 5772 -prefsLen 27698 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d129976-aa0c-4cf4-b285-e8c3fe44a134} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7468 -childID 11 -isForBrowser -prefsHandle 4764 -prefMapHandle 4768 -prefsLen 27698 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3f54e8c-5a9e-434b-9ffc-f4693867f38f} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8344 -childID 12 -isForBrowser -prefsHandle 8284 -prefMapHandle 8356 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6335f27e-3ed3-4fd4-9a2b-4c2a638f232e} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8488 -childID 13 -isForBrowser -prefsHandle 8200 -prefMapHandle 5668 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e65637fd-79fb-4079-ba93-d80e0adca095} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Users\Admin\Downloads\MBSetup.exe
"C:\Users\Admin\Downloads\MBSetup.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "00000000000001CC" "Service-0x0-3e7$\Default" "00000000000001DC" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
C:\Users\Admin\Downloads\MyCleanPCInstall.exe
"C:\Users\Admin\Downloads\MyCleanPCInstall.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 9BFBB180AA2FC6564359AA7CBCE3A604 C
C:\Users\Admin\Downloads\MyCleanPCInstall.exe
"C:\Users\Admin\Downloads\MyCleanPCInstall.exe" /i "C:\Users\Admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.2.3\install\A1E6143\MyCleanPC.msi" /L*v "C:\Users\Admin\AppData\Roaming\\MyCleanPC\MyCleanPC 4.2.3\install\installlog_MyCleanPC.txt" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC" APPDIR="C:\Program Files (x86)\MyCleanPC" SECONDSEQUENCE="1" CLIENTPROCESSID="8024" CHAINERUIPROCESSID="8024Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" PRIMARYFOLDER="APPDIR" ROOTDRIVE="F:\" AI_DETECTED_INTERNET_CONNECTION="1" AI_SETUPEXEPATH="C:\Users\Admin\Downloads\MyCleanPCInstall.exe" SETUPEXEDIR="C:\Users\Admin\Downloads\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1730059024 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\Downloads\MyCleanPCInstall.exe" TARGETDIR="F:\" AI_INSTALL="1" ARPSIZE=19752 AiProductCode={2E8697F4-207E-4696-9C4F-C2AB4A1E6143} FASTOEM=1 /qn
C:\Windows\SysWOW64\msiexec.exe
"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.2.3\install\A1E6143\MyCleanPC.msi" /L*v "C:\Users\Admin\AppData\Roaming\\MyCleanPC\MyCleanPC 4.2.3\install\installlog_MyCleanPC.txt" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC" APPDIR="C:\Program Files (x86)\MyCleanPC" SECONDSEQUENCE=1 CLIENTPROCESSID=8024 CHAINERUIPROCESSID=8024Chainer ACTION=INSTALL EXECUTEACTION=INSTALL CLIENTUILEVEL=0 ADDLOCAL=MainFeature PRIMARYFOLDER=APPDIR ROOTDRIVE=F:\ AI_DETECTED_INTERNET_CONNECTION=1 AI_SETUPEXEPATH=C:\Users\Admin\Downloads\MyCleanPCInstall.exe SETUPEXEDIR=C:\Users\Admin\Downloads\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1730059024 " AI_SETUPEXEPATH_ORIGINAL=C:\Users\Admin\Downloads\MyCleanPCInstall.exe TARGETDIR=F:\ AI_INSTALL=1 ARPSIZE=19752 AiProductCode={2E8697F4-207E-4696-9C4F-C2AB4A1E6143} FASTOEM=1 /qn
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AA99F35C1AA058EAAECD1005D5949EA1
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 66FE1A8301DEB15FE450119BA8259F16 E Global\MSI0000
C:\Program Files (x86)\MyCleanPC\InstAct.exe
"C:\Program Files (x86)\MyCleanPC\InstAct.exe" createini
C:\Program Files (x86)\MyCleanPC\InstAct.exe
"C:\Program Files (x86)\MyCleanPC\InstAct.exe" installurl "C:\Users\Admin\Downloads\MyCleanPCInstall.exe"
C:\Program Files (x86)\MyCleanPC\InstAct.exe
"C:\Program Files (x86)\MyCleanPC\InstAct.exe" install
C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe
"C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe" afterinstallpopup "C:\Users\Admin\Downloads\MyCleanPCInstall.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6536 -childID 14 -isForBrowser -prefsHandle 6880 -prefMapHandle 6740 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4315a6d4-63c4-4e3f-8b22-ba6b2b6908a9} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8948 -childID 15 -isForBrowser -prefsHandle 5452 -prefMapHandle 8856 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27e1aa81-4dc5-4ed5-8a59-180b97d41b3e} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mycleanpc.com/app/carts/post-install?lnT=PostInstall&ipA=138.199.29.44&mcA=E60B6437E69C&osN=Microsoft+Windows+10+Enterprise+LTSC&osV=10.0.19044.0&lng=en&bdV=4.2.3&scR=&lcA=&lcE=
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x128,0x12c,0xc8,0x130,0x7ffd910e46f8,0x7ffd910e4708,0x7ffd910e4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6680 -childID 16 -isForBrowser -prefsHandle 8968 -prefMapHandle 7784 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00753d19-3b28-4805-a76e-71192b57decd} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
C:\Program Files (x86)\MyCleanPC\updater.exe
"C:\Program Files (x86)\MyCleanPC\updater.exe" /justcheck -url http://mcpi.helpverify.info/setups/registry/mycleanpc/s/updates.txt
C:\Program Files (x86)\MyCleanPC\updater.exe
"C:\Program Files (x86)\MyCleanPC\updater.exe" /justcheck -url http://mcpi.helpverify.info/setups/registry/mycleanpc/s/updates.txt
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x154,0x14c,0x148,0x134,0x144,0x7ff75cb05460,0x7ff75cb05470,0x7ff75cb05480
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe
"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39a3055 /state1:0x41c64e6d
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status off true /updatesubstatus none /scansubstatus none /settingssubstatus none
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 167.57.26.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 172.165.61.93:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | 93.61.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| N/A | 127.0.0.1:49795 | tcp | |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 138.191.11.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| GB | 13.224.77.115:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| N/A | 127.0.0.1:49804 | tcp | |
| US | 8.8.8.8:53 | 115.77.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 36.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| GB | 142.250.200.17:443 | csp.withgoogle.com | tcp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| GB | 142.250.200.17:443 | csp.withgoogle.com | udp |
| US | 8.8.8.8:53 | 2.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.187.206:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.206:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.206:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mycleanpc.co.uk | udp |
| NL | 18.239.36.128:443 | www.mycleanpc.co.uk | tcp |
| US | 8.8.8.8:53 | www.mycleanpc.co.uk | udp |
| NL | 18.239.36.128:443 | www.mycleanpc.co.uk | tcp |
| US | 8.8.8.8:53 | www.mycleanpc.co.uk | udp |
| US | 8.8.8.8:53 | 128.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | useruploads.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | useruploads.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | useruploads.visualwebsiteoptimizer.com | udp |
| GB | 172.217.169.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.mczbf.com | udp |
| US | 8.8.8.8:53 | cdn.limelightcrm.com | udp |
| US | 8.8.8.8:53 | tag.rmp.rakuten.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 34.102.147.248:443 | tag.rmp.rakuten.com | tcp |
| US | 8.8.8.8:53 | tag.rmp.rakuten.com | udp |
| US | 8.8.8.8:53 | tls13.taboola.map.fastly.net | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | tag.rmp.rakuten.com | udp |
| NL | 18.239.36.24:443 | cdn.limelightcrm.com | tcp |
| US | 8.8.8.8:53 | cdn.limelightcrm.com | udp |
| NL | 18.239.36.90:443 | www.mczbf.com | tcp |
| US | 8.8.8.8:53 | dcjdc5qmbbux7.cloudfront.net | udp |
| US | 8.8.8.8:53 | dcjdc5qmbbux7.cloudfront.net | udp |
| US | 8.8.8.8:53 | 137.102.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.66.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.147.102.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.limelightcrm.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 34.102.147.248:443 | tag.rmp.rakuten.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | ut.rd.linksynergy.com | udp |
| US | 8.8.8.8:53 | dynamic.criteo.com | udp |
| US | 8.8.8.8:53 | tags.rd.linksynergy.com | udp |
| US | 8.8.8.8:53 | ut.linksynergy.com | udp |
| US | 8.8.8.8:53 | ut.linksynergy.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| NL | 18.239.36.90:443 | dcjdc5qmbbux7.cloudfront.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 24.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | in-ftd-109.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | in-ftd-109.nl3.vip.prod.criteo.com | udp |
| US | 96.126.99.208:443 | useruploads.visualwebsiteoptimizer.com | tcp |
| US | 150.171.28.10:443 | ax-0001.ax-msedge.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| US | 151.101.129.44:443 | tls13.taboola.map.fastly.net | tcp |
| US | 34.98.67.3:443 | ut.linksynergy.com | tcp |
| NL | 178.250.1.8:443 | in-ftd-109.nl3.vip.prod.criteo.com | tcp |
| US | 34.98.67.3:443 | ut.linksynergy.com | tcp |
| NL | 18.239.36.128:443 | www.mycleanpc.co.uk | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 151.101.129.229:443 | jsdelivr.map.fastly.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 34.98.67.3:443 | ut.linksynergy.com | tcp |
| US | 34.98.67.3:443 | ut.linksynergy.com | tcp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 44.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.67.98.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 150.171.28.10:443 | ax-0001.ax-msedge.net | tcp |
| US | 34.98.67.3:443 | ut.linksynergy.com | tcp |
| NL | 178.250.1.8:443 | in-ftd-109.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 150.171.28.10:443 | ax-0001.ax-msedge.net | tcp |
| US | 34.98.67.3:443 | ut.linksynergy.com | tcp |
| NL | 178.250.1.8:443 | in-ftd-109.nl3.vip.prod.criteo.com | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| DE | 23.55.161.185:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 151.101.129.44:443 | dualstack.tls13.taboola.map.fastly.net | tcp |
| US | 34.98.67.3:443 | ut.linksynergy.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| GB | 142.250.180.2:443 | googleads.g.doubleclick.net | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | gum.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | 185.161.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| GB | 173.194.76.156:443 | stats.g.doubleclick.net | tcp |
| GB | 173.194.76.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | gbc6.fr3.eu.criteo.com | udp |
| GB | 142.250.200.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | s-part-0037.t-0009.t-msedge.net | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | r4---sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| FR | 185.235.86.178:443 | gbc6.fr3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | gbc6.fr3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | s-part-0037.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 13.107.246.65:443 | s-part-0037.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| GB | 163.70.151.35:443 | star-mini.c10r.facebook.com | tcp |
| US | 13.107.246.65:443 | s-part-0037.t-0009.t-msedge.net | tcp |
| GB | 173.194.76.156:443 | stats.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| GB | 163.70.151.35:443 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | trc-events.taboola.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | am-vip001.taboola.com | udp |
| NL | 141.226.228.48:443 | am-vip001.taboola.com | tcp |
| US | 8.8.8.8:53 | 156.76.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.7.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 178.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | am-vip001.taboola.com | udp |
| NL | 185.235.87.100:443 | ag.gbc.criteo.com | tcp |
| US | 8.8.8.8:53 | gbc3.nl3.eu.criteo.com | udp |
| NL | 185.235.87.100:443 | gbc3.nl3.eu.criteo.com | tcp |
| US | 150.171.28.10:443 | ax-0001.ax-msedge.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| NL | 18.239.36.90:443 | dcjdc5qmbbux7.cloudfront.net | tcp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 8.8.8.8:53 | 48.228.226.141.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.87.235.185.in-addr.arpa | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | gbc3.nl3.eu.criteo.com | udp |
| GB | 173.194.183.137:443 | r4---sn-aigl6ner.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | app.ustechsupport.com | udp |
| US | 8.8.8.8:53 | d1md1vsc8wjgys.cloudfront.net | udp |
| GB | 18.172.88.81:443 | app.ustechsupport.com | tcp |
| GB | 173.194.183.137:443 | r4.sn-aigl6ner.gvt1.com | udp |
| US | 8.8.8.8:53 | d1md1vsc8wjgys.cloudfront.net | udp |
| US | 8.8.8.8:53 | 168.129.153.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.183.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sslwidget.criteo.com | udp |
| NL | 178.250.1.9:443 | sslwidget.criteo.com | tcp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | widget.nl3.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | widget.us.criteo.com | udp |
| US | 74.119.117.16:443 | widget.us.criteo.com | tcp |
| US | 8.8.8.8:53 | widget.us5.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | widget.us5.vip.prod.criteo.com | udp |
| US | 8.8.8.8:53 | 9.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.117.119.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 142.250.200.17:443 | csp.withgoogle.com | udp |
