Malware Analysis Report

2025-08-10 16:40

Sample ID 241030-r5nvlaxjhk
Target media_images_grubyptok.jpg
SHA256 f9197ec99fb6cfccca9b5ad6af20c455f7e0b5cf15c9baf197164b2e6f7bfe78
Tags
defense_evasion discovery persistence privilege_escalation spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f9197ec99fb6cfccca9b5ad6af20c455f7e0b5cf15c9baf197164b2e6f7bfe78

Threat Level: Likely malicious

The file media_images_grubyptok.jpg was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery persistence privilege_escalation spyware stealer

Drops file in Drivers directory

Sets service image path in registry

Downloads MZ/PE file

Modifies RDP port number used by Windows

Impair Defenses: Safe Mode Boot

Event Triggered Execution: Component Object Model Hijacking

Checks computer location settings

Checks BIOS information in registry

Loads dropped DLL

Reads user/profile data of web browsers

Unexpected DNS network traffic destination

Executes dropped EXE

Enumerates connected drives

Checks installed software on the system

Drops file in System32 directory

Drops file in Program Files directory

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

System Time Discovery

Enumerates physical storage devices

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious behavior: LoadsDriver

Modifies registry class

Uses Task Scheduler COM API

Script User-Agent

Suspicious use of SendNotifyMessage

Uses Volume Shadow Copy service COM API

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies system certificate store

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies data under HKEY_USERS

Checks processor information in registry

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 14:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 14:46

Reported

2024-10-30 14:52

Platform

win10ltsc2021-20241023-en

Max time kernel

194s

Max time network

338s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\media_images_grubyptok.jpg

Signatures

Downloads MZ/PE file

Drops file in Drivers directory

Description Indicator Process Target
File created C:\Windows\system32\DRIVERS\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\MbamChameleon.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mwac.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat C:\Users\Admin\Downloads\MBSetup.exe N/A
File created C:\Windows\system32\DRIVERS\farflt.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\DRIVERS\mbam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\system32\drivers\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Windows\system32\DRIVERS\mbamswissarmy.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies RDP port number used by Windows

Sets service image path in registry

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mbamchameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\Downloads\MBSetup.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\Downloads\MBSetup.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe N/A
N/A N/A C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
N/A N/A C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\InstAct.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\InstAct.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\InstAct.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\updater.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\updater.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService\ = "Service" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Reads user/profile data of web browsers

spyware stealer

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 44.228.224.62 N/A N/A
Destination IP 44.228.224.62 N/A N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\H: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\J: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\N: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\K: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\O: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\S: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\T: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\X: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\Z: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\P: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\Y: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened (read-only) \??\G: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\I: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\A: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwlv64.inf_amd64_0b9818131664d91e\netwlv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_d6132e4c7fe2fac6\rtux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msdri.inf_amd64_97bef65a8432edd4\msdri.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net44amd.inf_amd64_450d4b1e35cc8e0d\net44amd.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvg63a.inf_amd64_9f5493180b1252cf\netvg63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwew01.inf_amd64_153e01d761813df2\netwew01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8192su64.inf_amd64_66c8bfc7a4b1feed\net8192su64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{566a54a5-69a0-094f-bf28-80139a95c0d1}\mbtun.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\ykinx64.inf_amd64_0bbd8466b526ef26\ykinx64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrasa.inf_amd64_1bdf7a435cb3580d\netrasa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl160a.inf_amd64_e4cbe375963a69e9\netl160a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wnetvsc.inf_amd64_222cdc9568e4557f\wnetvsc.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbxnda.inf_amd64_1fff3bc87a99b0f1\netbxnda.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwsw00.inf_amd64_24d55504ae3587aa\netwsw00.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\msux64w10.inf_amd64_5aa81644af5957b3\msux64w10.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\mwlu97w8x64.inf_amd64_23bc3dc6d91eebdc\mwlu97w8x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_6E4F36431D86962EFD432400DF65AC90 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\38D10539991D1B84467F968981C3969D_C92678066E2B4B4986BC7641EEC08637 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvwwanmp.inf_amd64_f9e30429669d7fff\netvwwanmp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netbc63a.inf_amd64_7ba6c9cea77dd549\netbc63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netathrx.inf_amd64_220db23f5419ea8d\netathrx.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netl260a.inf_amd64_783312763f8749c7\netl260a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netimm.inf_amd64_8b2087393aaef952\netimm.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{566a54a5-69a0-094f-bf28-80139a95c0d1}\SET3138.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{566a54a5-69a0-094f-bf28-80139a95c0d1}\SET313A.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane01.inf_amd64_b02695ef070d7a42\netrtwlane01.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_07ad61d07466a58a\wceisvista.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\117308CCCD9C93758827D7CC85BB135E C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwns64.inf_amd64_162bb49f925c6463\netwns64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8187bv64.inf_amd64_bc859d32f3e2f0d5\net8187bv64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\b57nd60a.inf_amd64_77a731ab08be20a5\b57nd60a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\mbtun.inf_amd64_add82795013a7c3b\mbtun.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\usbnet.inf_amd64_9e6bb7a4b7338267\usbnet.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\e2xw10x64.inf_amd64_04c2ae40613a06ff\e2xw10x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net819xp.inf_amd64_ff7a5dd4f9b1ceba\net819xp.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwtw02.inf_amd64_42e02bae858d0fbd\netwtw02.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\rtwlanu_oldic.inf_amd64_1a82423cc076e882\rtwlanu_oldic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmlx4eth63.inf_amd64_3809a4a3e7e07703\netmlx4eth63.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{566a54a5-69a0-094f-bf28-80139a95c0d1}\mbtun.sys C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netelx.inf_amd64_7812e4e45c4a5eb1\netelx.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_0533a202a2a4615d\netwmbclass.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netv1x64.inf_amd64_30040c3eb9d7ade4\netv1x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netax88772.inf_amd64_5d1c92f42d958529\netax88772.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvchannel.inf_amd64_ba3e73aa330c95d6\netvchannel.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net8185.inf_amd64_7a30f5a9441cd55b\net8185.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\net7400-x64-n650.inf_amd64_557ce3b37c3e0e3b\net7400-x64-n650.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0E447C3E79584EC91182C66BBD2DB7 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netvf63a.inf_amd64_a090e6cfaf18cb5c\netvf63a.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netloop.inf_amd64_762588e32974f9e8\netloop.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netrtwlane_13.inf_amd64_992f4f46e65f30d4\netrtwlane_13.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netsstpa.inf_amd64_e76c5387d67e3fd6\netsstpa.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\kdnic.inf_amd64_6649425cdcae9b5f\kdnic.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\bcmdhd64.inf_amd64_e0bae6831f60ea5f\bcmdhd64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\572BF21E454637C9F000BE1AF9B1E1A9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\nett4x64.inf_amd64_54eacac1858c78ab\nett4x64.PNF C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-heap-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Memory.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.NetworkInformation.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Reflection.Primitives.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ko\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Reflection.Emit.Lightweight.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\es\UIAutomationClientSideProviders.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework-SystemDrawing.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\PresentationCore.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.tmf C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File opened for modification C:\Program Files (x86)\MyCleanPC\System.Data.SQLite.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Text.Encodings.Web.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\it\WindowsBase.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Resources.Extensions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SecurityProductInformation.ini C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\System.Windows.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MbamUI.Services.deps.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\SQLitePCLRaw.batteries_v2.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Serilog.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\MyCleanPC\ComponentFactory.Krypton.Toolkit.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Windows.Forms.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\tr\System.Windows.Controls.Ribbon.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\MyCleanPC\Setup.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\it\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pl\ReachFramework.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hant\System.Windows.Controls.Ribbon.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\DryIoc.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File opened for modification C:\Program Files (x86)\MyCleanPC\Microsoft.Win32.TaskScheduler.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-interlocked-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\Microsoft.CSharp.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\es\PresentationUI.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\pt-BR\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\UIAutomationTypes.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\zh-Hans\System.Windows.Controls.Ribbon.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnel_mbtun.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Caching.Abstractions.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamsi32.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-core-processthreads-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.IO.UnmanagedMemoryStream.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.WebSockets.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\fr\System.Windows.Input.Manipulations.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Microsoft.Extensions.Caching.Memory.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\api-ms-win-crt-string-l1-1-0.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Net.Sockets.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\UIAutomationProvider.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Printing.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbae64.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbam.manifest.json C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Runtime.Loader.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Security.Cryptography.Algorithms.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\it\Microsoft.VisualBasic.Forms.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ja\WindowsFormsIntegration.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\ru\PresentationCore.resources.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\Sentry.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\.version C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.IO.FileSystem.DriveInfo.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Private.CoreLib.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Resources.Reader.dll C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\e59b0d8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB373.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59b0da.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB1D5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB6B0.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\Installer\MSIB1E5.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\SystemTemp\AiFilesRemoveNoImpers_2E8697F4_207E_4696_9C4F_C2AB4A1E6143.bak C:\Windows\syswow64\MsiExec.exe N/A
File opened for modification C:\Windows\Installer\MSIB73F.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB2A4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{2E8697F4-207E-4696-9C4F-C2AB4A1E6143}\icon.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{2E8697F4-207E-4696-9C4F-C2AB4A1E6143}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{2E8697F4-207E-4696-9C4F-C2AB4A1E6143}\SystemFoldermsiexec.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB71E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIB174.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB1B3.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{2E8697F4-207E-4696-9C4F-C2AB4A1E6143}\icon.exe C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\e59b0d8.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB1C4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB1F6.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB216.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{2E8697F4-207E-4696-9C4F-C2AB4A1E6143} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB2B4.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB2B5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIB333.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\ELAMBKUP\MbamElam.sys C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File created C:\Users\Admin\Downloads\MyCleanPCInstall.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MyCleanPC\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MBSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\msiexec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MyCleanPC\InstAct.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MyCleanPC\updater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MyCleanPC\InstAct.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\MyCleanPC\InstAct.exe N/A