| GB | 216.58.204.67:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| GB | 216.58.204.67:443 | id.google.com | udp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | www.malwarebytes.com | udp |
| US | 8.8.8.8:53 | 233.66.0.192.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | tcp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | api.weglot.com | udp |
| US | 8.8.8.8:53 | stats.wp.com | udp |
| US | 8.8.8.8:53 | cdn.weglot.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 104.18.38.142:443 | cdn.weglot.com | tcp |
| US | 8.8.8.8:53 | api.weglot.com.cdn.cloudflare.net | udp |
| US | 172.64.149.114:443 | api.weglot.com.cdn.cloudflare.net | tcp |
| US | 8.8.8.8:53 | cdn.weglot.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | plausible.io | udp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 8.8.8.8:53 | cdn.weglot.com.cdn.cloudflare.net | udp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 54.83.239.11:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | api.weglot.com | udp |
| US | 172.64.149.114:443 | api.weglot.com | udp |
| US | 172.64.149.114:443 | api.weglot.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 192.0.76.3:443 | stats.wp.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 54.83.239.11:443 | genesis.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 3.76.0.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.237.127.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.239.83.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.weglot.com.cdn.cloudflare.net | udp |
| US | 104.18.38.142:443 | api.weglot.com | udp |
| US | 8.8.8.8:53 | genesis.malwarebytes.com | udp |
| US | 8.8.8.8:53 | 142.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| GB | 79.127.237.132:443 | plausible.io | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 42.86.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | tcp |
| US | 8.8.8.8:53 | pixel.wp.com | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.38.142:443 | api.weglot.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 192.0.76.3:443 | pixel.wp.com | udp |
| US | 8.8.8.8:53 | downloads.malwarebytes.com | udp |
| GB | 18.172.88.81:443 | downloads.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | downloads.malwarebytes.com | udp |
| US | 8.8.8.8:53 | downloads.malwarebytes.com | udp |
| US | 8.8.8.8:53 | data-cdn.mbamupdates.com | udp |
| GB | 18.165.160.68:443 | data-cdn.mbamupdates.com | tcp |
| US | 8.8.8.8:53 | data-cdn.mbamupdates.com | udp |
| US | 8.8.8.8:53 | data-cdn.mbamupdates.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | 68.160.165.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | csm.nl3.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | csm.nl3.vip.prod.criteo.net | udp |
| US | 8.8.8.8:53 | api2.amplitude.com | udp |
| US | 54.186.122.32:443 | api2.amplitude.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| US | 8.8.8.8:53 | 32.122.186.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 4.153.129.168:443 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | ark.mwbsys.com | udp |
| US | 34.235.10.207:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 18.172.88.94:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 207.10.235.34.in-addr.arpa | udp |
| US | 34.235.10.207:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 18.172.88.52:443 | cdn.mwbsys.com | tcp |
| US | 34.235.10.207:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 18.172.88.27:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 52.88.172.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.88.172.18.in-addr.arpa | udp |
| US | 34.235.10.207:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 18.172.88.89:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 89.88.172.18.in-addr.arpa | udp |
| US | 34.235.10.207:443 | ark.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 18.172.88.52:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipv4.am.i.mullvad.net | udp |
| SE | 45.83.223.233:443 | ipv4.am.i.mullvad.net | tcp |
| US | 8.8.8.8:53 | holocron.mwbsys.com | udp |
| US | 18.209.182.66:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 233.223.83.45.in-addr.arpa | udp |
| US | 18.209.182.66:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | 66.182.209.18.in-addr.arpa | udp |
| US | 54.159.228.193:443 | holocron.mwbsys.com | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 192.0.66.233:443 | www.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 193.228.159.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crl.comodoca.com | udp |
| US | 172.64.149.23:80 | crl.comodoca.com | tcp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.193.25.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | iris.mwbsys.com | udp |
| US | 3.223.246.158:443 | iris.mwbsys.com | tcp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 44.234.138.160:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | 158.246.223.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 4.153.129.168:443 | b.clarity.ms | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 160.138.234.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.mycleanpc.co.uk | udp |
| NL | 18.239.36.49:443 | www.mycleanpc.co.uk | tcp |
| US | 8.8.8.8:53 | www.mycleanpc.co.uk | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 8.8.8.8:53 | 49.36.239.18.in-addr.arpa | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | sealserver.trustwave.com | udp |
| US | 8.8.8.8:53 | realdefense.limelightcrm.com | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| GB | 2.18.27.136:443 | sealserver.trustwave.com | tcp |
| US | 8.8.8.8:53 | e128536.dscb.akamaiedge.net | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.199.241.20:443 | realdefense.limelightcrm.com | tcp |
| US | 8.8.8.8:53 | k8s-default-crmprodu-c100a423dd-152722070.us-east-1.elb.amazonaws.com | udp |
| US | 8.8.8.8:53 | jsdelivr.map.fastly.net | udp |
| US | 8.8.8.8:53 | k8s-default-crmprodu-c100a423dd-152722070.us-east-1.elb.amazonaws.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 150.171.28.10:443 | ax-0001.ax-msedge.net | tcp |
| GB | 2.18.27.136:443 | e128536.dscb.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | 137.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.241.199.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mcpi.helpverify.info | udp |
| NL | 149.210.194.253:443 | mcpi.helpverify.info | tcp |
| US | 8.8.8.8:53 | ssl.kaptcha.com | udp |
| US | 8.8.8.8:53 | e128536.dscb.akamaiedge.net | udp |
| US | 35.80.101.90:443 | ssl.kaptcha.com | tcp |
| US | 8.8.8.8:53 | colle-elast-1xnsxgci0b78j-8180b06a6c06d9d4.elb.us-west-2.amazonaws.com | udp |
| US | 35.80.101.90:443 | colle-elast-1xnsxgci0b78j-8180b06a6c06d9d4.elb.us-west-2.amazonaws.com | tcp |
| US | 8.8.8.8:53 | colle-elast-1xnsxgci0b78j-8180b06a6c06d9d4.elb.us-west-2.amazonaws.com | udp |
| GB | 172.217.169.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | www.mczbf.com | udp |
| US | 8.8.8.8:53 | cdn.limelightcrm.com | udp |
| US | 34.102.147.248:443 | tag.rmp.rakuten.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | dcjdc5qmbbux7.cloudfront.net | udp |
| NL | 18.239.36.96:443 | dcjdc5qmbbux7.cloudfront.net | tcp |
| US | 8.8.8.8:53 | tls13.taboola.map.fastly.net | udp |
| NL | 18.239.36.12:443 | cdn.limelightcrm.com | tcp |
| US | 8.8.8.8:53 | cdn.limelightcrm.com | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | dcjdc5qmbbux7.cloudfront.net | udp |
| US | 8.8.8.8:53 | tls13.taboola.map.fastly.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | udp |
| US | 151.101.129.44:443 | tls13.taboola.map.fastly.net | tcp |
| US | 8.8.8.8:53 | demoaws.limelightcrm.com | udp |
| US | 34.192.47.42:443 | demoaws.limelightcrm.com | tcp |
| US | 8.8.8.8:53 | 253.194.210.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.101.80.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 96.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 12.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stun1.l.google.com | udp |
| US | 8.8.8.8:53 | stun.kaptcha.com | udp |
| US | 74.125.250.129:19302 | stun1.l.google.com | udp |
| US | 44.228.224.62:53 | stun.kaptcha.com | udp |
| US | 8.8.8.8:53 | 42.47.192.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.250.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.224.228.44.in-addr.arpa | udp |
| NL | 149.210.194.253:443 | mcpi.helpverify.info | tcp |
| NL | 178.250.1.8:443 | in-ftd-109.nl3.vip.prod.criteo.com | tcp |
| US | 34.98.67.3:443 | ut.linksynergy.com | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| NL | 18.239.36.96:443 | dcjdc5qmbbux7.cloudfront.net | tcp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 151.101.129.44:443 | dualstack.tls13.taboola.map.fastly.net | tcp |
| US | 8.8.8.8:53 | dualstack.tls13.taboola.map.fastly.net | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| US | 8.8.8.8:53 | star-mini.c10r.facebook.com | udp |
| GB | 173.194.76.156:443 | stats.g.doubleclick.net | udp |
| GB | 163.70.151.35:443 | star-mini.c10r.facebook.com | udp |
| NL | 149.210.194.253:443 | mcpi.helpverify.info | tcp |
| NL | 149.210.194.253:443 | mcpi.helpverify.info | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| NL | 185.235.87.100:443 | gbc3.nl3.eu.criteo.com | tcp |
| FR | 185.235.86.178:443 | gbc6.fr3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | www.mycleanpc.com | udp |
| NL | 13.227.219.123:443 | www.mycleanpc.com | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| GB | 172.165.69.228:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | data-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.244.186:443 | data-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| NL | 18.239.36.49:443 | www.mycleanpc.co.uk | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| US | 8.8.8.8:53 | s-part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | 123.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 8.8.8.8:53 | c-msn-com-nsatc.trafficmanager.net | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 13.107.21.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 8.8.8.8:53 | dual-a-0034.a-msedge.net | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 8.8.8.8:53 | sealserver.trustwave.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | realdefense.limelightcrm.com | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| GB | 2.18.27.136:443 | sealserver.trustwave.com | tcp |
| US | 34.195.56.174:443 | realdefense.limelightcrm.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | crl.securetrust.com | udp |
| GB | 2.18.27.159:80 | crl.securetrust.com | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| NL | 18.239.36.103:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 1.129.74.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.65.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.27.18.2.in-addr.arpa | udp |
| GB | 142.250.200.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 150.171.27.10:443 | bat.bing.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | tcp |
| US | 34.102.147.248:443 | tag.rmp.rakuten.com | tcp |
| NL | 18.239.36.96:443 | dcjdc5qmbbux7.cloudfront.net | tcp |
| NL | 18.239.36.12:443 | cdn.limelightcrm.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | ssl.kaptcha.com | udp |
| US | 8.8.8.8:53 | cdn.taboola.com | udp |
| BE | 74.125.133.156:443 | stats.g.doubleclick.net | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 151.101.1.44:443 | cdn.taboola.com | tcp |
| US | 54.148.115.137:443 | ssl.kaptcha.com | tcp |
| US | 54.148.115.137:443 | ssl.kaptcha.com | tcp |
| US | 13.107.246.64:443 | s-part-0036.t-0009.t-msedge.net | tcp |
| NL | 18.239.36.96:443 | dcjdc5qmbbux7.cloudfront.net | tcp |
| US | 54.148.115.137:443 | ssl.kaptcha.com | tcp |
| NL | 149.210.194.253:80 | mcpi.helpverify.info | tcp |
| US | 8.8.8.8:53 | dynamic.criteo.com | udp |
| US | 8.8.8.8:53 | ut.rd.linksynergy.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 34.98.67.3:443 | ut.rd.linksynergy.com | tcp |
| NL | 178.250.1.8:443 | dynamic.criteo.com | tcp |
| US | 8.8.8.8:53 | 36.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.115.148.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 149.210.194.253:80 | mcpi.helpverify.info | tcp |
| NL | 178.250.1.8:443 | dynamic.criteo.com | tcp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 4.153.129.168:443 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | tcp |
| US | 4.153.129.168:443 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| NL | 178.250.1.9:443 | widget.nl3.vip.prod.criteo.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 44.228.224.62:53 | stun.kaptcha.com | udp |
| US | 74.125.250.129:19302 | stun1.l.google.com | udp |
| US | 74.119.117.16:443 | widget.us5.vip.prod.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.112:443 | ag.gbc.criteo.com | tcp |
| IE | 13.74.129.1:443 | c.clarity.ms | tcp |
| NL | 185.235.87.221:443 | gem.gbc.criteo.com | tcp |
| US | 54.148.115.137:443 | ssl.kaptcha.com | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.86.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.87.235.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | trc-events.taboola.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| NL | 141.226.228.48:443 | trc-events.taboola.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | sslwidget.criteo.com | udp |
| NL | 178.250.1.9:443 | sslwidget.criteo.com | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | widget.us.criteo.com | udp |
| US | 74.119.117.16:443 | widget.us.criteo.com | tcp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | udp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 8.8.8.8:53 | b.clarity.ms | udp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 4.153.129.168:443 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | udp |