System Time Discovery

discovery
Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
N/A N/A C:\Windows\SysWOW64\msiexec.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Malwarebytes.exe = "11000" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false" C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes: C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\ C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AB5C774-8EB7-4C1B-9BBB-5AC3E2C291DD}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{090D2E82-C71B-414E-AF6A-6681A92FF2B3} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{5CE94D34-A1E4-4FA8-BEDC-6A32683B85F5}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8B05F69B-4F9B-4FD3-A491-16153F999E00}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F6A99D88-2CA0-4781-86B9-2014CDC372E8} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController\ = "MBAMServiceController Class" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\ProgID C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF153224-DA64-41F1-AA87-321B345870FA} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{309BE0D9-B4CA-4610-B250-26CC9CDE7186}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B1D8E799-D5A2-45B4-9524-067144A201E4} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31BF2366-C6DB-49F1-96A5-8026B9DF4152}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ED06E075-D1FD-4635-BA17-2F6D6BB0DFD6}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\Version\ = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7995CBA9-83E0-4F28-A50B-DFDE85EBCCD1}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AFC6D7FD-62B9-4016-9674-53BAC603E9FC}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4412646D-16F5-4F3C-8348-0744CDEBCCBF}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D10B0F61-43AA-40F4-9C6C-57D29CA8544E}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\"" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2058A31F-5F59-4452-9204-03F588252FFC}\TypeLib\ = "{783B187E-360F-419C-B6DA-592892764A01}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F656FD9-2597-4587-8F05-781C11710867}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6724C143-DE69-4A93-80ED-19B75DD2AA99}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD6673C7-8E52-46EE-80B8-58F3FB6AA036}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D10B0F61-43AA-40F4-9C6C-57D29CA8544E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E2870643-0645-41F9-BCCB-F5969386162C}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4F7968E2E7026964C9F42CBAA4E11634\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3C0ECFDC-317D-406B-ADF5-C0E8217E244F}\ = "ILicenseControllerV15" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B2CCE9B-6446-450F-9C9D-542CD9FA6677}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{616E9BE3-358B-4C06-8AAB-0ACF8D089931}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{09F245DA-55E7-451E-BDF3-4EE44637DFF1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97EB7268-0D7B-43F6-9C11-337287F960DF}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MB.LogController\ = "LogController Class" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CE9646CD-EB6F-4835-9BE1-364F8896D71E}\ = "IMBAMServiceControllerV12" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4BDE5F8-F8D4-4E50-937F-85E8382A9FEE}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}\ = "_IMBAMServiceControllerEventsV2" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E777BB2-8526-437A-BBE2-42647DE2EC86}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{02E9FB91-8E7C-46BF-958D-EAF5002A59B8}\TypeLib\ = "{FFB94DF8-FC15-411C-B443-E937085E2AC1}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C9669A3D-81E8-46F6-A51E-815A0863D612} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ADCD8BEB-8924-4876-AE14-2438FF14FA17}\ = "IPoliciesControllerV5" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\Version\ = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{02E9FB91-8E7C-46BF-958D-EAF5002A59B8}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{77EC89F7-64B9-4192-930B-B7B0A3976BBC}\ProxyStubClsid32 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44AC1571-055F-4CC8-B7D8-EA022C4CC112}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{638A43D2-5475-424B-87B8-042109D7768F}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4215DAB-7574-44DE-8BE9-78CC62597C95}\TypeLib\ = "{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ED06E075-D1FD-4635-BA17-2F6D6BB0DFD6}\TypeLib\ = "{EEC295FA-EC51-4055-BC47-022FC0FC122F}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{ECDAC35E-72BB-4856-97E1-226BA47C62C5}\ = "_IScanControllerEventsV6" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{ECDAC35E-72BB-4856-97E1-226BA47C62C5}\TypeLib C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA} C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{738848E2-18E4-40F8-9C08-60BC0505E9E9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6CE18DD5-2BD7-4844-B9AD-DF6A995750A1}\TypeLib\Version = "1.0" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{49207D05-5DFE-4F52-9286-1856A92A5BFE}\TypeLib\ = "{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}" C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa20f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d0030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d578112861900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 040000000100000010000000be954f16012122448ca8bc279602acf5140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa20f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e1900000001000000100000009f687581f7ef744ecfc12b9cee6238f12000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 5c0000000100000004000000001000001900000001000000100000009f687581f7ef744ecfc12b9cee6238f10f000000010000003000000041ce925678dfe0ccaa8089263c242b897ca582089d14e5eb685fca967f36dbd334e97e81fd0e64815f851f914ade1a1e030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa2140000000100000014000000c87ed26a852a1bca1998040727cf50104f68a8a2040000000100000010000000be954f16012122448ca8bc279602acf52000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16 C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\MyCleanPCInstall.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\MBSetup.exe:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe\:Zone.Identifier:$DATA C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Script User-Agent

Description Indicator Process Target
HTTP User-Agent header Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Users\Admin\Downloads\MBSetup.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
N/A N/A C:\Users\Admin\Downloads\MyCleanPCInstall.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A
N/A N/A C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe N/A
N/A N/A C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 812 wrote to memory of 240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mspaint.exe
PID 812 wrote to memory of 240 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mspaint.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 4000 wrote to memory of 3612 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 4692 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 5060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 5060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 5060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 5060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 5060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe
PID 3612 wrote to memory of 5060 N/A C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\media_images_grubyptok.jpg

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\media_images_grubyptok.jpg"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1908 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42c102e1-e196-46a7-95d9-fd0d96ca101a} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2597342-d132-4d4c-9fad-b1da795cc17d} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2972 -childID 1 -isForBrowser -prefsHandle 2756 -prefMapHandle 2988 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0620495-c9c3-4cad-a6ec-d7d81265c678} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 2872 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8fa435a-64f0-4ec6-8890-75ac91e868e3} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4924 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4820 -prefMapHandle 4904 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2faf14e-4d3d-487e-b063-6645e36deac4} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 3 -isForBrowser -prefsHandle 5316 -prefMapHandle 5352 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93066ee2-13aa-4fb6-bef1-b2cffefc6b93} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5480 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01f63efb-1761-4c6b-9a37-15c08dc372f5} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 5 -isForBrowser -prefsHandle 5680 -prefMapHandle 5688 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff231ce0-6d48-41e3-9116-de04e2b9c25e} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6312 -childID 6 -isForBrowser -prefsHandle 6304 -prefMapHandle 6292 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ce372e1-9a7c-4ba5-a3df-a0d21a9b2692} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6552 -childID 7 -isForBrowser -prefsHandle 6540 -prefMapHandle 3808 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7c87598-9a5c-467c-b7fd-d3ea05d620ca} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3280 -childID 8 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f681369-89d1-4a58-a3d0-81c0774cce3a} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7080 -childID 9 -isForBrowser -prefsHandle 7072 -prefMapHandle 7068 -prefsLen 27322 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81f53a81-1104-4b8c-99cc-af81972ad37a} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 10 -isForBrowser -prefsHandle 6444 -prefMapHandle 5772 -prefsLen 27698 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d129976-aa0c-4cf4-b285-e8c3fe44a134} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7468 -childID 11 -isForBrowser -prefsHandle 4764 -prefMapHandle 4768 -prefsLen 27698 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3f54e8c-5a9e-434b-9ffc-f4693867f38f} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8344 -childID 12 -isForBrowser -prefsHandle 8284 -prefMapHandle 8356 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6335f27e-3ed3-4fd4-9a2b-4c2a638f232e} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8488 -childID 13 -isForBrowser -prefsHandle 8200 -prefMapHandle 5668 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e65637fd-79fb-4079-ba93-d80e0adca095} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Users\Admin\Downloads\MBSetup.exe

"C:\Users\Admin\Downloads\MBSetup.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "00000000000001CC" "Service-0x0-3e7$\Default" "00000000000001DC" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

ig.exe reseed

C:\Users\Admin\Downloads\MyCleanPCInstall.exe

"C:\Users\Admin\Downloads\MyCleanPCInstall.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 9BFBB180AA2FC6564359AA7CBCE3A604 C

C:\Users\Admin\Downloads\MyCleanPCInstall.exe

"C:\Users\Admin\Downloads\MyCleanPCInstall.exe" /i "C:\Users\Admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.2.3\install\A1E6143\MyCleanPC.msi" /L*v "C:\Users\Admin\AppData\Roaming\\MyCleanPC\MyCleanPC 4.2.3\install\installlog_MyCleanPC.txt" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC" APPDIR="C:\Program Files (x86)\MyCleanPC" SECONDSEQUENCE="1" CLIENTPROCESSID="8024" CHAINERUIPROCESSID="8024Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="MainFeature" PRIMARYFOLDER="APPDIR" ROOTDRIVE="F:\" AI_DETECTED_INTERNET_CONNECTION="1" AI_SETUPEXEPATH="C:\Users\Admin\Downloads\MyCleanPCInstall.exe" SETUPEXEDIR="C:\Users\Admin\Downloads\" EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1730059024 " AI_SETUPEXEPATH_ORIGINAL="C:\Users\Admin\Downloads\MyCleanPCInstall.exe" TARGETDIR="F:\" AI_INSTALL="1" ARPSIZE=19752 AiProductCode={2E8697F4-207E-4696-9C4F-C2AB4A1E6143} FASTOEM=1 /qn

C:\Windows\SysWOW64\msiexec.exe

"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.2.3\install\A1E6143\MyCleanPC.msi" /L*v "C:\Users\Admin\AppData\Roaming\\MyCleanPC\MyCleanPC 4.2.3\install\installlog_MyCleanPC.txt" AI_EUIMSI=1 SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC" APPDIR="C:\Program Files (x86)\MyCleanPC" SECONDSEQUENCE=1 CLIENTPROCESSID=8024 CHAINERUIPROCESSID=8024Chainer ACTION=INSTALL EXECUTEACTION=INSTALL CLIENTUILEVEL=0 ADDLOCAL=MainFeature PRIMARYFOLDER=APPDIR ROOTDRIVE=F:\ AI_DETECTED_INTERNET_CONNECTION=1 AI_SETUPEXEPATH=C:\Users\Admin\Downloads\MyCleanPCInstall.exe SETUPEXEDIR=C:\Users\Admin\Downloads\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1730059024 " AI_SETUPEXEPATH_ORIGINAL=C:\Users\Admin\Downloads\MyCleanPCInstall.exe TARGETDIR=F:\ AI_INSTALL=1 ARPSIZE=19752 AiProductCode={2E8697F4-207E-4696-9C4F-C2AB4A1E6143} FASTOEM=1 /qn

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding AA99F35C1AA058EAAECD1005D5949EA1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 66FE1A8301DEB15FE450119BA8259F16 E Global\MSI0000

C:\Program Files (x86)\MyCleanPC\InstAct.exe

"C:\Program Files (x86)\MyCleanPC\InstAct.exe" createini

C:\Program Files (x86)\MyCleanPC\InstAct.exe

"C:\Program Files (x86)\MyCleanPC\InstAct.exe" installurl "C:\Users\Admin\Downloads\MyCleanPCInstall.exe"

C:\Program Files (x86)\MyCleanPC\InstAct.exe

"C:\Program Files (x86)\MyCleanPC\InstAct.exe" install

C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe

"C:\Program Files (x86)\MyCleanPC\MyCleanPC.exe" afterinstallpopup "C:\Users\Admin\Downloads\MyCleanPCInstall.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6536 -childID 14 -isForBrowser -prefsHandle 6880 -prefMapHandle 6740 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4315a6d4-63c4-4e3f-8b22-ba6b2b6908a9} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8948 -childID 15 -isForBrowser -prefsHandle 5452 -prefMapHandle 8856 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27e1aa81-4dc5-4ed5-8a59-180b97d41b3e} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mycleanpc.com/app/carts/post-install?lnT=PostInstall&ipA=138.199.29.44&mcA=E60B6437E69C&osN=Microsoft+Windows+10+Enterprise+LTSC&osV=10.0.19044.0&lng=en&bdV=4.2.3&scR=&lcA=&lcE=

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x128,0x12c,0xc8,0x130,0x7ffd910e46f8,0x7ffd910e4708,0x7ffd910e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6680 -childID 16 -isForBrowser -prefsHandle 8968 -prefMapHandle 7784 -prefsLen 28338 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00753d19-3b28-4805-a76e-71192b57decd} 3612 "\\.\pipe\gecko-crash-server-pipe.3612" tab

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1

C:\Program Files (x86)\MyCleanPC\updater.exe

"C:\Program Files (x86)\MyCleanPC\updater.exe" /justcheck -url http://mcpi.helpverify.info/setups/registry/mycleanpc/s/updates.txt