| US | 4.153.129.168:443 | vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com | tcp |
| NL | 178.250.1.25:443 | csm.nl3.vip.prod.criteo.net | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 34.195.26.228:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| GB | 18.172.88.27:443 | cdn.mwbsys.com | tcp |
| US | 8.8.8.8:53 | cdn.mwbsys.com | udp |
| US | 8.8.8.8:53 | 228.26.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hubble.mb-cosmos.com | udp |
| NL | 18.238.243.16:443 | hubble.mb-cosmos.com | tcp |
| US | 8.8.8.8:53 | 16.243.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.com | udp |
| US | 104.18.38.233:80 | ocsp.trust-provider.com | tcp |
| US | 8.8.8.8:53 | crl.trust-provider.com | udp |
| US | 172.64.149.23:80 | crl.trust-provider.com | tcp |
| US | 8.8.8.8:53 | www.intel.com | udp |
| GB | 23.211.239.194:80 | www.intel.com | tcp |
| US | 8.8.8.8:53 | certificates.intel.com | udp |
| GB | 2.18.190.80:80 | certificates.intel.com | tcp |
| US | 8.8.8.8:53 | 194.239.211.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.thawte.com | udp |
| DE | 152.199.19.74:80 | ocsp.thawte.com | tcp |
| US | 8.8.8.8:53 | crl.thawte.com | udp |
| SE | 192.229.221.95:80 | crl.thawte.com | tcp |
| US | 8.8.8.8:53 | 74.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telemetry.malwarebytes.com | udp |
| US | 44.234.138.160:443 | telemetry.malwarebytes.com | tcp |
| US | 44.234.138.160:443 | telemetry.malwarebytes.com | tcp |
| US | 8.8.8.8:53 | sirius.mwbsys.com | udp |
| US | 34.195.26.228:443 | sirius.mwbsys.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| US | 104.18.38.233:80 | crl.trust-provider.com | tcp |
| US | 172.64.149.23:80 | crl.trust-provider.com | tcp |
| US | 104.18.38.233:80 | crl.trust-provider.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 184.25.193.234:80 | www.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 1725fc0cded5684bd7bd89d58e201422 |
| SHA1 | 4b4079ed0bd582ad8fe9ee5c86bf28eee18027bc |
| SHA256 | 9d4cee3ab59f845c6b012f5f491613c2a72fe22f525ccd5082a585f9017abb78 |
| SHA512 | 9727ab151cfdc38421d7c05e23b8ee459a52159f44cc3e946483177ce20f01c83031afc40c731da34e35a3d7af890b688b1755e327ccd012dfb98a05e03053ba |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\b32fb5d6-0828-48a6-9e2c-a9e41ce28802
| MD5 | ab48402bc511023b5ed93c51a678d830 |
| SHA1 | 2d8fb29751222fd41a7f48778a09e7ca4bd4d3ef |
| SHA256 | 5fe9619b9690fe7d01cf68616d97ffd12e892b31fdfedbf99f9ef529112da505 |
| SHA512 | f37030d8880649c251150d17ce90f1aa88402e4f6c28219662065b8e2a800186c5b532b34edad4405dce37d258e78293db105bf317514d8a1b7a7bc5dc75f45f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\262c0784-e1ea-458a-9179-411c23ba30a6
| MD5 | 80367b1822b391c241c921fb50c43e61 |
| SHA1 | 245f33df0461157e459c05ebda7e6b776d49bcff |
| SHA256 | 27ff23343947de92342e27dece10bf9bacf66e8057b81d56edcbf1bfeca9201a |
| SHA512 | 10e539e4716e78761d26f36dbb247e00f5a062277edef914fabc93a92df577fdd6392d93c2ef0a44e49a4e7c59421c81325c7be035f87b34a986e66b768a5cae |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\65c6f9be-063a-4521-9637-969353c3acb1
| MD5 | 6283f1c8ccde9dc9ced121cab0ff8cc1 |
| SHA1 | ac2d0d3fcdfc77f22464720c833ced897326f5a5 |
| SHA256 | 70f3b002b5f5ebecdf998f08b6f66f91e7173f2c6d1eb409170703b8f5342135 |
| SHA512 | 86b4fbb29671237adfe0aeafd3c1c527b175eae81f9c57df9ebd37c1dac468e305abca945e7c312659ee6b55b22ae01b375b124961adaeea384c664d48960e2f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 557347f090ff961b1eef4566fbdeeb34 |
| SHA1 | a0e03a7b27d1ca184a809b3484ff3c0371cc243e |
| SHA256 | a4a945955d524c9981aa047be52b3e528f2f2f0e32622ef795c886f3909dc2d0 |
| SHA512 | 27977ba600c62236a98b28beb794096ee9f02c37d84f6f9b024d4d85798f85577e6746f2134716027d2b4cb7ef5016573e8733b56820d78a751ccff0678bff6c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | bce0280e00fb38f3261f65918f6282e0 |
| SHA1 | 2eac0fc01dac55de86f75ef305cb3c05034254f2 |
| SHA256 | aa84161cad97ce27184a8cd79f17617492b51d7ada919f1de7c10d198cc4370e |
| SHA512 | afaf2c3ed859da0e5e26217a78a4561b3d9b5fc7a07524f4c78b50f5466a6892758fac644500b0cc9c7639bb808423d8204936a77a9c3d645b1a03d947300847 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js
| MD5 | b949dbe609213f4685176cb9d587243e |
| SHA1 | 8a1e688957f293177e768b72885f44cbb8b33b0b |
| SHA256 | 415d56c22e15f23dfb9b567ab974b7716fdff04c0437af2ff1a503d06f697d90 |
| SHA512 | fe869a1a4980c1bbb591ea6df91c4a2b2099419e4037fb404ada772179384fa5f73ed77e153100e74a7b15dd15732e45abb73e087b20df3c96cd946e6fa21a35 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin
| MD5 | f9964417a97f00a5638d3602023120eb |
| SHA1 | f9b9cf89eccfd6ca026683d4ef792ebb8aa1cfd4 |
| SHA256 | 3e4022b3672f61b319948c2027d9b4adfbcf3c396bc1cdf4fdd38f2b306402bf |
| SHA512 | a9d560a64dfc64ccfad88937b41460ff1ac476785ffefa74f7c7518a448ab8b83cfe4130c764f2b5c7c0bea05a86b8ac0f9c155a26e7443381e9b80e38b8143e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\doomed\17457
| MD5 | e3fe3e5c25dc7d93885aee80cd731b26 |
| SHA1 | 8dd0ed3dd627e06ba028a477f74a39c1dffb2d89 |
| SHA256 | 0303d5a48d43be5f75ac7704c042a30556ef29ad0bb1419b5b526b37f01702f1 |
| SHA512 | c106f04f1cd0cc4ca9907a0193112dcd31324acf88fcde1784a9f1181e1f2c4183c233257dee661233830660de58f254f901d686ba59ea66b02ab6ad647114a8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Cmycleanpc.co.uk%29\cache\morgue\245\{8f34a9a2-3e11-4606-b933-f3e9c3cbbff5}.final
| MD5 | 7fd116230491d5754c0b8b21d8aac3a4 |
| SHA1 | 505c970507e1ee607f55221d72dd3c8d5c34a006 |
| SHA256 | c7e87cc66882a9f33a088046f6bccf88d71b3c746c737cd922845e4f964ddc3a |
| SHA512 | 2d782cac56b3691bb4189b85a4f2882ab30a5d23eb71e5db4aa04f27d19956cedc246213fcf66c333ce86cdd57a808a1cbebba54f885bc2e85b601d02a9c943c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js
| MD5 | 9bae7ce5fb274fc183a2be8b5631f925 |
| SHA1 | d5eef5e7733e0e17c9ef9ba7fb82c4c943e42571 |
| SHA256 | ed2bc100c77b7c055e1042acbc2470201ea639e7298797c483509e9500d81414 |
| SHA512 | d8a32bad9ad52e13e2f6c092e6f7a9af6bfa3bb903ecf4c46a5167f74c1298527a0abd3afec6409659dbc3d9fedb8bb4f8b69a29c21bb92a0dfb41fffaf073b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 60687bf10d87c5f58f2afc0b8e8a15c4 |
| SHA1 | 7396d416c3280d94ad35e7ab7818b196bebddfed |
| SHA256 | e94b148ab58c07454081906f6b51a21aadc47c9cab22f495b97ebad2d5c2e153 |
| SHA512 | cb6576f41766d97c542ab7c6c67aa988760a4b1f76e9d16b66c4bd1f071d179894a681fe9c2cb199c38ff7f8cf58642e2b55aee616c384910cbbc22ee8447c64 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 376b0a229c27f9560432a37cbd986334 |
| SHA1 | 577a8762bceb38bf64afe10b2aec183e50e58e8f |
| SHA256 | 253b70365599fdbc9877edb8ce5aed57710b7641575d003cbba6c8aa77c994a7 |
| SHA512 | b215de1cff716b1a7711a2e2902f2d46f4edda38fb3fdae11af6281a2be3eae950891753a0a877f6c68465df8303cf8347061fe6ab235d49ba524151c51409f7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin
| MD5 | 050a05d707deef5ff930121693d424f3 |
| SHA1 | 48e914777e548df95d929259f62e953397267fa6 |
| SHA256 | d178e842c5ae983d554326d9c85bd5418e7639e754bd0eb016c0df9f5a5f603a |
| SHA512 | f5504452916c056f45900acd8d607ed9a3846110a0257d9f49f245bc0b12ebeba866a8d41dfd0355938cf4ef9502fdc65967794c6fb444506c05ed3917ed4ebd |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js
| MD5 | 443a1dee0aa3e711288cf417cc7ea606 |
| SHA1 | ebab4f62b52fd36e85d8e5ab4f378994f4e22354 |
| SHA256 | b04ba9955cc12c1799ae334074353cdde26056d0e8aed9bdd0fddb5dc21931a8 |
| SHA512 | a773614c8854e171b87e4b7fa915d4296445c0753100a762d31e6518a89d779ce2f76ec7e1a94f2ac259f7fa7af32a67b1e269137f5deb3144c283edba153d02 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js
| MD5 | d6af595de92a7c16d5608b1d4f37d49b |
| SHA1 | dda0ffb8681e8e0fa77cf04ba6b54e66291bdf4f |
| SHA256 | 7f388546a0cdbbaf9119ef848415291e0e85b323e61a862ce12c63dee1d2e60a |
| SHA512 | b2d1d0a15ddd2ab08047dc946e1cd530070f9f798cfac8176357914ed96437d16504e00460ae0d889d05553ed30db3c56b5254207e750714416e32bc05f8dbb8 |
C:\Users\Admin\Downloads\MyCleanPCInstall.usMydNEN.exe.part
| MD5 | 50d21fecbd4a986c4ddd51acbed43532 |
| SHA1 | 865c15d07ef7df1a2690a1a8c8fbb5641daa2e38 |
| SHA256 | 15280db86cf430919c03bc3c162f5920d47cfb493a6a39ccf02c3c08d5eadcf4 |
| SHA512 | 48e2329db5450b0acc5e0938fbebc9d2f8561da988ee93ecb36aa0eb4d6a3bf2cdf24816cbadf3a5c1be6129123d08478de53d65b4a37a9d97eb4b90205e473e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | f30f6e5abf4be1d62495c6b382681973 |
| SHA1 | bd1b2b482a4451a9c1b91906e1925c9ff6e5078a |
| SHA256 | 4847889cbb74912811bdaf881338dea38ef22f152292168a68da89d011850f45 |
| SHA512 | 612ad652fccbdd7cbd7c46892fa86d730a91007f089023707c64da61654a73ef416c071c1034e9bafb6e553666ae66424bb09bc1b1f1315331ef2756c8a8a90c |
C:\Users\Admin\Downloads\MBSetup.exe
| MD5 | 6b3b44639456a3230e3838d0d2202939 |
| SHA1 | 6aa554f51497c21d684d80fdf363e23b8f1f28f2 |
| SHA256 | eedb91d5c57418231eaf086f3739353392fa83267075bc50de2cabd11db66c1f |
| SHA512 | fab38b9b7d587aed6f2ab267cf9afa878213832b86cc00519e0cf5880072aa95516796131afe87d641fe113f2041eef52988845df15b716330de0080bf5ccfea |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 024af699e67f11319bcac68f75bbc85a |
| SHA1 | 2e32142538ca28b0be23f937c8bf9ae56b529c77 |
| SHA256 | f178f8d7336b9ad0c2a8e075fde730d1bbba768d8eb098eca827a4365257a703 |
| SHA512 | a305c7716b9a6466e0c54cac22e6f419f2f8d64e17883ee27e5d20c31d89ef83b9c94cd9faff2fde3f0a6ed6096322875c68712987358d41b3a256098f0d5199 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 64b316315cc12be8ec7a4a3e4a279d65 |
| SHA1 | ceef5e36595c6e5607ae20bd709cae44f51d5994 |
| SHA256 | 6193b96032c2f7619288d359fcef99a952f01f921f4f9272c4d30c5c1701abfa |
| SHA512 | ea2f7239157e415efaeb582ddb52bad440033e5d25e12f83073c8c7186a6236cee6e55f90bf4f607b66fd765097e775127911867680e7f7a9c182773001c229d |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
| MD5 | f35a6782aea69cda718cc378504db826 |
| SHA1 | 5fc4028de1c51089d9f487caa02a78d4d42266fd |
| SHA256 | 20f89ddb4dd26f98ce006ae2034a87e1c2347788697e0fdb68b87c95af0b680c |
| SHA512 | 5a5dcf1ecb32addf5fa9ffbce583fbdb4714e5b87553abd57723cb1b199c54bbaf038db1a7ee1cb095b1aad878f8d17919b55cb093c4a869d7356aaf28fb3a4f |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\7z.dll
| MD5 | 3430e2544637cebf8ba1f509ed5a27b1 |
| SHA1 | 7e5bd7af223436081601413fb501b8bd20b67a1e |
| SHA256 | bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa |
| SHA512 | 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.malwarebytes.com\ls\usage
| MD5 | 9a1c5e6fe15a3f5c952a0ce5604cddeb |
| SHA1 | 5fd1a12254267edc191e726e879db7f4bfe1d8c4 |
| SHA256 | 2c3a828c6eae6528fbead6fcb7e2374b1733bfca672c9ca8674abe8016bea692 |
| SHA512 | 466ca4c395b1a06e4f83f78b9b5df4cca75cc7582a5900864582e993a7ec19acc44f9757657195a5133d3a137984851c7de0e5b945190440a3b5e9552f01610b |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.33\mscordaccore_amd64_amd64_6.0.3324.36610.dll
| MD5 | 0377b6eb6be497cdf761b7e658637263 |
| SHA1 | b8a1e82a3cb7ca0642c6b66869ee92ce90465b2a |
| SHA256 | 4b7247323c45262bbb77f0ef55c177a2211040fa77d410513a667488bf1bc882 |
| SHA512 | ff3f6f6d1535e7aab448590fdbdf60d37e64e00d4081853f201c0103d7b7918f388db5469774f32af211e0990bc103bc9ff3708fa44efd868aa312c76ea65600 |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\servicepkg\MBAMService.exe
| MD5 | 69186998f66f291690f40c3e4e3b9832 |
| SHA1 | 22ea0106cd46bf4ec55dba7bc674f915017151e0 |
| SHA256 | bb088058ee2d51b7d5b146bc8d29463c2e25cdbccbc108763cd0f5f7f4eeeac9 |
| SHA512 | 56bb14ac7ec4d54940efb874e922d5acf7517fdb42179c6f188c0268a646ddbea857ee33435ce43fc851593d135a3e9f222c6d4d9b0f4db17192ad0984952b31 |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\dbclspkg\MBAMCoreV5.dll
| MD5 | 5e84b24b7d4e5d5a161074da559a1b49 |
| SHA1 | c5dea018ff9ce1c9a3e0cc90d1363fff57ab10f4 |
| SHA256 | b1fdd023dd927099a2991b44f17cf2845cd70e7869c3bdb95fca52424d9a6eb1 |
| SHA512 | f962b0022e544dffb722456409e90b3046df07262f7a493188f6e17b26fd8ed16363acb89729615a01361fceea792ad640e51606443a007653c1f269aa805774 |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\servicepkg\srvversion.dat
| MD5 | 91ae66a8d2f09adcfbb1e0dc66b80478 |
| SHA1 | 3fd6c4c0c05d20dca3c9e948febd93b215ee2eba |
| SHA256 | 903a82ae359f8872d54b73028eda294653ccd2d1810a2c9786456025d10e0b77 |
| SHA512 | f1bb9f991e01c2673b37249f9aec8fb9302c88f506b7ca94a198aeddbea22f3e688abfdca50952ae99de8826f39d5394e14523ef395d95cac9d7ea1a552c8385 |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\Assistant.runtimeconfig.json
| MD5 | d94cf983fba9ab1bb8a6cb3ad4a48f50 |
| SHA1 | 04855d8b7a76b7ec74633043ef9986d4500ca63c |
| SHA256 | 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a |
| SHA512 | 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998 |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\mbamelam.inf
| MD5 | c481ad4dd1d91860335787aa61177932 |
| SHA1 | 81633414c5bf5832a8584fb0740bc09596b9b66d |
| SHA256 | 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3 |
| SHA512 | d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830 |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\mbamelam.cat
| MD5 | 60608328775d6acf03eaab38407e5b7c |
| SHA1 | 9f63644893517286753f63ad6d01bc8bfacf79b1 |
| SHA256 | 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59 |
| SHA512 | 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7 |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\mbamelam.sys
| MD5 | 9e77c51e14fa9a323ee1635dc74ecc07 |
| SHA1 | a78bde0bd73260ce7af9cdc441af9db54d1637c2 |
| SHA256 | b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0 |
| SHA512 | a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186 |
C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\mbae64.sys
| MD5 | 95515708f41a7e283d6725506f56f6f2 |
| SHA1 | 9afc20a19db3d2a75b6915d8d9af602c5218735e |
| SHA256 | 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6 |
| SHA512 | d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08 |
C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
| MD5 | 46f875f1fe3d6063b390e3a170c90e50 |
| SHA1 | 62b901749a6e3964040f9af5ddb9a684936f6c30 |
| SHA256 | 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec |
| SHA512 | fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
| MD5 | 2bbf63f1dab335f5caf431dbd4f38494 |
| SHA1 | 90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0 |
| SHA256 | f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364 |
| SHA512 | ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5 |
C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
| MD5 | 5d1917024b228efbeab3c696e663873e |
| SHA1 | cec5e88c2481d323ec366c18024d61a117f01b21 |
| SHA256 | 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8 |
| SHA512 | 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat
| MD5 | 8abff1fbf08d70c1681a9b20384dbbf9 |
| SHA1 | c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6 |
| SHA256 | 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658 |
| SHA512 | 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f |
C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys
| MD5 | 83d4fba999eb8b34047c38fabef60243 |
| SHA1 | 25731b57e9968282610f337bc6d769aa26af4938 |
| SHA256 | 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c |
| SHA512 | 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 0c88eb6e3b115909327426b28442a57c |
| SHA1 | 80f793d001c1ee4da5875becf53a49a5ecddc9df |
| SHA256 | 5c2f826989a15bdf9090d70bb568707042c0fab845d40263808b86a7aec8e964 |
| SHA512 | c29424384a6ed53488ac8341ee0996be6f03f3fa1f0f3dd62d6c2773d7ab6366d35aaa09294f12ea7e49d9a510ab36188759007efd4ac71c6144d4814e75b344 |
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
| MD5 | 7587f2270bfa12bc78851274787ed39b |
| SHA1 | f8ee5dba0fb13ae55404a6ed433991e798d9a1d7 |
| SHA256 | 0368c1ff7ee6f8007e0ed9746071e465fda7493a7cdeef745a8e8f75b508de1c |
| SHA512 | e74277a11ec114737bdac3fea96228eb325b95a859935ee5d2fd7bd76659e2e7e4764602189e5ca6b83aab843eebb2f9ad4eba596c3a9dc0f35ea57d8613fc8a |
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
| MD5 | 2ccb84bed084f27ca22bdd1e170a6851 |
| SHA1 | 16608b35c136813bb565fe9c916cb7b01f0b20af |
| SHA256 | a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb |
| SHA512 | 0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986 |
C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll
| MD5 | 03d6455dc6934a409082bf8d2ce119d5 |
| SHA1 | 995963c33a268a7ed6408c2e6de1281e52091be2 |
| SHA256 | 82ca2aec64fe151efd59a838c1845111bfb9f94ff277be3afae4e3f684ef3a62 |
| SHA512 | a0ff71bc01a11c9a95c1a0186a7bbfec9c3f84d7e600d0bca877934fa5f84053627bc59bb355f53ce9e3c9e4c6a841b8f5cb7436fe7f43b63426a8a851392c6d |
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
| MD5 | b7e5071b317550d93258f7e1e13e7b6f |
| SHA1 | 2d08d78a5c29cf724bc523530d1a9014642bbc60 |
| SHA256 | 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064 |
| SHA512 | 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54 |
C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll
| MD5 | 4542a8ef208fd61899a88f1571e5bf61 |
| SHA1 | b210f280eed1be5ecf7841a2682eecb7ea660ac6 |
| SHA256 | 016026f65885b49cf87e7c15a0d4ca1f3b0aa08e7edaeaeaac53473c30e95280 |
| SHA512 | 305991083f46dfb8172a8cc2b8c7bbe30edbed2801040570d8bcdc8baad9361c694624e98b2016c9d44ab6332fd6b3929f0cb190a4c9771e4cbf5b252b3fe581 |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | dd15efa2293bfe9031280a7e10d46d21 |
| SHA1 | 55241caa7b58763e64278aae6c3c5bb8d2f3ae35 |
| SHA256 | 8b36edc3a75810f5c068643e6c7c68f48235e2e67988dddbb3661f40615c37e3 |
| SHA512 | 9e5bcb6e3067921d94c1ad13dbba7f1a4e017eedd7c5183e9f97642ba5ac93d7341cb872fd39df3da4ee0e05c2426815d714b7d94aea5a88cc3bd6e8bd6700aa |
C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll
| MD5 | 68eacafc2d4837960257800fcf9e8566 |
| SHA1 | d1dde4b802a71da319aaad5de50a27ecb538229c |
| SHA256 | d5e0c9eb4fa6daa994eede66dda650b2de03054da399fd1082cd30f58e181554 |
| SHA512 | 719ad758d53e5f1f4ebeb48acb601e0f05cd2fe7bc5270eff3ed6ca40b70d9880338480f71340a0821d66cf60fa7b56cea6900a3c05e6e27ec4a78da44c91adc |
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat
| MD5 | 82c7a04fefe63e4a91e502df3ab4c89f |
| SHA1 | afef7324a9f95241a3e1bf9dfcb32af6b85c3089 |
| SHA256 | 454180a61a45df0564875dc03cfbbc351bf94125a1bcbf0f28633b015e921d54 |
| SHA512 | 02943370387566156f6b0e8e07d0097e01abf103ec8963140c14b100b7ac0d62c82ed8f17d87a55d9616dd642b22fe0ea9de9f2cdf298877fcaba4ae587e037b |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 2a9c03dcd976b38b6aba4114b5d8fa6b |
| SHA1 | 050dae6ff3b6dfe999afd34f3705fbdbf3c18d1d |
| SHA256 | a6c1f61a541830454762f1f2ec1b26ff00c276e43f1493fd4c1cbd69b0b2caa7 |
| SHA512 | cd6b791c81816e7f42938e97a530ab9094d5033b40b35d7d58e7f47f90b10c2b47bc8d1dba5a5929efceb9da97c4d2d3f325230af0fd4940236131d959639102 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 42cd552de77fd377893cbf7dae0ad0a7 |
| SHA1 | 5cd727c5887846cb3f25bfd4523604d4f425cc35 |
| SHA256 | d5aa239af3e9cf0dbd4be11e1589f3941c3be375b0a081f10e79244d92b1fb9c |
| SHA512 | e585598ae31d3d0b00d7d63fc9c0820b0a1f0368eb8755c19184a65cd23a5d6cc097b03c4c9833068bdce9d2b6d6baf42e26c6a4bbbde6c352a5d6b7ba8569b1 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 082ad7901068eb42869d08a8e0879f13 |
| SHA1 | a7f9ae4e5a6b63eb8862f2c84e1a127660e7a60a |
| SHA256 | 8187f34aa7a4515e3cf741e750574de16d16e0169d876c4fcaa9719502650b2f |
| SHA512 | 4abee71571a69dcf8d45366253676c6b03f44faa99322815f50c51fe2fe63139b341ea74468500e6414ffc283fbce78a23e532f136473831364fb577ca476170 |
C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll
| MD5 | 613ab847b0d13530eeb9f2b71cc3071e |
| SHA1 | dc9b91bb491fedb129a472e2fd84f88c20dbb54a |
| SHA256 | fd07831fa483e399ece0acea2e534ac5b5bf6599568345c8c927721ab723fa38 |
| SHA512 | e6a7efe8b1cea7786f4efed2b49bada081e93c3f768bfe0c1294dcaf8a48c1186dca82a559ea42acd5b4be8437497f4324ba854a056c94d452002b081647f323 |
C:\Program Files\Malwarebytes\Anti-Malware\7z.dll
| MD5 | 4da585f081e096a43a574f4f4167947e |
| SHA1 | 38c81c6deae0e6d35c64c060b26271413a176a49 |
| SHA256 | 623e628393bc4b8131c1f4302b195429dfa67e890d3325ceaa56940660052b1b |
| SHA512 | 0fe168bf1661691dbaa103e478dd7e46b476db094bf1938bf1ad12ddb8a8f371bf611ff504d2eb3ac319862444cc64a27ebee8735aa3752aa32a399b09427243 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 55b541cf6d3c7b91577727cd98051d60 |
| SHA1 | 47aaf39abb711921750807da9602d5105c17b793 |
| SHA256 | 2ec0798f950f5d96ddc65259fa1d04345b6a34be2b5619d442cd8e63f21a3832 |
| SHA512 | c01a70091f24d6792c9950b0c73a2fa32d7271c98fccf862c1e20b953ddfcce37b197dacd378d5d44cde57f10242b6d0ae3b5f75eb29de43869aea91afb99049 |
C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll
| MD5 | 596fd4bbb10a5ddde247cce1a9f0277c |
| SHA1 | ee51f4fbf73bf99254d7d0c298db38b50c419a10 |
| SHA256 | e6726ffea08daba749809faf6193d7e1dd8e94b47dad67d559b86efd348746a6 |
| SHA512 | 2c96669211dd3a128752a07ecf86901c09324aa1ad0de4f32871449cbb2be82a4e0d39f111fab6847a884951aa710ab8782830cfc0aa0283bd049bf23f587c01 |
C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll
| MD5 | de74fc8a4c593c624200099e3e109ffc |
| SHA1 | cef741c140f9180eb04207f4716a9995a570b35f |
| SHA256 | 013aa4d2659ff4d20d35e5f8dc8df1098adfc00a45da63314e445a285f4e3059 |
| SHA512 | 8b9a765cfdc9f7b9467259c77d702427486c7e56a07f04e843a7833ce83ba4d0adc7473a17110b17ca81c7b8f4c5e97500c2c74aad6637a3d8dfdf6ae9b11c85 |
C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll
| MD5 | 13ee270968b2eaf9d45770e831412c0a |
| SHA1 | 6f4bfee0efd52db649a9378298148fd5ae5001e1 |
| SHA256 | 81a28988d59a8e75b771456f61aa3029f334f2a492da70f53bd93403122e2951 |
| SHA512 | 36f9339f15bd1982fe196eaf23ed879db5fdf1cc1c41683a915d1ee9718053720c9794e77d093a51adf9c20f58b2f5191abeecef41ea87746933c845be48bcde |
C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll
| MD5 | fb9c35407e43d6ca5f90f2be3f0fe5cd |
| SHA1 | 013df7745c4e33396874e281f4333ac47aece0f1 |
| SHA256 | 7d04f2535381c73572728cb3689d72c8ae57825298775e1ddaef3dee4d12f570 |
| SHA512 | 1a2c0f23fbd280ded6f43e7ba3495710c60c94b82528d0aa28372be80d97ba961d4028872a64edb56dd6c65099e408e6d9d1a015afc012f4428b2db13230701d |
C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll
| MD5 | f802ae578c7837e45a8bbdca7e957496 |
| SHA1 | 38754970ba2ef287b6fdf79827795b947a9b6b4d |
| SHA256 | 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b |
| SHA512 | 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395 |
C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll
| MD5 | 8345900e9e0ecd0e276b3543e84e2c91 |
| SHA1 | ab794b8f15b4246273ed73a7a1c6e6f9fbdec7a7 |
| SHA256 | a2ae9a2c50d010db80370cb85f88119c67e2f6a1ff2ab47e951a5debf7625191 |
| SHA512 | dc056416407975a024efb52991ee7e50d2b0e0771ee2e8b90bbdb9e5d4985fd463af47a8d771eba369643e16bc312296208087104e134979af8df7d0cb1cb562 |
C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll
| MD5 | b2b2316bc3f8b743b64dd62497f97586 |
| SHA1 | db6a1ac369fb1bd0fef76953a0dea86411077e5f |
| SHA256 | 7c254536d5af66d1fa7e621c0f9dd5e1a5c5c2ca2799840be8a58a27ade8cb3f |
| SHA512 | f2f6b9071123b7cb9bb0bcd859039ab97089ef6af03dae0f3095b5ef24f15d7540f607e8327918ab3f58ab9d3cea5cb8881b28c2d1f03f3579a47603cd7fc8b1 |
C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll
| MD5 | 436401663703228e60a399498dcb5576 |
| SHA1 | 030662340dba2101aaf9275a5058ad818a80d204 |
| SHA256 | 10ea6f901a3adb9300081ce25e99c4be9318208e6b69d726ff04d9d42b3b97c8 |
| SHA512 | a7c74a31433fccc6ce3c903e57c562c8d9ffadf325d85fc9d82291bf751bde82966fc1eb3c20d7863e3a1686bc8ee30611bcb40de704a60b151486a1910de519 |
C:\Windows\System32\CatRoot2\dberr.txt
| MD5 | 35013b0034ea049521fb966149ba7141 |
| SHA1 | a1d7f2da39711a853860896646e77a7fef2dc944 |
| SHA256 | 4e8d1921977eb2502869964303d3dd30f13102eaa54e68115ced8a51ad009c26 |
| SHA512 | 0db66c620d8a06a1f505268c4a4a1102662382db1659ee6d2f02de7de0c3ae95370fd80b2a8ef71eda2e92833aa85d341ae70059532dc857fb00dc321f60c395 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
| MD5 | 246a1d7980f7d45c2456574ec3f32cbe |
| SHA1 | c5fad4598c3698fdaa4aa42a74fb8fa170ffe413 |
| SHA256 | 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147 |
| SHA512 | 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad |
C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLLShim.dll
| MD5 | 20428ef660d0b7de652cd7b03d0a2a5e |
| SHA1 | 2ec86483f33773d7117473da2718db693a6107bf |
| SHA256 | 2d424a3a4571993ecd6d4e1d5f5c9f77c595a5e89a0da7ddffb002c6ed13c074 |
| SHA512 | 5696eb6f1a432e5d787574bc9b4c3a15e25690f86e6ebfc869e449ed35d99509d4b5dd6fa993886ae43e722fb9ddeaa8e5ec9372de0f0747931e8485b4b7581c |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
| MD5 | d87c2f68057611e687bdb8cc6ebea5b8 |
| SHA1 | 27b1311d3b199e4c22772fa1b7ea556805775d37 |
| SHA256 | ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8 |
| SHA512 | 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819 |
C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLL.dll
| MD5 | 956b145931bec84ebc422b5d1d333c49 |
| SHA1 | 9264cc2ae8c856f84f1d0888f67aea01cdc3e056 |
| SHA256 | c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3 |
| SHA512 | fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
| MD5 | ddb20ff5524a3a22a0eb1f3e863991a7 |
| SHA1 | 260fbc1f268d426d46f3629e250c2afd0518ed24 |
| SHA256 | 5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a |
| SHA512 | 7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 1f7a15881b7f5ce6c906adef7a261ac3 |
| SHA1 | e473ad4ac3836e85f8bba0f5b32fc58221bee38a |
| SHA256 | 1bf703567dce84a96a36aa80de025e9c203f84ca89d6c362b4c62bde3f7dca3f |
| SHA512 | dabc68edf1089d55d19d9faa521bc2da2e6ee98dd700286f5e08a06e5dab81731e409e0608cf0c4f4e958ca95d4dcb70e5198157ad65174fed3263c3d6be2d6f |
C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll
| MD5 | bee8c8476542ed613477c4585ec29130 |
| SHA1 | bd013e1d546070417c7864f828cafb1d02a6fbfa |
| SHA256 | 7fef24c811bf3482beff312aedb10a3805ea3a25c54291d176add2762fcbb534 |
| SHA512 | 6901a58f6527f58fc754e97b0596363c54f2f0543fabeb9464013ddbb2d6fe5e6e51355eae2a7c2869b22e8584227aa036c3ef74562f6171dc6326295b818dd8 |
C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionSdk.dll
| MD5 | 1580cdf9c0a5914a652eb990a36058ec |
| SHA1 | 0e0eba4c2d17728cc3da2d34356d87b60777aa21 |
| SHA256 | 22d179176a9adab7cdeffda3f568ef3ec47c93adc21331f033de919a48c45d2a |
| SHA512 | f343cbfa84dc2812d4a6a1eefece4d0361c6720a741f5692c79261a8e70f931f0360016e90756ddd37dcf16803b7bab901b5460bd8689a6ab02fd4e9114e13b5 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | cd31d09af8f67110f68e0051b360ac91 |
| SHA1 | dca7483242e76390c2ad7d75aea195aa13548066 |
| SHA256 | 8ebb9d84f7656f091cb4ef1cd074b45a2b78644b1ca1e6c95e6efc5795964e48 |
| SHA512 | 730251b3a7361ced97fb721b680711264f6f075d60c63268a0b28e598cd27fc05dac3987bd8206df68f6ad1296c71a0fd6959b2638564f2e1820401359051846 |
C:\Windows\System32\catroot2\dberr.txt
| MD5 | d0608a5086e7b65461f9d60895c66fe8 |
| SHA1 | 41285e321188241d0b4c24c37852ee4b6ece7b19 |
| SHA256 | 5e43fb375c28794db33d08ca05110280537c47ac5bc02f4753b7acdd54072b3a |
| SHA512 | 465a1ddea1481709cd1e4a48260ca9e9eeee89e2f708ec5a703af44719766aac005fc52af2ee559d6c23e5d62f099b6d5d019d40abda1a40cb88a552719edb51 |
C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll
| MD5 | 3f58f7487648ed971844dff6d46aaf4d |
| SHA1 | a54f535a3c4f522411d5e811d7bf055a8f3c2a45 |