C:\Program Files (x86)\MyCleanPC\updater.exe

"C:\Program Files (x86)\MyCleanPC\updater.exe" /justcheck -url http://mcpi.helpverify.info/setups/registry/mycleanpc/s/updates.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x154,0x14c,0x148,0x134,0x144,0x7ff75cb05460,0x7ff75cb05470,0x7ff75cb05480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10465806003619613268,2077969613768685147,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

"C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status on true /updatesubstatus none /scansubstatus none /settingssubstatus none

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe

"C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\updatrpkg\mbupdatrV5.exe" "C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\config\UpdateControllerConfig.json" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE" "C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbclsupdate\staging" /db:dbupdate /su:no

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39a3055 /state1:0x41c64e6d

C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe

"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 0 /status off true /updatesubstatus none /scansubstatus none /settingssubstatus none

Network

Country Destination Domain Proto
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 checkappexec.microsoft.com udp
GB 172.165.61.93:443 checkappexec.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy.cdn.mozilla.net udp
N/A 127.0.0.1:49795 tcp
US 34.149.97.1:443 firefox-api-proxy.cdn.mozilla.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 138.191.11.52.in-addr.arpa udp
US 8.8.8.8:53 www.mozilla.org udp
GB 13.224.77.115:443 www.mozilla.org tcp
US 8.8.8.8:53 www.mozorg.moz.works udp
US 8.8.8.8:53 www.mozorg.moz.works udp
N/A 127.0.0.1:49804 tcp
US 8.8.8.8:53 115.77.224.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 36.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.200.17:443 csp.withgoogle.com tcp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
US 8.8.8.8:53 ogads-pa.googleapis.com udp
GB 142.250.200.17:443 csp.withgoogle.com udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 17.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
US 8.8.8.8:53 play.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.206:443 consent.google.com tcp
US 8.8.8.8:53 consent.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.206:443 consent.google.com udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 www.mycleanpc.co.uk udp
NL 18.239.36.128:443 www.mycleanpc.co.uk tcp
US 8.8.8.8:53 www.mycleanpc.co.uk udp
NL 18.239.36.128:443 www.mycleanpc.co.uk tcp
US 8.8.8.8:53 www.mycleanpc.co.uk udp
US 8.8.8.8:53 128.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 151.101.66.137:443 code.jquery.com tcp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 151.101.129.229:443 jsdelivr.map.fastly.net udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 useruploads.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 useruploads.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 useruploads.visualwebsiteoptimizer.com udp
GB 172.217.169.36:443 www.google.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.mczbf.com udp
US 8.8.8.8:53 cdn.limelightcrm.com udp
US 8.8.8.8:53 tag.rmp.rakuten.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 34.102.147.248:443 tag.rmp.rakuten.com tcp
US 8.8.8.8:53 tag.rmp.rakuten.com udp
US 8.8.8.8:53 tls13.taboola.map.fastly.net udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 tag.rmp.rakuten.com udp
NL 18.239.36.24:443 cdn.limelightcrm.com tcp
US 8.8.8.8:53 cdn.limelightcrm.com udp
NL 18.239.36.90:443 www.mczbf.com tcp
US 8.8.8.8:53 dcjdc5qmbbux7.cloudfront.net udp
US 8.8.8.8:53 dcjdc5qmbbux7.cloudfront.net udp
US 8.8.8.8:53 137.102.96.34.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 248.147.102.34.in-addr.arpa udp
US 8.8.8.8:53 cdn.limelightcrm.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 34.102.147.248:443 tag.rmp.rakuten.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 ut.rd.linksynergy.com udp
US 8.8.8.8:53 dynamic.criteo.com udp
US 8.8.8.8:53 tags.rd.linksynergy.com udp
US 8.8.8.8:53 ut.linksynergy.com udp
US 8.8.8.8:53 ut.linksynergy.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 location.services.mozilla.com udp
NL 18.239.36.90:443 dcjdc5qmbbux7.cloudfront.net tcp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 35.190.72.216:443 location.services.mozilla.com udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 24.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 90.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 216.72.190.35.in-addr.arpa udp
US 35.190.72.216:443 prod.classify-client.prod.webservices.mozgcp.net tcp
US 8.8.8.8:53 in-ftd-109.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 in-ftd-109.nl3.vip.prod.criteo.com udp
US 96.126.99.208:443 useruploads.visualwebsiteoptimizer.com tcp
US 150.171.28.10:443 ax-0001.ax-msedge.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
US 151.101.129.44:443 tls13.taboola.map.fastly.net tcp
US 34.98.67.3:443 ut.linksynergy.com tcp
NL 178.250.1.8:443 in-ftd-109.nl3.vip.prod.criteo.com tcp
US 34.98.67.3:443 ut.linksynergy.com tcp
NL 18.239.36.128:443 www.mycleanpc.co.uk tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 151.101.66.137:443 code.jquery.com tcp
US 151.101.129.229:443 jsdelivr.map.fastly.net tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.classify-client.prod.webservices.mozgcp.net udp
US 34.98.67.3:443 ut.linksynergy.com tcp
US 34.98.67.3:443 ut.linksynergy.com tcp
US 8.8.8.8:53 201.181.244.35.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 44.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 3.67.98.34.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 150.171.28.10:443 ax-0001.ax-msedge.net tcp