| SHA256 | bc4fc265178e831d145d22e5438c3ac7de7b2282d15511463ef5d462b9609a1c |
| SHA512 | b48e4763367bf010500e5bce6a897a938020c334c3493369306f32586068d3a4556854f042c7b3f95412140efc9ba0331f7fa02c29a5906bd5aa7e300fe7dae9 |
C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll
| MD5 | 1a69c068355d67c35dcbe4d578c810e5 |
| SHA1 | 31711077a8514fadd444e9eaea5d1f42c22376e8 |
| SHA256 | fa2f78e7be5e92d6eaaca83fde2e59ca1aae16f303a6762b0daa207f498cd5c6 |
| SHA512 | 21f41a2982603b01c5c0ddf2cf23e0c7ed7f9181ebd0c53c6753d0161c10f7e77102ac9fab9429bf38f979fa45644b76afe0bb168803fa546ebc4c0d611d8bc5 |
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
| MD5 | 9e4d637bb7a3d776d02615ae2d94d9b4 |
| SHA1 | a0723ef7ba0a8ab12b32d5a2b60b5349f05e6301 |
| SHA256 | 3135494c0bdc9011b0738b2c71a7315c9cfc7d7669648b5ab4224b99b65cc704 |
| SHA512 | 037ab959859862c21db55661575819a3cda85670cfd158f88ae353256c7911758e8d5e3cc4e3a3a5a72ea381a147d231d1b6bf0177a1365bd742ca7c74d3157f |
C:\Program Files\Malwarebytes\Anti-Malware\ArwControllerImpl.dll
| MD5 | bfec4212cd9d9bd65e580107c1c4db61 |
| SHA1 | a165134db4ee3f89f107d8cf47571a528adb4fb7 |
| SHA256 | ca16aed04d4f1d61b0d9aa3d3dc6c21c2ec3ffa344dfedb1fc43e67874d65bc0 |
| SHA512 | 4081dcfa2168c89e516d8441c9ff7cb05e84a8c85bde20b474534cfc1ec4d1c775f6f47586b3ae618b1a122da956292c0d97b2374b685ea4bfaa2edc3c82481e |
C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll
| MD5 | 1c642981c51b453a380c7fbc9e192b3f |
| SHA1 | e1ae062f6490868978bb42b25107a0aa71bf4e21 |
| SHA256 | cc4a09428b52cddf7119e0eb6abd4fcf11002c7d2f9cff143dce9e20acdd4d1c |
| SHA512 | 96161a812c7138d703b52b7cfad4ac44f6de8053750d3f5fa288b5bd7cc34ed7fefa37a94f353914a1f2d8aff3a41921337464ce65f19733e7cf4bb3533bc307 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | 5af4ae910020c308d7bc4d247c412369 |
| SHA1 | 08087f3e9eca60ca2961d30ad60f9229236ebf44 |
| SHA256 | ecaf60a6358081c1875cb1ebd1d091761038f6e5791ce3aede4baffeb877745c |
| SHA512 | b7db3c0727a40bc438aa6732605a166e6aa5c8cfdd597ac7687fa4f6f684607efe4c34eefde0b30eaf4c3539f80f733f494b84c7e7f87e647b9b3e5c38c55fda |
C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll
| MD5 | d1da59eef448073ca44a777acd92cce3 |
| SHA1 | 6c10f420b0bfc54145968b1d8a7b70d637d56fb4 |
| SHA256 | 6d6debf90a89c17ce1df55f643fc5b02aafa8401e9ccc7a6c4cab22273f95afe |
| SHA512 | f405ce630f6235f23304855d65abee861bc16b0da6609ca58ef714d91d58b358b02c8b369f7f298488a8fd2e54267cf7182cfc8d65a7e70a6b6f2695a15a6005 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | 29568d8e932915f8f75bd0c2e075e526 |
| SHA1 | 6f1fc0f8e5744b971cb4c6af91bcf50070e95ffc |
| SHA256 | a52eaacd9a965d9214bc76f6cf58d8dfa996148d916fbf2aad5d3021fd8e8c5e |
| SHA512 | 64ceeb671b73eefbec638f0e7f1cb3f7b3c52bb87f1db6b30d13b0335daa09ea56ec34a765839ad813ce97d6dc5bf0a5b3b8b786d3f3bb466a3ac4cf32cafbde |
C:\Program Files\Malwarebytes\Anti-Malware\VPNControllerImpl.dll
| MD5 | 3923c49849130bf71236227c4eba641f |
| SHA1 | 696a86e92cf9362be5c22bf23b1dd49c1a86f2f7 |
| SHA256 | d66c64333af2205960b7f13690dab4ad64954c08f7e4bdd906a784913f263f75 |
| SHA512 | ec8a9b2e485a7696e7fe54caa5ab0f229464f0e67d1710e2839889f0dd1e12ccc0f87e03612e7505796c4dfce5167db10d18689df37bb6700cb46a3966e7c414 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 7b80a3b44c6747fce04dce879e8cb068 |
| SHA1 | a213d28753db7ed1d7dcc45b9af387ac8b726b26 |
| SHA256 | 6a62f376c4d2a50153d2082b640092b7e186adeb73faa24749439621f4d6cf35 |
| SHA512 | 3014236105405d292d46f5403a9d2092ea0d3ba4cf3d07230ed539f28b43bef6edf9f6adf1ccc6fb6a438892e707a7be153076bdbbcef9d03c9659fbfe54bb86 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | f8ca4d3357c1c87239b4253ea9f9f1bd |
| SHA1 | 8d06bf6840a1a08b0fb35b58b37883bb0a36f5bf |
| SHA256 | 00e01ef9f32b77aeabfd9a2579674b2598d375059366cc617e91d028c06dfe2f |
| SHA512 | 8a7ffdc39377393341f157521f92917ba5a6b76acba7ddf2f2c6d2dfaaf9442de7c3e8087024ebd12c229f4d783c47d5949ee2af33ca3c8e584353a7f9ddb457 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | 703a133350b5e46f863dc4d1b9af1b37 |
| SHA1 | 1b2b265bc6e9a68826b1ab1c1fbd86fb057c4f24 |
| SHA256 | 4528b1d1eead17e4286c36a1a014f5b247a67bb450dab036db998d8ea7840dcf |
| SHA512 | 5a53af0bdb76057e6d63b2c56774747d2a21d8396f308e457ac97a91aaa027734aa94ef824f8d24febd438e77f62464593eb8dcaf6be11848bc0b23bc2f8bfe0 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | dc8e3791b58239139ab0cabb5a9367b6 |
| SHA1 | 58ee444e7dcc14e4661f3f44033011a6df8cdd29 |
| SHA256 | c670f355cfd2fab60c1261711bf9d1e1ba61b130ea919d371e49d0197b3710a5 |
| SHA512 | 5843da0e5292533ab98bfd14a72ab135d1b294363d321c3d9cbfd2123bfedf78a85e84b020b1ea54c77488b654cb63c6e8aeb417fd9836878ddd53f28845781b |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
| MD5 | 355347a81fd2ac2e10fa7780743683b5 |
| SHA1 | 9c56cb229a882d07666bca4dfd75e5a26f4ce7cc |
| SHA256 | b76c1d3d3b05d53082fd615214d14d6da55cb5455ca0ec4869c15e5af88983de |
| SHA512 | e9839ac8ccc4168a0e743d1b47aac4b4a37a80c24a13b35c9a258db818544809b92d1cbc624381eab8bb4f47360e3ed2ac68933c26858992de5b1c6a0cc20863 |
C:\Program Files\Malwarebytes\Anti-Malware\MwacLib.dll
| MD5 | f2a00f479e7d57237748e5d1c47ac85e |
| SHA1 | 307d7eff875266384f41eca5cea1b9a99bba2001 |
| SHA256 | d9b4e7e4bb64bfa9e0ae8900636673dff92b29006ecbab64039a6bc595e40119 |
| SHA512 | e49ca60c7395f6de1a535d065aa58bf09341488156b2b74a67292b340e8d66a49883e36a712f31f281552198cd961da09f77b088a730c0351a797714a0612988 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
| MD5 | 5a9717e1385703e8f06b27aa10a69e87 |
| SHA1 | 84ee67a9167b5eb6560711b9871de98898ad07a5 |
| SHA256 | 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4 |
| SHA512 | dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44 |
C:\Program Files\Malwarebytes\Anti-Malware\arwlib.dll
| MD5 | 5823950fb8fe9104f44b6694a5f3b22c |
| SHA1 | 2de982739bf16a6a1e9a3cc46197cb4cd49b0e14 |
| SHA256 | 1637d3ae1ffe69d65d33a8cba07b77fd6fc95a8b79c8fee7a1c2aedc22964de7 |
| SHA512 | f58910911898d027007b525a6c66563e637837bd414971aad1af8c64d3be2263981fc12bf14cc9d48fa15520441f3a2a09f3f9703c32aca6a87cab54f7fd8ee4 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | f92086f9a166cdfcf11a938136a60b16 |
| SHA1 | d1ed56c74f9be1c93cedf7d9d6b1b67f772f494b |
| SHA256 | d36ceb2edaace3d5a6cf17400b3bc8b9503c82e85e7daa4e1d08882c46791787 |
| SHA512 | 5b9e22b305c8c17f2c2b84521c127192708debb65cd822faff6d540fa8df61879e3b2458b3d818431cd44f9a95dd79057f848283040df226f3b9c7fb245c3a9e |
C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll
| MD5 | 53197ed09b70fff3cc99f70c2f6a7b59 |
| SHA1 | e88498913a92c2ff798f67fe02d047f8f60c9165 |
| SHA256 | 03907f55e9a86cc402f1824dd6399b39877b20763dd0d5f69a98d106565dfc6f |
| SHA512 | 0400f96e94d7846f0517c186308db56413ec840646c6af733fb27711dd3108e8777b3a4c226b22a9fa5ca686336e286b8515e29828718d47f7623f3590b144c7 |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | 5624d4ed5fdbc6fecd26d72a059ae402 |
| SHA1 | 44e128a7693da8ec3984a84c10c6383ee9a68439 |
| SHA256 | de22d0ff3b18cc6fdcf3d6397f64a7f3cb35358f0366ce18d69654e1f85d8227 |
| SHA512 | 6966f0a2cbae0ebc9eb2aa135e9c4e554875e3370ad233f838798430de27bd45c1ffdcda5290424c39bc4131f6b5cc64295aea8ecac05a37a1d43e645f134e82 |
C:\Program Files\Malwarebytes\Anti-Malware\mbcut.dll
| MD5 | 2ee361fff2dc3bf58f7b5841c56d0253 |
| SHA1 | 4a33a8b9a2d227280da51e5f4fdc7b48fb5295fe |
| SHA256 | 84dfee39a405b946ec966f7e3ab8fa65323d14fe5bba11ee2f8dbd22449bda79 |
| SHA512 | f2e74533fc7e827250a6232120a8bca111410a2b2251982badbdb647e1597a87aeb93cf294bd50fbfec57484fe349c8f1a2155ef9402402226b827ef09e76ddb |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf
| MD5 | 358bb9bf66f2e514310dc22e4e3a4dc5 |
| SHA1 | 87bfc1398e6756273eee909a0dfb4ef18b38d17c |
| SHA256 | ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17 |
| SHA512 | 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys
| MD5 | 954e9bf0db3b70d3703e27acff48603d |
| SHA1 | d475a42100f6bb2264df727f859d83c72829f48b |
| SHA256 | 8f7ae468dba822a4968edbd0a732b806e453caaff28a73510f90cb5e40c4958a |
| SHA512 | 0e367ce106820d76994e7a8221aaaab76fda21d40aede17a8fe7dedaca8f691b345b95cf7333eb348419bc5f8ea8618949783717100b38ed92544b9199f847f0 |
memory/952-4385-0x0000029B40D30000-0x0000029B41196000-memory.dmp
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
| MD5 | e23fa7f3048a66d3e026c7548b947c17 |
| SHA1 | 2f5a4eb5c1ca2ae25720161990b0c4ad45688c5b |
| SHA256 | 2f4f62af11a4b3a93c608cf0341807e52e1ec24ff7e415e1c9688b3fa2791444 |
| SHA512 | 769efdb81be395b0ea3bd7f9aa2570de897885218af790070fd5b5dd250f9e2dc9944a26c397ab7e2da6e6d5d534606bf5b41073bc1b741f9e4cf396b0ddd62a |
C:\Program Files\Malwarebytes\Anti-Malware\hostfxr.dll
| MD5 | cd89cc7be4bbfc4680eac9269edaa4a2 |
| SHA1 | 1112c90fdd13c38fdfa4d62067bd083961b421cd |
| SHA256 | 7076214afac35aeda7b7464a40d5c4886109547e68f0c08d7c36bce2d74bc0c2 |
| SHA512 | 7db06dcc95017e7f164f1899ff3a976b5bf2747f85d9b4b180bcd6f1cb5ce6324fc3f7a640977039fe1f6b31e3ca6b734cbd690ed5fad3eb812eb01896c91516 |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\hostpolicy.dll
| MD5 | e49d9307815dc9f22de01572c118245c |
| SHA1 | e2f9e332b333659f62ce798adcc084e1b3b93fdc |
| SHA256 | b394eb7eb14e8801ba6d94944207b9753a540e28b4e0bc19057380293f991827 |
| SHA512 | 12fdce39d4501044c483fb302efdbabc10ffed3d9a71d88c009ef353261de35b08d86597a3b99508a6dc787dcb006140329e11020fa21f23faf845ee725fd2f1 |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\coreclr.dll
| MD5 | af75fe271bb0eaadafc0485bc64c7250 |
| SHA1 | da6cf1c01a18cf458ab10efda72258285e3276a1 |
| SHA256 | 8aa0565df661c88a65c10d8b2d9cd7d198c48435218491c8a345102d82401cae |
| SHA512 | 23a39814b9ab89eba1849d34c7b915aec6fa8f8d0d2a7647f4486627d2b6c65bf5c1640a6fe8ab1d622bf9fe8cde1db607dbc6ac7349d9791076dcf2f238d21c |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Private.CoreLib.dll
| MD5 | 6dbad223dbfbfa51c8a181d011d8fe38 |
| SHA1 | 063ac8af53e169bc3350fd5c7dbce900d30d1d24 |
| SHA256 | 1dacec838cec88c43b929d4d4f25fc57d653076eb5554f441525b8940dc6d5b4 |
| SHA512 | 30dc8627cee7a85d0d48fcc0d6ac8e2929fd90c973e9e7fbba0ee9dabc6e1ac98b1b93a0100848874f410c08bc681bda1f45dbad1959696a0e7336bc858e89ff |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\clrjit.dll
| MD5 | 96b03da61eab9566ab743ee8f4663775 |
| SHA1 | 0a30d4deb860d673480e57664f2f3ded51a29317 |
| SHA256 | bef3b8c473dad95ffb33d4514e50c829c11dca5d5868c766deb7004463337b9e |
| SHA512 | ffbfa8731c73807bf61335eb396e4cce58ca4884715600ca9dd6f7f0f0be48be76516aae810e3b02b58cf0a18b66808b0c305e954bb6273eed2681b88d9873b9 |
C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.dll
| MD5 | 1d21df07c00ab145efffde32580a0b17 |
| SHA1 | 0b1280b6085120699dd92b471e15e96de17d00f5 |
| SHA256 | 68a52402a5023ee6bdee08b263e0337473d2be0b6076426132a111259a37965c |
| SHA512 | f72959cace9f99065185f2bd9bf28cda1dd223d536e291b1818d8a96bc2977ac690ef466db3e53602e995e422f2bf2e3f44800837947e3b3fa1ce4a3976898bd |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\WindowsBase.dll
| MD5 | 75eced36e5f3369a554bde0c58a79a43 |
| SHA1 | 01318560ba243e9eed46a0de7a73685f422e8b59 |
| SHA256 | 3f595d2084d12420098ee214d84a227becbb9b7cef86debec1658e7c57b60073 |
| SHA512 | 5a94122a144a467e6e136f12a00b94f70fbbe78a9eaab9c4f0d8d38dcf1dcd4c3e7bdcf417e55c3d3b74ae14d93a832056861956eee82eee29a5e0845fac7bb9 |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Xaml.dll
| MD5 | fb1edbbc00baa9686d540bd028bb88e5 |
| SHA1 | 5ee1794790a788283894e2453bc8ea185d684683 |
| SHA256 | cc4265de9e9d55f396bf54937f297a13c25b2c96eb70e920602f5fdfaffe5930 |
| SHA512 | 302a714da81d048f12c563e44fc1efee6ebe8b367270ec4ce7a9a3caee51dc46c1333ff9212f048c53bc0f8757b3e79cbb25e6e79177f8efec00715df974742b |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework.dll
| MD5 | 16a58c122f252ef45fc5c978ad2df76c |
| SHA1 | 3ea579d718db1773f52ec3a7fbfa6e400814f828 |
| SHA256 | 5c19b4a1bc7cf90647cb791cc73424af8017b60df72cb013d8a0dcc3de380222 |
| SHA512 | d2b322e1e657aac8d4d8c7e3fb1f5a167b587f3a5c654878e8fd4e7e474cc6610bb0651bae4c041b5f89226b116e221df073cb9fa35cba27ec601180202147f5 |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.ComponentModel.Primitives.dll
| MD5 | 06b531d85669967a7ddb906cc13fc85e |
| SHA1 | 1e0df2633d9dfcf3550541beaaa8b0837a5b1693 |
| SHA256 | cd437e927dccb2083268fa48d179a4b50863769c04f9e61ffcba0bc8b16f1c4f |
| SHA512 | 39fee2dd60925d7479de7b170fe9dd67a656b99299908a0d91cb7d91a4494bcebfdc4e61cd1047e62cba4db7b204dd9ba05a891bbd4bbb869eb7e5a9a00800e5 |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Threading.dll
| MD5 | 3429b717fc27f250f874bea622b4e03b |
| SHA1 | 8caab76db001110d765d37850b6b8fa2d02cf01e |
| SHA256 | be6e0369d53f3d3898d94bb98951b71e820b4a01709b0ad980f3740a77d12fd4 |
| SHA512 | 489ec41315375460e4c499bca4d601633357b6f57eab9084e5005fe410f4fe6a2cbc40a164dcb0865d3d5f22b38aa2208f1e050189babc4affba51364a67f65f |
C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Collections.dll
| MD5 | b4db6917e597c76ff49644d53225e30b |
| SHA1 | 0e8bd02cc04f4c7211f8691bd5de0fd1a7d42910 |
| SHA256 | 5402cdf9ac94afd8d6ea1a96d6aeb0fb700f1a2e3768ec00d5bcc1f911cd728e |
| SHA512 | 041c106d52a0978921ba60a4ce1176afbb816b3b078852d8b5bf0f4fd01f29af5eebe5a68c0e308dcc2a7c9d2cc774cdca92e6e3998eac467f80d7af4268d85e |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat
| MD5 | 1c69ac8db00c3cae244dd8e0ac5c880e |
| SHA1 | 9c059298d09e63897a06d0d161048bdadfa4c28a |
| SHA256 | 02d57ac673352e642f111c71edbb18b9546b0b29f6c6e948e7f1c59bd4c36410 |
| SHA512 | d2ec2ff9fea86d7074998c53913373c05b84ddd8aa277f6e7cda5a4dfffd03273d271595a2f0bf432b891775bdd2e8f984c733998411cfc71aff2255511b29c9 |
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
| MD5 | e5bd295850b593f6d7cbd8bbe59e71df |
| SHA1 | c922df2483c7cefbed91b221299c0adb6e5a7db2 |
| SHA256 | 70cb5eb4c7f600a56e6409f58cf02de1aa2883a33063d89a68f54f28c2209ce7 |
| SHA512 | 8ff8342df8cbb255c741c42bc14c45309835f74eac8e4a498fd109b10664b788c6f573db709faeae1a781cdec4579691ec309fa66e5656a681ff9adcff3c2b60 |
memory/952-4507-0x0000029B40D30000-0x0000029B41196000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\2A5A6024F71CC116A65ED2CFA43B5CE84FDBAED7
| MD5 | 05a415b9f6a58d8d465185c62ee3aa47 |
| SHA1 | 557f821dc044b84f83d173e044e5d8a08e169c65 |
| SHA256 | 29b810416cc67a748d291deac6e748f69bdcdb68f0bc7aa66a49f6baf81fede3 |
| SHA512 | d68dca91dc0d482cb5ff768c96988705413ea7ecfe5fc36841f584ff5a545be4ba5bd7c35bb649c64742b379a5155663ef10ddd067013b8484121a5914f2a03b |
C:\Users\Admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.2.3\install\A1E6143\MyCleanPC.msi
| MD5 | fcb1dc34831a8823d4109df926eeaab6 |
| SHA1 | 933922eae9a7dd85437674a5b539146ac64e7ac4 |
| SHA256 | ba5c35fde93faedadae1d3ead7978353c7cff647ec66499a7ec12c9cbdfe368e |
| SHA512 | ea41b2f98309d7e48b2c9afb184b86a438bdc6207976e3bc0b158553da4e489e088e9f77f4935aad42b1dee38404c85c329ddb3e3289b51d85817f00201ac634 |
C:\Users\Admin\AppData\Local\Temp\MSIA8EB.tmp
| MD5 | 421643ee7bb89e6df092bc4b18a40ff8 |
| SHA1 | e801582a6dd358060a699c9c5cde31cd07ee49ab |
| SHA256 | d6b89fd5a95071e7b144d8bedcb09b694e9cd14bfbfafb782b17cf8413eac6da |
| SHA512 | d59c4ec7690e535da84f94bef2be7f94d6bfd0b2908fa9a67d0897abe8a2825fd52354c495ea1a7f133f727c2ee356869cc80bacf5557864d535a72d8c396023 |
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_8024\Installer2.jpg
| MD5 | ad149d1655b65e0d99c1c216e424e1af |
| SHA1 | b805c3acc59b53db1571b4b8be1c240362310f73 |
| SHA256 | 534d9f3c6f152a818ced853237c3e73e4aebd1eeeaaeaa22b9c619b74839bdcb |
| SHA512 | f8e00c025559adbbd0091623f5cd3117c8d7c6515c8c743749fa3d7d575cabbf59d4fc19ef91d94ea559ef031e14a15f94df5dd7eaac6e91e0f012cae3fc2458 |
memory/952-4635-0x0000029B40D30000-0x0000029B41196000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_8024\Installer1.jpg
| MD5 | f0f3f0416111674e3944e152cdc0615a |
| SHA1 | 07fb63a61b7b3aa2d33d4e502d1eee2713ab13dc |
| SHA256 | 34829461f5d26d16aa53181b814d5839312b3423e4ac7ad9a200c287b176f410 |
| SHA512 | c841f01ad115756b0eb3c607caaebb6bce61de66b800a3dc81fad76138443f6f0c6fb8148cd16ad0438f5581397c4eaf5312452a4fccef262151d59830feb369 |
C:\Users\Admin\AppData\Local\Temp\MSIB00D.tmp
| MD5 | a67acb81551a030e01cda17fa4732580 |
| SHA1 | 9f6b54919ee967fddf20e74714049b8c13640083 |
| SHA256 | 107fd7ee1eaf17c27b4ed25990acace2cb51f8d39f4dfc8ef5a3df03d02e1d34 |
| SHA512 | 30cc0870797220e23af40d5f50a9ce823c1120fba821ff15e057587c2a91c7247058e9a8479088047b9dc908c5176793e6f3ccd066da30bd80e1179649b2f346 |
C:\Windows\Installer\MSIB333.tmp
| MD5 | b1ca6f0d6edb2a6c4246261957098518 |
| SHA1 | 13e0ef50ffadf6c5a00884c7146d653b1b0f7022 |
| SHA256 | 78035b1d13620a8d68c96a3da5ead38963054fe26aa85e07f820db4a680b0404 |
| SHA512 | f6b0093d0319fc823f1f66da0ba312c69ad19cd50e8bb32edc5e1bd6b20d5a7ce3f09cea6b9fb505a90ac60848698e1c92495ba075c351bd6aa260ec92f27ee3 |
memory/7056-4714-0x00000000006C0000-0x00000000006CC000-memory.dmp
memory/7056-4715-0x00000000029B0000-0x00000000029D0000-memory.dmp
C:\Config.Msi\e59b0db.rbs
| MD5 | 26a535952f56a7c7e4ec1194885ee2f1 |
| SHA1 | 120030ff2c664629297fcb1ac544ff98271c9eee |
| SHA256 | 61254c828fd24dc6e0acf344fd93c150d63e327716c1669f485b5bb04d0404c0 |
| SHA512 | b1537eddd15cc6b11e217c79f2fe15a53e66c5eaebce6aaa8f5d095b15b5f3da7353fb0442627df3d60439a9856766bfd16c4ed59abaca95af78f49c3e8c4b30 |
C:\Config.Msi\e59b0d9.rbs
| MD5 | a90958c327e269e16d55bae72287e410 |
| SHA1 | 1c2b1189c410fb453beeac9df9f8dba6231a2771 |
| SHA256 | d100b24da3f69cf7d653b2f6186309ecb6988e762dc77c2fb8fbbb0976fac8f6 |
| SHA512 | a3724e14aeaf333a86a22f7099d02af2e5fc698c39fafcc856a889629ac8859e01ec2d3fbc43bef53d85f51cad5ce817ce7d34987095493f9521dae05238c408 |
memory/7524-4782-0x0000000005E20000-0x00000000063C6000-memory.dmp
memory/7532-4781-0x0000000005520000-0x0000000005586000-memory.dmp
memory/7524-4783-0x0000000005970000-0x0000000005A02000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\5E1B6B38B8A87867DE1204A5C4B6DB8D28E8F74A
| MD5 | 21027284783a063c0273e61df4c15300 |
| SHA1 | 5c8f845367383cec4c6ecedc868954de22389765 |
| SHA256 | b56acbdc689fea03b63e6ffc04c1cd3626b77277d8500f179f5b1ca9aafdc2a4 |
| SHA512 | 1db145e29d5b92851f7a6a875320cc21c5a651cda608e768c0abd45b4937f7dc18e680c62ac4f8b65f5d43ce7302b4ae0ec31a6a31429ddc98d415c9e8f9b73a |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\74D25E73FDEEC4E4488589D16B1054B5649F9243
| MD5 | 6e3c1fe2558cb59eac2436a55d00157b |
| SHA1 | 7176093b02085426d0baf558bedd5e57949c562d |
| SHA256 | 7e46cd682f16a172174882c567fd66fc4363f863b6d2d4454184414af191ed82 |
| SHA512 | 8247bd39878f5677d168acbbdaf164b15c51ac74d377a844e945fcbebf831917dfdd94915b2eead30eb92d5b4c56fc640e5452e4fb75d5b2cbf2e2f0f0d5d302 |
memory/8012-4807-0x0000000000CC0000-0x0000000000FDC000-memory.dmp
memory/8012-4813-0x00000000074E0000-0x0000000007772000-memory.dmp
C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\user.config
| MD5 | b0a634be28679f5cca32c9af816161bf |
| SHA1 | e78f68c907994cfcea7904044fe767e373af8e3a |
| SHA256 | 4e5f6dfc6a6474b98eb6a74ca1eab751b589ad6e70cae871127e1206011676f2 |
| SHA512 | 28869d8f92178af0fd89ab92853fd8e8870e369772d155c10d0f43c5a85c0de2ff164d89a13c8c9a788a3b0ade14ffb13b29ff42ef1e83ff4abc49c08f365cd4 |
C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\b2lwop2c.newcfg
| MD5 | 1b8a7238a216cd9c46c687f6de0dd95e |
| SHA1 | 1cfe3f569c4694f955db477c78f42247d307857c |
| SHA256 | 9881e1a7179c6a20c26b47a1ee76f6596727a864587de732f40efbe6ffb93452 |
| SHA512 | e618c5919ac08a8db594231bd016ad4768c2b77f909e87a9cd7ff05df821bb14fbb8249d0ce5fd14b653d0e6802ccbf904f5fab8de58cec5c9fca0824b1a6a67 |
memory/8012-4827-0x0000000006180000-0x000000000618A000-memory.dmp
C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\hnthiz5l.newcfg
| MD5 | 448809b97eb40520028f606ca92a242e |
| SHA1 | ac29f231955f6bcca0559e5b1e6bbdd664851fa3 |
| SHA256 | db936ffd1b1cd559fc06ac4b4d251d71553297afaecd8c21c8c5f7fc6962fb62 |
| SHA512 | a1866fa59ac53ab08e31ed46639baf5e8953349f004f87ef95c33a27906149706ec92cccc6cbd3192854fbc032ba6fd0620c19d7a29b3ecac60a0f149c893f9c |
C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\te3edc1s.newcfg
| MD5 | 1053277a3c41f657b9ebef7430ff10b8 |
| SHA1 | 6dfbf00f12903d20a6966bd1588d3c02082104c4 |
| SHA256 | 552fded03e4a810cb36fd2cd643019dd1769f9d3095911fc0d5697620215c5e1 |
| SHA512 | f45186a0999c22c5177c16d96cfaaaf3b5bf6f0116c2fe7ee77ce6f845d8a0f3e863e9216a1ad9ddf47f6193003b88b27d3b64be10578184cc5b5f80378a0bf5 |
C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\2jinkhwo.newcfg
| MD5 | 8119b958c54d0d79302bbf3b4b871de3 |
| SHA1 | cdba7abc71c522db9e9ccfc944e1c5569d60d928 |
| SHA256 | 077580bff516d444342534fe2bfd3eb22ae37714c987f77bb43aca0145d42f1b |
| SHA512 | 84a749fe6d68f43214ea14f842d8728b2cdaf05c5f3b020464d8368b9f33b7b4a4956c0958318872e3ab3af1aa15379423814f75acb332a69cf3d8cfb3f64673 |
memory/8012-4890-0x0000000008300000-0x0000000008386000-memory.dmp
memory/8012-4902-0x0000000009C20000-0x0000000009C42000-memory.dmp
memory/8012-4904-0x000000000EEC0000-0x000000000F217000-memory.dmp
memory/7532-4926-0x0000000005D30000-0x0000000005DCC000-memory.dmp
memory/7532-4927-0x0000000006300000-0x000000000682C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fccab8a2a3330ebd702a08d6cc6c1aee |
| SHA1 | 2d0ea7fa697cb1723d240ebf3c0781ce56273cf7 |
| SHA256 | fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712 |
| SHA512 | 5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9d533e1f93a61b94eea29bf4313b0a8e |
| SHA1 | 96c1f0811d9e2fbf408e1b7186921b855fc891db |
| SHA256 | ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3 |
| SHA512 | b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ed659b1d7a51e558246bd24f62fff931 |
| SHA1 | 84685d6f04379c290e4261ff04e9e1879d54d42c |
| SHA256 | 23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690 |
| SHA512 | 1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2935995505d56da3b1dcaacd7b778050 |
| SHA1 | cc36530b0df865020c73a9f4ee49ef8c41cdb330 |
| SHA256 | 96aacec3d7f54ec4404b3070ed068c0db02990ef0d7b93bcd36a3db558d49b6c |
| SHA512 | 57f7cb34e762e6e424694daaf19b5f9bbc6b64601e8d55be97f9ed40f99c61f7489349e26975c457488af8ed08b59d1c13ea264473b0cb9295bf519e955ca171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 8ec8bbc7d71df3c7fb8f0e287d4604e0 |
| SHA1 | f5cded96fedc4194cc96a9d5da8456e4b2c02f68 |
| SHA256 | 9d53089b72d4828a1939167117db78dd89806f5e0658357695d4094d340483b4 |
| SHA512 | d31ebbcc2b5658c2eeff3090e42a02fd7f8eb75897cc8075c16363422193175766329d786d79495a3da5fcf86b741a04e0782d0993b461205047d5c2bdb10f0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | b960afa58969024743efff5030fed546 |
| SHA1 | ba748cb717e20f2160541a638b0d0866844ac7c6 |
| SHA256 | 59bd30baf9405f92dc212e1411a7cbc5f916c666307ec911e3016915e3f0bafa |
| SHA512 | f8522eeb559986db47ea729ac9462d520db62e83dcb8cd305afd150ff945aae8f1fd65c95e0fad9a5413be20040b0c5e685cdb0116fbf75c313de3ffd6e41917 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
| MD5 | 6987343e5518da79bb18153ecdbcfffd |
| SHA1 | 6339beb48f01121491c5f7928fdf365319ba8609 |
| SHA256 | df6bd67eb63586f677b965f1a91f21960ad18aa28762e9225144a7dafc9d2b62 |
| SHA512 | a1f62651d8525597dec60f28389cb9b74a621ec6d5cfafad323c5c90b7167fdfe73318bf7477da0b89606be216e5f6cddd5f29ea43e6834d27b9eeaddb626850 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 344d0ffebf08f53a23f53cbb53c4c50f |
| SHA1 | ef49a4a7dd256afad18031e7369198708e151c0a |
| SHA256 | f0637d16effa179a2894751933359408b1088490c2cc525905a3909d3b1aa8f9 |
| SHA512 | ed85d5b33333a19f7ac9ba295760156a175073706f83fb7e1af69e6e6cbc7829be7a33bbeda3131fc1884a2d25976e971d681fe5053a542b07e4f482aa423b35 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | 6ff0e2ef9c8ae1209396dc2a19137a35 |
| SHA1 | 7a5850c9ea6a93f7cec4877c232057be7d53bab0 |
| SHA256 | 2dedff428cf5d0f273e9afd1cd384b8b6360154c1d787c6629dde1b0d39ce2a4 |
| SHA512 | f1881f2920898aea217e4947ee3707038cbc7da26bce8d4b147bc32b96d9798bba9a2d3147e1a5e0f4f9e07d981ccced6eb31bfdfc5b7679574110212066bfc7 |
memory/8012-5157-0x0000000008D40000-0x0000000008D94000-memory.dmp
memory/8012-5171-0x0000000009470000-0x000000000949E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | a6dc03095706936d30035565d6d5ca43 |
| SHA1 | d70f759e969e21de094c652d2fe2f038b01cd5f3 |
| SHA256 | cd751cdb7d223150a1897e4e58375981d2e88f5fce38625cc527a27ac88f6117 |
| SHA512 | c78161ecdc36a03f97877c13a163d15613cf982129743bb427c31c7dea119caffe69dd73fa91108b263d4200045b1f8c3ea50e2b684fa3d358f3abeb02664788 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 01e332e9d867ffcd54790e75206fa625 |
| SHA1 | 430af61baa8db1c08741faec8f0bc9037d553a11 |
| SHA256 | a38cb2adc3d38d4e3cc6538c9e4a4ec8c346fc3b5bff6fcb07701e38778bff56 |
| SHA512 | fa6d62b87405cfc50cec814367ccc31149e91bbddaa93214d42e38c293589eba56ed6ba97413ef77ab0322fdf15ecfdcef2fadadb15401b6c47c0e1421bda83d |
memory/8012-5219-0x0000000009790000-0x00000000097A2000-memory.dmp
memory/8012-5222-0x000000000AA80000-0x000000000AAE8000-memory.dmp
memory/8012-5223-0x000000000AB10000-0x000000000AB30000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7b3bb25f1e7d3cdf3edfd20dfacaa9ab |
| SHA1 | 943d936da609a5231394445ecc749a08fa414b83 |
| SHA256 | a9894f2734d18f6cb736059780d27ed004f242e29ba66376b01b8427a5a97ff8 |
| SHA512 | a5e95fee303dc88deda5beeb2c9959d13ef4d27fc1cd99f16c30aad77813e4b7555f65ab9a7f7c7f424325efde28dd000d8d47cce10deca30d5e17f7e3d251d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5a69f27a4589cc5381d64d5212e8834a |
| SHA1 | 380d8f54792617e8b02546f35d612e55830c160a |
| SHA256 | 76fda156adc41de26573fce3008ab6cc6d9df7fb722800a5eb23ff19ec4b79f6 |
| SHA512 | cf15e8a49b1cccb893ec7f3902cddb6e4ba74c08ef7b0361e168a618bf1aa9908780b2d8d4604d0544915880824adb85bcd926d4c7cd9b3650d183fbfe70ba83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 7ec09c7cbd7cb0b8a777b3a9e2a1892e |
| SHA1 | 3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd |
| SHA256 | a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e |
| SHA512 | 5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b |
C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\4eytw0l0.newcfg
| MD5 | bd1c31821dbf08bcd63f6144cadeddeb |
| SHA1 | 97d37e7886e4e372744c8a2e6aca26ceee6ad968 |
| SHA256 | 85bbdf69a969319d16584d1282635282c011396185a46cb7aafaf3ded15669c4 |
| SHA512 | 417b309e1b87f5ebe3058109fa906c0bb73a76e59b9af95d9e35da023f41d73c3bd861cb40fb79779cd431f259c0b6fb57d1827ee5359aa012ba2fcdb50041e8 |
memory/8012-5274-0x000000000ECD0000-0x000000000EE31000-memory.dmp
memory/8012-5275-0x000000000DA90000-0x000000000DADC000-memory.dmp
memory/8012-5277-0x000000000C8C0000-0x000000000C8E1000-memory.dmp
memory/8012-5276-0x000000000E3A0000-0x000000000E3DC000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 2eccafa24fbf7f03c437a9a3f7bbcd22 |
| SHA1 | 0b3ebccf4f95d94e8d6f19f3391581a6475a71a9 |
| SHA256 | 7f5c70e5ff358ceed6ac99a6b4d0ded66bc1eb97d2fe96d42adbef3c270f82b2 |
| SHA512 | dd83bcebf9be54d91fa6d7b78994aa0c51e83917d695f5eac0c7e7d7e950af1b3b65a2e8813a4c0e3018a90cc1515691dbd9e0a8b2acb93730e3453d7f9b461e |
C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\ycza5eal.newcfg
| MD5 | 22d8d4991b2e8b73390344bbc6926745 |
| SHA1 | 5d270a672370b920b78db119e94f0ef080951337 |
| SHA256 | 60ac7e1de093f4cf6aae6a7077ed4cb93bbaf2f81614bd91a395ab862defc45e |
| SHA512 | 7a5682e987850cb907367e0f5f5cd2b32ee48bd76d8b8c3c39c15c1859a763368b8a1af2eef107ab9ec0f4c55672759e626a285ba3df7785c355a16dd37aba2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a22eb.TMP
| MD5 | 2d23fb18391af9be7a7ab25c6723a3f3 |
| SHA1 | 9812ee1cd0ac7652d9a86a12babbaa4d5147b44e |