US 34.98.67.3:443 ut.linksynergy.com tcp
NL 178.250.1.8:443 in-ftd-109.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 150.171.28.10:443 ax-0001.ax-msedge.net tcp
US 34.98.67.3:443 ut.linksynergy.com tcp
NL 178.250.1.8:443 in-ftd-109.nl3.vip.prod.criteo.com tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 trc.taboola.com udp
DE 23.55.161.185:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
GB 142.250.200.3:443 www.google.co.uk udp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
GB 142.250.200.14:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 151.101.129.44:443 dualstack.tls13.taboola.map.fastly.net tcp
US 34.98.67.3:443 ut.linksynergy.com udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 gum.criteo.com udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 gum.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 185.161.55.23.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 www.clarity.ms udp
GB 173.194.76.156:443 stats.g.doubleclick.net tcp
GB 173.194.76.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 gbc6.fr3.eu.criteo.com udp
GB 142.250.200.14:443 redirector.gvt1.com udp
US 8.8.8.8:53 s-part-0037.t-0009.t-msedge.net udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 r4---sn-aigl6ner.gvt1.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
FR 185.235.86.178:443 gbc6.fr3.eu.criteo.com tcp
US 8.8.8.8:53 gbc6.fr3.eu.criteo.com udp
US 8.8.8.8:53 s-part-0037.t-0009.t-msedge.net udp
US 8.8.8.8:53 dnacdn.net udp
US 13.107.246.65:443 s-part-0037.t-0009.t-msedge.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 163.70.151.35:443 star-mini.c10r.facebook.com tcp
US 13.107.246.65:443 s-part-0037.t-0009.t-msedge.net tcp
GB 173.194.76.156:443 stats.g.doubleclick.net udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
GB 163.70.151.35:443 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 trc-events.taboola.com udp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 8.8.8.8:53 am-vip001.taboola.com udp
NL 141.226.228.48:443 am-vip001.taboola.com tcp
US 8.8.8.8:53 156.76.194.173.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 178.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 65.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 am-vip001.taboola.com udp
NL 185.235.87.100:443 ag.gbc.criteo.com tcp
US 8.8.8.8:53 gbc3.nl3.eu.criteo.com udp
NL 185.235.87.100:443 gbc3.nl3.eu.criteo.com tcp
US 150.171.28.10:443 ax-0001.ax-msedge.net tcp
GB 163.70.151.21:443 scontent.xx.fbcdn.net tcp
NL 18.239.36.90:443 dcjdc5qmbbux7.cloudfront.net tcp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 100.87.235.185.in-addr.arpa udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 gbc3.nl3.eu.criteo.com udp
GB 173.194.183.137:443 r4---sn-aigl6ner.gvt1.com tcp
US 8.8.8.8:53 r4.sn-aigl6ner.gvt1.com udp
US 8.8.8.8:53 r4.sn-aigl6ner.gvt1.com udp
US 8.8.8.8:53 app.ustechsupport.com udp
US 8.8.8.8:53 d1md1vsc8wjgys.cloudfront.net udp
GB 18.172.88.81:443 app.ustechsupport.com tcp
GB 173.194.183.137:443 r4.sn-aigl6ner.gvt1.com udp
US 8.8.8.8:53 d1md1vsc8wjgys.cloudfront.net udp
US 8.8.8.8:53 168.129.153.4.in-addr.arpa udp
US 8.8.8.8:53 137.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 81.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 sslwidget.criteo.com udp
NL 178.250.1.9:443 sslwidget.criteo.com tcp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
NL 178.250.1.9:443 widget.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 widget.nl3.vip.prod.criteo.com udp
US 8.8.8.8:53 widget.us.criteo.com udp
US 74.119.117.16:443 widget.us.criteo.com tcp
US 8.8.8.8:53 widget.us5.vip.prod.criteo.com udp
US 8.8.8.8:53 widget.us5.vip.prod.criteo.com udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 16.117.119.74.in-addr.arpa udp
US 8.8.8.8:53 id.google.com udp
GB 142.250.200.17:443 csp.withgoogle.com udp
GB 216.58.204.67:443 id.google.com tcp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
GB 216.58.204.67:443 id.google.com udp
US 8.8.8.8:53 www.malwarebytes.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 www.malwarebytes.com udp
US 8.8.8.8:53 233.66.0.192.in-addr.arpa udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 api.weglot.com udp
US 8.8.8.8:53 stats.wp.com udp
US 8.8.8.8:53 cdn.weglot.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
GB 79.127.237.132:443 plausible.io tcp
US 8.8.8.8:53 plausible.io udp
US 104.18.38.142:443 cdn.weglot.com tcp
US 8.8.8.8:53 api.weglot.com.cdn.cloudflare.net udp
US 172.64.149.114:443 api.weglot.com.cdn.cloudflare.net tcp
US 8.8.8.8:53 cdn.weglot.com.cdn.cloudflare.net udp
US 8.8.8.8:53 plausible.io udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 8.8.8.8:53 cdn.weglot.com.cdn.cloudflare.net udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 54.83.239.11:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 api.weglot.com udp
US 172.64.149.114:443 api.weglot.com udp
US 172.64.149.114:443 api.weglot.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 192.0.76.3:443 stats.wp.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 54.83.239.11:443 genesis.malwarebytes.com tcp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 132.237.127.79.in-addr.arpa udp
US 8.8.8.8:53 114.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 11.239.83.54.in-addr.arpa udp
US 8.8.8.8:53 api.weglot.com.cdn.cloudflare.net udp
US 104.18.38.142:443 api.weglot.com udp
US 8.8.8.8:53 genesis.malwarebytes.com udp
US 8.8.8.8:53 142.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
GB 79.127.237.132:443 plausible.io tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