| SHA256 | ba1e85996b34c83895b800c58d60e25898088e4371ba30afef10a56e31cfb770 |
| SHA512 | 47af2a318b5a105ff893c45ad9055aa1806772ae2c05e9f72984f690b5b03a098e3cb0abce370e668f076f4b7f2cc36068fcec3fc841bebaf4b6b466dcf6a8db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 4808f0389b828664601e7a3e85c20609 |
| SHA1 | e2344948675999cfd318f1429590098cda4ad6d6 |
| SHA256 | a16250e341b3c75f16e1832864e0d7579ef106114fb36bc0ebf5b0007886d12b |
| SHA512 | dae3d1330983a32c206e115af7f2439418a4349cac4a4653855a2ee9b7d78eccfc7e697908e7ebe255c8a8c1b762b32b94e400fecfeec50ffae6397c6b84f575 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 81684ecc2b1027ade8d7bfab82b1b970 |
| SHA1 | cfee68bcbbffc73167140df0e4389d0800a8817b |
| SHA256 | dcd3e893195bbfecb623ab0bea5ec559b9c858e4c2b3fbd49147a032389ccc95 |
| SHA512 | 97934c00148b58c5a6fe15a4512e1ddc97a08662e6931aa380e7835b7d878efc252ab28dcf5d4890cef314d97f03ed3152a09617fc279441cc5ca90c6fdc2d9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 415c9217d79df1e46ca8efd8ff21e3b6 |
| SHA1 | 9659b85ba7ad1d5f2e5a461ad709aefb8202ebb3 |
| SHA256 | ee85c8b45ee76bd6ce9e6a849a983550b490b1fd884727fee5b2fa3c8616a598 |
| SHA512 | 4d879f1cb90b024c35e486cce455027ce4816b3af8d061d2dcbd742cdda6fd8164625b114a16fd2b4c8531147b540917a372a21f2218d6b621046a0e5f5e7325 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8d58671a3664a942e9bf7eb6a715e535 |
| SHA1 | b5ebce22d650b4b54e997d3b22f5a16fdcc0e92d |
| SHA256 | f95361e630e03390877da62f898f788f445000a4628408cf5aaa0fb4cac8d3df |
| SHA512 | 1bffee71ea0d343780e1c134f7ca4da7edd989490d23a932d7e8dcc696dfa499f01d23e3c7b89b4b1af5cf1b4b261c870bcb9ca3327f30eaea8b8d25d52bd78f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2884bb819ebe5490ff3f170a5140110e |
| SHA1 | d5bda195799d0b098a01767e78bd1c7738597c4d |
| SHA256 | cc0805ee3ef73ba583752148d8aae20e6f3aaebe1ae790339b49d877aa8cdf77 |
| SHA512 | d7a052a88c5283690c937487a0dfc243f7fef06c76470f0689d6e134aa3e793169f126dac5b68b1425a35b35daf97d17eadd38ed4142d940214e1a52608401dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 99b665784fbc5eca9862361b64fdaf51 |
| SHA1 | af5e376ebbc7ae6c7ecb390836378b36499df36b |
| SHA256 | f681d120a2ce01c0b975f8178780f7ef5cf341a2c2a23afaa385c5d5f1de747a |
| SHA512 | 65dee825433abf5f8522a0ac2cbfa5278e9315e0fad10e6f4da928078fa81c336dabe5df478dd4802709f2cb31ecaccfa67fd51604bb6c548f54512f831350f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a16966d5b77a150b6703e7f16600dddc |
| SHA1 | 26aa3859cf55ddfacb50194f6b76e327d5de41ec |
| SHA256 | f4870971718833e4ae544f3bf53ddf3e075dbfc18a4bcd0543c5ecc9122d2e31 |
| SHA512 | db795fae25065172d208e37e9123967b190db1391513b1e086b8fa8e1557e7e83d61bbf483ff409ae72780a3315e90fe6d6996f3b0741112b87c52cd5b185b55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | 5d06b7b88cd35c21ee1e062325b271e7 |
| SHA1 | 078e3bbd1bb64d0581d1b73013aa49d58608e183 |
| SHA256 | 254d8eb817e38b163f9c4826efd5ba748df1c67c54817a0778523550ef880cbf |
| SHA512 | c9a1d481181f3c2dbc3d735a1e408c772bf3e450c2acaf827e9992d0073bd5d83382ba2d2dec494b3173f3e4aec9d03eb600180255484b0a343f2664d1776c2a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | fbaba2f2f1068b79fb7946a0b60f2bbc |
| SHA1 | faf7d35a95b8adadc6107b3336d9002d6bf3180f |
| SHA256 | df223c5b97fae1cb3783902420bf047176f3a375c7d13ed890ba702894196e7f |
| SHA512 | 666f1ba9dd6530e54c43d7664908c5f177c9e899a0d4fe55d31aa7f432222f442a984afb3f00f49cb617b0ac2715d7ade973afd8ec8bf1f21f471d94f583d16e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionCheckpoints.json
| MD5 | a0821bc1a142e3b5bca852e1090c9f2c |
| SHA1 | e51beb8731e990129d965ddb60530d198c73825f |
| SHA256 | db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2 |
| SHA512 | 997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js
| MD5 | d0e5b1fccfc2947228c22df65ade14fb |
| SHA1 | 4e73c17b38a3dfb2b702ab4d13e4423aacf36742 |
| SHA256 | 9b73e564b4be750c38e94caaba5384f58b366274db257b6006ca61214305b427 |
| SHA512 | 1084ecf9698f04b39d7544c87148a1dbfbb5eec18349d4769893544dba02cf66c06762639f48709f7877f0a6eadc15ba79c71771f53a7c027fe9678ca7e76e50 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe
| MD5 | e1134014dec51258520dd70ae965d1c3 |
| SHA1 | aed1f77627674f69d48292dd57c274e3399d87ab |
| SHA256 | ae9263a10e0dbeb982d26b00e241626a3a4ea0bc9489789427d080a3bc3e7ed2 |
| SHA512 | b9fba8664aff58681db7bd68ca11f79270f25a25cf9a6da808d065b98f398992b4a4f40e6153d99429a6b9fba6c24c0af7ac5f4ae95c194af8f802684f390c05 |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | f08a77647ce4354684c06a59e0727558 |
| SHA1 | b4424c3ee769092cabd06cb018c5fa75f67c9d9e |
| SHA256 | 6d62a7d1ad1554c39d13e1ec89e4839b59c8960df9c71034344655a413c32acb |
| SHA512 | 0e81f4ee90be4fcf2afb621542f378808e5008da7821bb76db58b17dd2a0b786c55ad5fc2d1d627cf0a1c6edc87efa955fa73992a90fa6f58031198f840fd71c |
memory/952-5662-0x0000029B40D30000-0x0000029B41196000-memory.dmp
C:\Windows\Temp\Tmp84F0.tmp
| MD5 | 6a65510f36c7f3d0e6fb767ce187386d |
| SHA1 | afe06e5ee101fa61ea5a29e22a66354b1b7c4d0b |
| SHA256 | 413aca70d1197103a1c312a014ec7c93e450e4a452e3f8753094714ad995d498 |
| SHA512 | 73840864868ee4326b32f2b77381ae743c62456ea529396a54cd8a163d27e5f89d06d5d959e3c1b28937de98cc9a886233f627e8c3e8e9e592fccf2d76954c4c |
C:\Windows\Temp\Tmp8772.tmp
| MD5 | 6b9e18a8287264b5d40c820f86c5b66e |
| SHA1 | 173a9f4dfde8ba44fc8c7aecfca6ea410a0dacaf |
| SHA256 | d176caabb32b173e1f99da61346d72a2952df22acc73f08ec90c57383bed0279 |
| SHA512 | cff6cc65ff60b5e59df6cf98cbf6158c76180ee334619f242e7d019c54166539cd0fb488c6df7a27e46511920e8fd573b8d2a2761d1e9647b1875abbafe23095 |
memory/952-5711-0x0000029B40D30000-0x0000029B41196000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | f25f8d6bfdb810ee9dfbcd96ede6955a |
| SHA1 | 58cb0042633af1fb1123465d6b333e26165a0fc4 |
| SHA256 | d5cb2e8f8de2e094b4e2dc99b5cba13e3d4c5deeef28b144e97620b5e326263f |
| SHA512 | d60102e63d9cf03dd473ac00b95e5673d206860087e95e05f2cdc6d28afd29118ec33d8f98d4c6cf30d5785cb36d149f4fd932950253b9835ab3c674de756b1c |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE
| MD5 | 5bfa51f3a417b98e7443eca90fc94703 |
| SHA1 | 8c015d80b8a23f780bdd215dc842b0f5551f63bd |
| SHA256 | bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128 |
| SHA512 | 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
| MD5 | 650003a596c2f5ff6f2ec2af92c7c97b |
| SHA1 | 781c79b0dcc4d4391b1397d043d2d99a1aefed56 |
| SHA256 | 01ac2dbde4e94d607d9eba6c3f0c6d54635538bf145746f33b1870dc47493743 |
| SHA512 | e086d6bbabd68ac26d20922ae9a482779a88ff9ad69e3dfd23f242fa3c1cb8801de623da12006fc14b29014a9ddf69ca0e3a43ac05c4715d860041f462124cfc |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 9fcfccca3ed0dbef8e748e7d86a3d6f2 |
| SHA1 | f373ce467a0a8204fd208e3aa00c6801654cae86 |
| SHA256 | 8c824c62ea39fb0e5c4a921cd869d56a0f43e26587a86f649d29d61abe0ef808 |
| SHA512 | ea249c6b89852c1833bdb6f12ca06cc3bb6a24a589cf59de26d22ebd59cf860443be91f6b60bf60dab9cac42df58c0691ed0e1b8042ab7707cccf9d0240571ab |
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
| MD5 | d6e64fc844908e40c04f4248b2bed2b3 |
| SHA1 | 225114653f571642bc534813ddf6b6d4090e46b5 |
| SHA256 | 331ab83790069363da3834fbc9a9dca7c05c8ec270234c768a6ef5f0cd4b7424 |
| SHA512 | e1b320210109eebac40112bda6d82cb314c88bbd9c7d450d5a5d55633cf8d5e1a67725290e08cc002d617b6dda8e8f36a17bed7b834e0d7f0af8b4c2efdc34a7 |
C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatr.dll
| MD5 | 52c4aa7e428e86445b8e529ef93e8549 |
| SHA1 | 72508ba29ff3becbbe9668e95efa8748ce69aa3f |
| SHA256 | 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63 |
| SHA512 | f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7 |
C:\ProgramData\Malwarebytes\MBAMService\version.dat
| MD5 | ea44c19edb3a33406bf4a498b326f31c |
| SHA1 | 6d573962c25b421ed7e99df445f6b46a4c91e57a |
| SHA256 | f3efe708dd82794c1203557469014d4096246446b7dbe64303df0284d52d90eb |
| SHA512 | 78119df6a18afed0009f79d07d00c1938cd975a4f4dd7096a185ddc6f4592917427c793d85aaf32d6082fd37697cbef2aecc72f6eb5d9507f26452dfbe5745f9 |
C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
| MD5 | 39ccf914537bab3e60562b9a1f3c7799 |
| SHA1 | 40dcc580890637a3f25b21a3f383d23628baf1e6 |
| SHA256 | 80c2e8ce30f77cccf619448de56671875c977d00951891824717fcb2ee655a94 |
| SHA512 | 438f32635079d38886ebbdaa39a2bd8b9f4bd83f843e11b78b305cc512c316476bace7a91f150ddd4e042a550ae2c1376750711f30824c9f3371c5592b23b016 |
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
| MD5 | f7be3a62bc61c19e6dfb40b4670b0939 |
| SHA1 | 34c2fecfcdd4eb6c489114a3bae049329450f150 |
| SHA256 | 5c798a94404d774a2351ecd742ee08044d5788b2b9966539e9fe658de77d1f00 |
| SHA512 | 6f5e5cacb528c13710f73da9864c4d25949307e8caf37173747bb82092285597289112b9392b72cb37441e436f8b594ba821c6b65af5d892f6cafbfbdc3b6773 |
C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log
| MD5 | 9ed52ac7af17b93f205f37a92066b117 |
| SHA1 | 51616cdcf4b4feba147371538ae5441380b1a6a4 |
| SHA256 | d1ac90d1a60a53dc475ecf6691245d4ef35803e62399e91c28861e8d92d4198d |
| SHA512 | b9b7965a85a4896919f3f91d262998e27b5eb2970096e73fb39f956b75a12359298a9196ecbd9a704ec009a9088cccf5adb0db55a4ac3d68bf71c1e3149b3064 |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | c10796c22947656dd544a0d161e8d505 |
| SHA1 | f77859c84a494ac5d8238a1c73febf8bc75dfffe |
| SHA256 | 03a49916b3e95663639c855945aba22ab52aa65bce7c49ffc7a610f9e3a7e859 |
| SHA512 | d3fe78cce911c3faca0467fe12271d4c2f27423bb1e5790a0de7be5dd17e89fbcef2c3fadbc6be2b23671455ed30534bc0a24906939e75dd71d450705b37216a |
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
| MD5 | 945eac0041e372c35531df572eb5bffe |
| SHA1 | fd636a17416bd5f53d5c64ee061dc975e82f34e7 |
| SHA256 | 571e4831fb6d6a3787242f7cdb9bf527f068020a3ad8f1698b981b674dc93486 |
| SHA512 | 0e840232d104541ff447ea7da530b5b68f54e684217d56ba33d55072c1618c0f5a033f437d8016648a0710ddab3daae15948f28ef3bfe42cd81a834a348a0b85 |
memory/952-5827-0x0000029B40D30000-0x0000029B41196000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 24248d13e871328a57c75289281b2760 |
| SHA1 | f5ca68d13e89c1d018a3e73e0a8b53f72fb886f7 |
| SHA256 | e273cac2a8eb67fc053f71b8fafab3835a71c7c22a507ee58a47e5ee71daffaf |
| SHA512 | cdaaca7f8d35c80cc5c5e13da1eb8f5350be92bea06462765489b4dd0385cc99d11526ddfad3073fdd11a47e1d2032e0a0e7edce7a67d5e9860b0b13d3007648 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 2b43c0af9d69e8ca24e1aab1a506f3b2 |
| SHA1 | e5cc2f5fa3dc8bdf87d796d26c01d4429bc04f32 |
| SHA256 | 43b95a5641522adf91a5e500e939829b3e9ba9627681a1649cc9968cdac16ed3 |
| SHA512 | f47c6448f1996c0388f09bd4e1c1def7cdb0d95be1e778009e484a0dfefbd1407fe2267ee8b8d1267db5b35918a331f95166922968dabdd011d60f14deb75e5d |
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
| MD5 | a0323a48aaed0671c01c2e9a8ac15da9 |
| SHA1 | d0dfcb411b21a340e99bd2156be54212e137a456 |
| SHA256 | 4159ddf36312eaff7ed6eae64d67d2be2c310c279f827963f8d9600f9ef6e0f1 |
| SHA512 | 9c85c7d57126f22749ae78e697e20cd0ff0cda894493e7d0c3f2ef8c21f2dcd1ef6ab56b291895988ee0f233e3b8e0622b57a3288242e50f6215f5ccbc78f460 |
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\4d68c01a-96ce-11ef-8d25-e60b6437e69c.json
| MD5 | 891b7c5e9d0c7961b3b0a259123b7dff |
| SHA1 | 29a7d97c3ee1275cf14dabbc2b5ee2ba04803c9f |
| SHA256 | bd4530595da939323d25ec3cfaa7fb7f0db2d60c25fdfcbf4c553e3dd6fe637f |
| SHA512 | d332375cb8582f025fdb67117f26891c77e082dc2a87ada7b32c1e5ed4839c4c3661891dc9a79aa7e5ddba15d407199e123b7f8fb8f5e99c739eaf6c1c3ee597 |
memory/952-5876-0x0000029B40D30000-0x0000029B41196000-memory.dmp
memory/952-5877-0x0000029B40D30000-0x0000029B41196000-memory.dmp
memory/952-5895-0x0000029B40D30000-0x0000029B41196000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\ScanResults\4d68c01a-96ce-11ef-8d25-e60b6437e69c.json
| MD5 | c50b9c424675bd11b11c5c91c1a9c021 |
| SHA1 | bd36f83ce8c2065456d8850019f3487b7cb01b8b |
| SHA256 | 087937239c9d6a44e2465cf5259ae52f1a19c04c392bd12d1db9d1b6272a478a |
| SHA512 | d3a4ebd1164a68cdab61dfad77ca563cfa756135ea2093b7aad91545cefebbfac9a876dafcdd2e552c97737e98a0fb5fdf4c781ddd3e66d798da6a5f04b4f551 |
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
| MD5 | 16d3d7141f8b5c8f9a2bf1106aed4ab8 |
| SHA1 | 3a0dbe535229a83396d3fedd63c6bbfeafcef672 |
| SHA256 | ed4970d96ab039f5e290b388605564b7a685ff9b6ca3060e82b40ad16cda8581 |
| SHA512 | 658357ea73806fd23aff7ceaf73b4ce08be23afccc231d6939568a440c6d0f0c9e0fea365b28dcab37b86766ccf78cde315a3a11ce2a080ac022f0de83b99a9b |
C:\Windows\Temp\Tmp45B4.tmp
| MD5 | 9a46433478757269b86b07c0d14f5098 |
| SHA1 | 6f0b3c25a8d70046265a85974409adc17ea0e308 |
| SHA256 | e3eb2e9dcc89e570e181bc7ac07458a70ed6f85ed697509c30eecd1f04115308 |
| SHA512 | 1792b0662b68c8b46f3e8a805cfb9eb44877746d1b9625af16e625c3c957acf20dae4e015a007f69ce31724453901a57420f79fbdffb543db26c8bcc6f73028d |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
| MD5 | f68c5900f8b5a614b5bd296f5dbd043e |
| SHA1 | 1d97c70694a2c34bed65aea921d29a049196b6f0 |
| SHA256 | d03e4f50a8f04567976acd428d4b12f51867382e1a4a695aed95b68be2c68dda |
| SHA512 | a7dc09a8dcdfd81efaff3a5ba7e8ed4997915c02827fa7a95715f177d74b6333be60ff3eb0acb9ccb5721ac4dacb096bfae19d225448c51e2eb68c5116346f99 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
| MD5 | 78f2fcaa601f2fb4ebc937ba532e7549 |
| SHA1 | ddfb16cd4931c973a2037d3fc83a4d7d775d05e4 |
| SHA256 | 552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988 |
| SHA512 | bcad73a7a5afb7120549dd54ba1f15c551ae24c7181f008392065d1ed006e6fa4fa5a60538d52461b15a12f5292049e929cffde15cc400dec9cdfca0b36a68dd |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
| MD5 | 3facbc65ae92f87f2c25969761322148 |
| SHA1 | 0c283d43e6c3fe4050f8c41ab73f41b967602144 |
| SHA256 | f1cc662f7a678579e2cb6a6867e8325c0b96176249c1d8f6e6123319537e3644 |