GB 79.127.237.132:443 plausible.io tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:443 pixel.wp.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.38.142:443 api.weglot.com udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 192.0.76.3:443 pixel.wp.com udp
US 8.8.8.8:53 downloads.malwarebytes.com udp
GB 18.172.88.81:443 downloads.malwarebytes.com tcp
US 8.8.8.8:53 downloads.malwarebytes.com udp
US 8.8.8.8:53 downloads.malwarebytes.com udp
US 8.8.8.8:53 data-cdn.mbamupdates.com udp
GB 18.165.160.68:443 data-cdn.mbamupdates.com tcp
US 8.8.8.8:53 data-cdn.mbamupdates.com udp
US 8.8.8.8:53 data-cdn.mbamupdates.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 68.160.165.18.in-addr.arpa udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 csm.nl3.vip.prod.criteo.net udp
US 8.8.8.8:53 api2.amplitude.com udp
US 54.186.122.32:443 api2.amplitude.com tcp
NL 178.250.1.25:443 csm.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 32.122.186.54.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 4.153.129.168:443 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 ark.mwbsys.com udp
US 34.235.10.207:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 18.172.88.94:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 207.10.235.34.in-addr.arpa udp
US 34.235.10.207:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 18.172.88.52:443 cdn.mwbsys.com tcp
US 34.235.10.207:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 18.172.88.27:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 52.88.172.18.in-addr.arpa udp
US 8.8.8.8:53 27.88.172.18.in-addr.arpa udp
US 34.235.10.207:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 18.172.88.89:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 89.88.172.18.in-addr.arpa udp
US 34.235.10.207:443 ark.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 18.172.88.52:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 ipv4.am.i.mullvad.net udp
SE 45.83.223.233:443 ipv4.am.i.mullvad.net tcp
US 8.8.8.8:53 holocron.mwbsys.com udp
US 18.209.182.66:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 233.223.83.45.in-addr.arpa udp
US 18.209.182.66:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 66.182.209.18.in-addr.arpa udp
US 54.159.228.193:443 holocron.mwbsys.com tcp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 192.0.66.233:443 www.malwarebytes.com tcp
US 8.8.8.8:53 193.228.159.54.in-addr.arpa udp
US 8.8.8.8:53 crl.comodoca.com udp
US 172.64.149.23:80 crl.comodoca.com tcp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 234.193.25.184.in-addr.arpa udp
US 8.8.8.8:53 iris.mwbsys.com udp
US 3.223.246.158:443 iris.mwbsys.com tcp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 44.234.138.160:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 158.246.223.3.in-addr.arpa udp
US 8.8.8.8:53 b.clarity.ms udp
US 4.153.129.168:443 b.clarity.ms tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 160.138.234.44.in-addr.arpa udp
US 8.8.8.8:53 www.mycleanpc.co.uk udp
NL 18.239.36.49:443 www.mycleanpc.co.uk tcp
US 8.8.8.8:53 www.mycleanpc.co.uk udp
US 8.8.8.8:53 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 49.36.239.18.in-addr.arpa udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 sealserver.trustwave.com udp
US 8.8.8.8:53 realdefense.limelightcrm.com udp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.2.137:443 code.jquery.com tcp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
GB 2.18.27.136:443 sealserver.trustwave.com tcp
US 8.8.8.8:53 e128536.dscb.akamaiedge.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.199.241.20:443 realdefense.limelightcrm.com tcp
US 8.8.8.8:53 k8s-default-crmprodu-c100a423dd-152722070.us-east-1.elb.amazonaws.com udp
US 8.8.8.8:53 jsdelivr.map.fastly.net udp
US 8.8.8.8:53 k8s-default-crmprodu-c100a423dd-152722070.us-east-1.elb.amazonaws.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 150.171.28.10:443 ax-0001.ax-msedge.net tcp
GB 2.18.27.136:443 e128536.dscb.akamaiedge.net tcp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 136.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 20.241.199.34.in-addr.arpa udp
US 8.8.8.8:53 mcpi.helpverify.info udp
NL 149.210.194.253:443 mcpi.helpverify.info tcp
US 8.8.8.8:53 ssl.kaptcha.com udp
US 8.8.8.8:53 e128536.dscb.akamaiedge.net udp
US 35.80.101.90:443 ssl.kaptcha.com tcp
US 8.8.8.8:53 colle-elast-1xnsxgci0b78j-8180b06a6c06d9d4.elb.us-west-2.amazonaws.com udp
US 35.80.101.90:443 colle-elast-1xnsxgci0b78j-8180b06a6c06d9d4.elb.us-west-2.amazonaws.com tcp
US 8.8.8.8:53 colle-elast-1xnsxgci0b78j-8180b06a6c06d9d4.elb.us-west-2.amazonaws.com udp
GB 172.217.169.36:443 www.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 www.mczbf.com udp
US 8.8.8.8:53 cdn.limelightcrm.com udp
US 34.102.147.248:443 tag.rmp.rakuten.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 dcjdc5qmbbux7.cloudfront.net udp
NL 18.239.36.96:443 dcjdc5qmbbux7.cloudfront.net tcp
US 8.8.8.8:53 tls13.taboola.map.fastly.net udp
NL 18.239.36.12:443 cdn.limelightcrm.com tcp
US 8.8.8.8:53 cdn.limelightcrm.com udp
US 8.8.8.8:53 scontent.xx.fbcdn.net udp
US 8.8.8.8:53 dcjdc5qmbbux7.cloudfront.net udp
US 8.8.8.8:53 tls13.taboola.map.fastly.net udp
GB 163.70.151.21:443 scontent.xx.fbcdn.net udp
US 151.101.129.44:443 tls13.taboola.map.fastly.net tcp
US 8.8.8.8:53 demoaws.limelightcrm.com udp
US 34.192.47.42:443 demoaws.limelightcrm.com tcp
US 8.8.8.8:53 253.194.210.149.in-addr.arpa udp
US 8.8.8.8:53 90.101.80.35.in-addr.arpa udp
US 8.8.8.8:53 96.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 12.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 stun1.l.google.com udp
US 8.8.8.8:53 stun.kaptcha.com udp
US 74.125.250.129:19302 stun1.l.google.com udp
US 44.228.224.62:53 stun.kaptcha.com udp