| SHA512 | d3f1e4e1d963bcdfe2bd2171b61e53c9f90a094cbe4383cb99030f590e74e7324e6f7f3b80be0d261c609b1da3713654f8621b1f5fe1aa819b1e3e6c37cef009 |
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
| MD5 | d91299e84355cd8d5a86795a0118b6e9 |
| SHA1 | 7b0f360b775f76c94a12ca48445aa2d2a875701c |
| SHA256 | 46011ede1c147eb2bc731a539b7c047b7ee93e48b9d3c3ba710ce132bbdfac6b |
| SHA512 | 6d11d03f2df2d931fac9f47ceda70d81d51a9116c1ef362d67b7874f91bf20915006f7af8ecebaea59d2dc144536b25ea091cc33c04c9a3808eefdc69c90e816 |
C:\Windows\Temp\Tmp4613.tmp
| MD5 | e08eafee9a9e3c69b0963365f3cb0970 |
| SHA1 | 9d19103f930968cb2b85a7af3f5296ea846654ef |
| SHA256 | e9049dfbba1c029bfe5e1b5c40d7f53370fac70078b64ca80abfb73097a02b7b |
| SHA512 | 3a36159197e294cf0bba2b58ecc7293f52c9fcf86de21ae2d299415e4d643c4dfed235333c8634daa4245a79aa149d05afbbca0e93f409a4e2d56beae67ff3b4 |
C:\Windows\Temp\Tmp46C0.tmp
| MD5 | dd912f84dd62a1318d16c9c46d5730c5 |
| SHA1 | 8b9b8778c658ad150114e2b67d0d4cc94b1bbd56 |
| SHA256 | 8c69a22af0ad862d105c5ccd29e1e0470ebb611031f33d8b7861229aef6ddc44 |
| SHA512 | 79d8088064bc190237bb6eb2d32cdd95b42fe67963d017bc9d1227eea6da568b833fa13710554feb4a7bf20de7a7819742d184ee96a8aa48e3ad5faa98b3567f |
C:\Windows\Temp\Tmp473E.tmp
| MD5 | c1d4ee18fd86f49db7ab8b7410ec48b1 |
| SHA1 | b83688b5258ea1c0c49f3829d06151a87d3780f4 |
| SHA256 | 502e77aefb62da4d82c8131a3271f8ace8f5a513332e736e78a6ecae8437e11a |
| SHA512 | 442192ac1dfcc194ca5d329b817761f2d7fb8a455595bb876a4afd545aa2201aa97ef83ed0c615b90e589eb8196b3ea564cf37085131bb08873a2805e7e16d4b |
C:\Windows\Temp\Tmp473F.tmp
| MD5 | 47271f9c166906b8880aa06bd68aef4e |
| SHA1 | 063e616aca43274a2954c2b327f796fa6357cae3 |
| SHA256 | ae71ac835bea9ef1e629f7b9e1ea36bd4d66d00fef9cb4622bc0d204933164ec |
| SHA512 | 398aa472a52718af8d755242ac904d9ec4ea5500c90bb9188f87e797fc237e3a7ce50834eeb7e90077aca684f29db9e3fbe39a6d3b64a21a13b4e8a37099260f |
C:\Windows\Temp\Tmp4F10.tmp
| MD5 | d348e2c3f38851085f60011f52e72c18 |
| SHA1 | f9217ec8b6a51b96fb7f83d86bcfa1ae65df8b03 |
| SHA256 | bf034d6528b3e43ee6af07d27804e0e47401a5ab29050ee5c0e62303bbc56ded |
| SHA512 | adf3a381582c9a0f88c809baae70b7fb63d15a13298c3cad85d68ffdeb39e97abc70ecd4404373801655d3b8734fe6bf1c6435c87b408ca8305a815de4fdc7ce |
C:\Windows\Temp\Tmp4F40.tmp
| MD5 | 74450c582ff5c8c7452905ebb3a97abb |
| SHA1 | 893053ebcd28122f6577cdd25c4bdbd7cfa8cc4d |
| SHA256 | 8a299ec7732ed47c0bc1708b023acdd1d61e0d4cf60209ba83710f7b92dcb842 |
| SHA512 | 9d47d884e714428b34c9be90d91f535583cc822f325b9fb1430637c71072193a770060e11bfef518a83db815cf307ffd21098bfc4a464218c1511434d0a32e62 |
C:\Windows\Temp\Tmp4FFC.tmp
| MD5 | 2dd250304968c5400844048c8107baf3 |
| SHA1 | 42835742d68843d86f8edd21aa84cc9e9ce900f1 |
| SHA256 | 366a764587fb82f041ab902d3e41598ab531fd7f0d69a6016977158c93422ab9 |
| SHA512 | 14707ffba318eb575a2b7e210b836863b0ae4b73fbaf49fd7c82510a70b66ff51d3847899ce624b3d9acb4353e73787763713420e9e19a24113184a2d9505383 |
C:\Windows\Temp\Tmp504D.tmp
| MD5 | 724545d890e10887bebca8a4b87f80fe |
| SHA1 | 76173fbf2d976c2abb900396bba0f1bfd39e378f |
| SHA256 | cf705e22d76637831e9400c56580190820aa3eb1f9a35d143aebfcdfd5a25ef5 |
| SHA512 | 0e64953f354abb627a68f9656d3e08af667ee04b4b8135ebbc35bf8714aace7677ef355fc04b0341bee1f07948e65d12a096592506a976a760113cccf12b9b93 |
C:\Windows\Temp\Tmp504C.tmp
| MD5 | 7e2d6b8a60d981302ef2a20c32ef37a8 |
| SHA1 | af2a6fc16a284fa76f074218775f02401cda0568 |
| SHA256 | fc0e03ea8daad496be011c796eca91b4e8411ae74cc3424012b8fd4baee7ce17 |
| SHA512 | 32ad5ba5f76097f4f3925769f72313973040693a5734c2dc9f80af5407aaf38cebdc1dceeb97b01685741fcfc942f5042402a1907f41a4e596c5e9ab6bc2aa0e |
C:\Windows\Temp\Tmp50BC.tmp
| MD5 | c179ddcf640531e7a9e4dea2ebee4e4e |
| SHA1 | a93ef4f97ef1aa9b1a3a7554e30064abf88dafce |
| SHA256 | b6c31ac34083d8ed643b783f4e21600c1172028925bb2cbe4e2f29d63e708187 |
| SHA512 | 24bc607bde42283ef5d136b660eb35aebcaff65eab6d665e3138bc2a78c40ba07c5ff60c5fc79f9cb7461ef804059f998cc1c803c636ebc4f8c77e4203eb42c5 |
C:\Windows\Temp\Tmp5178.tmp
| MD5 | 669a3658c3a7a2aac578ec2627a8a11a |
| SHA1 | c42ea39aea5fe0659554e334402a8cad4a252ab3 |
| SHA256 | 0e1a14ebd074f040d7582b42f9a07682df34965d396797becb437a3deb2be0dd |
| SHA512 | 846c02ecab77038c1a7c9cd4b029f944ead3c52b0ba45f1674713f47cacede952bd25ae2b519007c37f95018cd18606b9b44af65b842e2fd31a4111735d50f2b |
C:\Windows\Temp\Tmp51F6.tmp
| MD5 | ae5b9acc84e84192b9a3dbea844aaf01 |
| SHA1 | 3ca69948fab36df26044fd1d84db0c556e50b9ef |
| SHA256 | ca38e58eab49682b2cd63d4dbb59bc6b3990b542895869a019af06d8bc24eee0 |
| SHA512 | d87e9b2ff129ffeebd37a0ad07f14d0d9e339592655951a8c841b223911b115b5b49c363499c4180f7e4da5a12168790c88e9bc2bc0386f954e255756d6744a1 |
C:\Windows\Temp\Tmp539E.tmp
| MD5 | ec91a11df51d1929974a2a4cd5b90900 |
| SHA1 | 40d25668dfa05518c1c0b201467dc9027d691e57 |
| SHA256 | 4f3db7c78f8274eaa1e840a9c2dc85caad59ee09648a3d45c9a9bc6ea83c81a1 |
| SHA512 | effef713228b4a1f37d8617c7b3f8742266c5af83c0191d2288a5b896fef1de19cedbe45dc35941ac354e799df94d3fe766f61f9b60bb7b3a66a61efeb6e05a0 |
C:\Windows\Temp\Tmp539F.tmp
| MD5 | 5ec13e69b93d497fc6d8693ab3a82210 |
| SHA1 | 6cf6d4a6d92e8c18d8b12a7ff0488d7f0aced45b |
| SHA256 | 5957162eed70cf3600dbe409e3d9379a8e797d06c0cbdb5dfc4e5a92383927cd |
| SHA512 | 4749b6b3389de3fa850067012001633007ab6b4ece9c50e9a0eeece03e956f3361a8e5ce8a214257e1b2689e7382d7250546601e8a0e5c845e742c84bfc8509f |
C:\Windows\Temp\Tmp53FE.tmp
| MD5 | a9f469a795e19cbfaac1dd23b19af7ef |
| SHA1 | 18e3c2fe40f2b84b8a4171a17726566b795dbf51 |
| SHA256 | 8261885649e52e6fe8fc62fa88c9f81f4287f7f264a6206e6841fa81c391fd7e |
| SHA512 | e9c05842294a531ce1e979c055f4de34ce68eeccc0ae81cac89449a5afe4b7340b3b8b0c679d7f58e06654c7dac4b3c91b4345fc0a7cfd88489fcfcebe74ea81 |
C:\Windows\Temp\Tmp54CA.tmp
| MD5 | 840e83d59dad735ac69b5aefe74feb03 |
| SHA1 | e27beb56c9f64bd18881738419502fad62a1d62a |
| SHA256 | f1817e5bf1fb2b9f0d15d1fd5847603074aac3928f479010c528c242c42b7571 |
| SHA512 | 834b58d4a649df9febbf3f712fea7c0cba52bc5e2e24cf7c4d2d54affeff5059f89d82cccc7488299685335cde88e17d134394e2d05458c134c6f31cb3941a55 |
C:\Windows\Temp\Tmp5586.tmp
| MD5 | 1830fdfd511fbf3830c426c50b00612f |
| SHA1 | f8dc8aca419def0fd7a8e1987a1b2ec2efa839dc |
| SHA256 | 3a2abeb94b95c27f00bbab9bf7aea2f6f1a2eafe9999fe886a0bb4fa0e192a46 |
| SHA512 | d0f6c92c7266563d67bf7360329d41e744b00e61abc4d7222393d418da29ce1cb9f27f111534a190bc4ba7ab0b72320520ad110413c35e937b94c001429bb783 |
C:\Windows\Temp\Tmp5604.tmp
| MD5 | 7281bd2a1c36bb1875923bc0a7aa768e |
| SHA1 | bb4432d9b8682044da51109d031c93a995031984 |
| SHA256 | 6d4e1c830ec9bbb686fe0933468c9f3ce7911e1f4bc3fa20a6e8dd098b95fd0a |
| SHA512 | 1ff6672e2779db31bbabce9f1f55c05051f89cbe7b8b6b10389145ce67817a6584dde4ac2a0eefeada526e9199ad6631d2872f36de2ad9b664c571371170b507 |
memory/952-6178-0x0000029B40D30000-0x0000029B41196000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json
| MD5 | 8d4e0bdd1a3089016c94d600d6d2b06a |
| SHA1 | 7b383564972d2a3aa79d6ae2fce6113e5f5186d8 |
| SHA256 | 4d0c6cdfbe9bd87351121ae9848a9495ac12f13d612719b0e2e66356041265a7 |
| SHA512 | fbf30fc0f18b175e39dca97571fd8236b8c15f1ecd9913a71693c3072ff671d37a5b7dc9de3c64c021e585471ddd49ecf3314fc8a88d9aa5ea9198a32962956e |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 4899637cf712120a1448c58d5b966b09 |
| SHA1 | efda2f492e8cabdf9c4dadf386c22fb719b31c7c |
| SHA256 | ec6b8507a8fb10d3071bc63aa976bebf081eaa69442a348d1ca03965a3cc659b |
| SHA512 | 93e4a0e97ac4bf15b54e7bd73f5f74ec7df7be6f0121ebfb1515498fb8dcf1681d82dea2a87ee13f0e72895b053d58fab32da702512894797a0a317e83556201 |
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
| MD5 | a7324abfbb91fa816f609fdc069582f3 |
| SHA1 | 053222a7340091dbaaeb9083cc92ccc4f8a87377 |
| SHA256 | e209e76f64d6e28499ca19758f86574f5c363a38d065ab1da2bee05f49521da3 |
| SHA512 | 205474d3da31cba0d38ad073b832c7e3de2e03fed69bd7940f38fadcfa7f320e1ea98eaaf614f82aef085ff0ca14a6a9524e83f7edab625f3a2d74da4299af64 |
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
| MD5 | f488bd4abb6a1695ac8ccc24017f9815 |
| SHA1 | ad55114cc1f99bbfc3257d11ad9baf3e848daf72 |
| SHA256 | 9ce4670be926cf3cfb9da22833cb73c63d08cb10920c9c7d309d1fd92a821538 |
| SHA512 | 579977baba152bd8608561c2f52fb35a3ecfdb4753d2d2a4214589a62bb16a34f8a8f9036537ef7f313c3b56e1c369c2c02a2c6e83ef3d893da5e3b691fcb869 |
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
| MD5 | fcbc0cead7bd240e030880ecaae85f51 |
| SHA1 | 895b035a5e198da0c7b4890c3adf409e75274d63 |
| SHA256 | ff274c54e12e498d5f2d02b9e2fbba47d689f39958136b3a39e2c1eaa7d7cbf3 |
| SHA512 | 85a3a6b68ae8743eda5f57c5be76b097056215959898e31a7571a8aec60c9cd8eb2bdd5574399ffb8a6a469e2e938f8cdedf3c8da57d5474b9aa299d4269195d |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 921ca2360424e393753f73b299967c32 |
| SHA1 | be448de6c0c59e460694a79de44dc66bb8dbac09 |
| SHA256 | 7a4350f86c33718b29eebd642c038c4d285855e1f6add48d906bfa54d5ea830b |
| SHA512 | b739bbc8186e49e1d32c58d8aa579855c6b0fec453c7fb9fe3a4af89e6a2b4aa7bc7bb73d916caba66f1fd4e215b0ce91ac430e8cdfdb5352f50d84132608e70 |
memory/952-6228-0x0000029B40D30000-0x0000029B41196000-memory.dmp
memory/952-6308-0x0000029B40D30000-0x0000029B41196000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA2.tmp
| MD5 | 3b337c2d41069b0a1e43e30f891c3813 |
| SHA1 | ebee2827b5cb153cbbb51c9718da1549fa80fc5c |
| SHA256 | c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7 |
| SHA512 | fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA5.tmp
| MD5 | b5d0f85e7c820db76ef2f4535552f03c |
| SHA1 | 91eff42f542175a41549bc966e9b249b65743951 |
| SHA256 | 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c |
| SHA512 | 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7 |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DAC.tmp
| MD5 | 699dd61122d91e80abdfcc396ce0ec10 |
| SHA1 | 7b23a6562e78e1d4be2a16fc7044bdcea724855e |
| SHA256 | f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1 |
| SHA512 | 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff |
memory/6108-6376-0x000002CDFD700000-0x000002CDFD800000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DAE.tmp
| MD5 | 54dde63178e5f043852e1c1b5cde0c4b |
| SHA1 | a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd |
| SHA256 | f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d |
| SHA512 | 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45 |
memory/6108-6410-0x000002CDFEE00000-0x000002CDFEE20000-memory.dmp
memory/6108-6409-0x000002CDFF120000-0x000002CDFF140000-memory.dmp
memory/6108-6403-0x000002CDFEBD0000-0x000002CDFEBF0000-memory.dmp
memory/6108-6424-0x000002C5923C0000-0x000002C5924C0000-memory.dmp
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DB0.tmp
| MD5 | a7b7470c347f84365ffe1b2072b4f95c |
| SHA1 | 57a96f6fb326ba65b7f7016242132b3f9464c7a3 |
| SHA256 | af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a |
| SHA512 | 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d |
C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DB1.tmp
| MD5 | 804b9539f7be4ece92993dc95c8486f5 |
| SHA1 | ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c |
| SHA256 | 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b |
| SHA512 | 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2 |
C:\Windows\Temp\Tmp7C74.tmp
| MD5 | 492a163eb4d3be6d558c15a1787cb6c4 |
| SHA1 | 15cb4a9ab0f6463d441726521d0874804ba78794 |
| SHA256 | 9fcdbf55905d93bc95068deaf6b6b1dac6fea942f4d18325f20835ffb02e9eba |
| SHA512 | daa0ee358398716e38758b3bbb05a02e42f3a179327f13a536bb864a4d006f59f80c972e30b6cab0e5224852a64506f0f8c7b9d7f0ba784f1a90ab8ddb1b9ad5 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | 8ae04eeec9a162c475b53a730d2a2b29 |
| SHA1 | 2a38e85743b0cf920d09a6b530b31e3d412f801d |
| SHA256 | 647c468be84b9d053012fa0fe662f7cadcf1bddf49c484d7e7d882469ed84d42 |
| SHA512 | 2959a6345283c879efb4348c3cf6618f5ca3d9e67817dbdad342981fc8432c069d5544436547ec7239949e42bb460f603729a2f3ee8db79ef7619e1560ee660e |
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
| MD5 | 0e00a56890f037af40d52dd9dc1c73c2 |
| SHA1 | 04a58468d5ce16924887b78b8669405f7fad58fa |
| SHA256 | 73f6652e9c4bcb18a68b1aeea36c3a992a5365c900663d2d9cd1283cc008cc8f |
| SHA512 | db2ee96f60274793e6636fb8d4113ddbab1fac0885f91c52a313856701c43d4fd4788e373d9beeed092b2086864e878ced7e1fe3a43483b5786dcc0bd2f74f04 |
C:\Windows\Temp\Tmp9E58.tmp
| MD5 | 187f71cf676c75ba8f9dbfe295620474 |
| SHA1 | 823fb8879b4ef97f8972cbb4f8dd5d8f98ba7d8a |
| SHA256 | d7ef83bbb1449815adb055c7c6c66052d1c103c9cfa81e10146fd87358b4616e |
| SHA512 | 83d08893a7c4df1c46b9759c725c96f4b4a72a95b7aa04e9fd01c703fb5755b4a3741582be2b78c1e23c7ceff678a77b280477c88299fb7f6ebc7755e1ff153f |
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
| MD5 | e85a5d6d9adc51fb31dab7a89f64e31d |
| SHA1 | 1256039cd702732e5107021c9710c46822354532 |
| SHA256 | f59883e8d8cea48cb6ec7dbd2ff819b820193eb7e1496122ce8403ba5f76b1cf |
| SHA512 | 5c05effd4a76f1b2180a89f8a0082088831d2e11cb62075714cef09564a58e44de551951159a913673fd6ce4f5bcb7d8efec08e6816f15ff3c4644e55f194a45 |
C:\Windows\Temp\TmpA0BB.tmp
| MD5 | e64d3c98128cf7014fea41fd4d7fd7ee |
| SHA1 | 2a50522b59cf80a883cbcda255699fe6e0e27da7 |
| SHA256 | f039f4be44b16ca18e2d40250671ffba168213ae73a51438dd37c6272ea27de7 |
| SHA512 | 43f65a65f9f5f49a53b9145b03034fa614aac30054439c1b7f00b00b5bdc472660c84eff20bafd909c879d9a7d38d778335fa886457691c142f37f6a5dce0db6 |
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
| MD5 | cd0c339503a284eaf3c0e47cf234dd14 |
| SHA1 | ad54a8026acdcc0d83bf1f3d96203489fb06f423 |
| SHA256 | 804776acdf5e081e622a8880a83ac529e3a3543a8459d91f8ca4e723f4479751 |
| SHA512 | 899498ce612bd66bba43cf068b0079d5525db6359f5e29fd87a298872f8237c82570e1e2793e0f41e2806b9b3a55ed3af3b6d8d74cc9e7619d1210c37d0995c2 |