US 8.8.8.8:53 42.47.192.34.in-addr.arpa udp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 8.8.8.8:53 62.224.228.44.in-addr.arpa udp
NL 149.210.194.253:443 mcpi.helpverify.info tcp
NL 178.250.1.8:443 in-ftd-109.nl3.vip.prod.criteo.com tcp
US 34.98.67.3:443 ut.linksynergy.com udp
US 8.8.8.8:53 trc.taboola.com udp
NL 18.239.36.96:443 dcjdc5qmbbux7.cloudfront.net tcp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 151.101.129.44:443 dualstack.tls13.taboola.map.fastly.net tcp
US 8.8.8.8:53 dualstack.tls13.taboola.map.fastly.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
GB 173.194.76.156:443 stats.g.doubleclick.net udp
GB 163.70.151.35:443 star-mini.c10r.facebook.com udp
NL 149.210.194.253:443 mcpi.helpverify.info tcp
NL 149.210.194.253:443 mcpi.helpverify.info tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 ax-0001.ax-msedge.net udp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.100:443 gbc3.nl3.eu.criteo.com tcp
FR 185.235.86.178:443 gbc6.fr3.eu.criteo.com tcp
US 8.8.8.8:53 www.mycleanpc.com udp
NL 13.227.219.123:443 www.mycleanpc.com tcp
US 8.8.8.8:53 nav.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.clarity.ms udp
NL 18.239.36.49:443 www.mycleanpc.co.uk tcp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 13.107.246.64:443 s-part-0036.t-0009.t-msedge.net tcp
US 8.8.8.8:53 s-part-0036.t-0009.t-msedge.net udp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 123.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
IE 13.74.129.1:443 c.clarity.ms tcp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 8.8.8.8:53 c-msn-com-nsatc.trafficmanager.net udp
US 8.8.8.8:53 c.bing.com udp
US 13.107.21.237:443 c.bing.com tcp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 8.8.8.8:53 dual-a-0034.a-msedge.net udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 8.8.8.8:53 sealserver.trustwave.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.2.137:443 code.jquery.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 realdefense.limelightcrm.com udp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
GB 2.18.27.136:443 sealserver.trustwave.com tcp
US 34.195.56.174:443 realdefense.limelightcrm.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com tcp
US 34.96.102.137:443 dev.visualwebsiteoptimizer.com udp
US 8.8.8.8:53 crl.securetrust.com udp
GB 2.18.27.159:80 crl.securetrust.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
NL 18.239.36.103:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 1.129.74.13.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 159.27.18.2.in-addr.arpa udp
GB 142.250.200.36:443 www.google.com tcp
US 8.8.8.8:53 bat.bing.com udp
US 150.171.27.10:443 bat.bing.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 74.125.133.156:443 stats.g.doubleclick.net tcp
US 34.102.147.248:443 tag.rmp.rakuten.com tcp
NL 18.239.36.96:443 dcjdc5qmbbux7.cloudfront.net tcp
NL 18.239.36.12:443 cdn.limelightcrm.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 8.8.8.8:53 ssl.kaptcha.com udp
US 8.8.8.8:53 cdn.taboola.com udp
BE 74.125.133.156:443 stats.g.doubleclick.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 151.101.1.44:443 cdn.taboola.com tcp
US 54.148.115.137:443 ssl.kaptcha.com tcp
US 54.148.115.137:443 ssl.kaptcha.com tcp
US 13.107.246.64:443 s-part-0036.t-0009.t-msedge.net tcp
NL 18.239.36.96:443 dcjdc5qmbbux7.cloudfront.net tcp
US 54.148.115.137:443 ssl.kaptcha.com tcp
NL 149.210.194.253:80 mcpi.helpverify.info tcp
US 8.8.8.8:53 dynamic.criteo.com udp
US 8.8.8.8:53 ut.rd.linksynergy.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 34.98.67.3:443 ut.rd.linksynergy.com tcp
NL 178.250.1.8:443 dynamic.criteo.com tcp
US 8.8.8.8:53 36.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 156.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 137.115.148.54.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 149.210.194.253:80 mcpi.helpverify.info tcp
NL 178.250.1.8:443 dynamic.criteo.com tcp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 4.153.129.168:443 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com tcp
US 4.153.129.168:443 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
NL 178.250.1.9:443 widget.nl3.vip.prod.criteo.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
N/A 224.0.0.251:5353 udp
US 44.228.224.62:53 stun.kaptcha.com udp
US 74.125.250.129:19302 stun1.l.google.com udp
US 74.119.117.16:443 widget.us5.vip.prod.criteo.com tcp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.112:443 ag.gbc.criteo.com tcp
IE 13.74.129.1:443 c.clarity.ms tcp
NL 185.235.87.221:443 gem.gbc.criteo.com tcp
US 54.148.115.137:443 ssl.kaptcha.com tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.237:443 c.bing.com tcp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 112.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 221.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 trc-events.taboola.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
NL 141.226.228.48:443 trc-events.taboola.com tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 sslwidget.criteo.com udp
NL 178.250.1.9:443 sslwidget.criteo.com tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 8.8.8.8:53 widget.us.criteo.com udp
US 74.119.117.16:443 widget.us.criteo.com tcp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 8.8.8.8:53 idsync.rlcdn.com udp
US 35.244.174.68:443 idsync.rlcdn.com udp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 8.8.8.8:53 b.clarity.ms udp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 4.153.129.168:443 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com tcp
US 8.8.8.8:53 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com udp
US 4.153.129.168:443 vmss-clarity-ingest-eus2.eastus2.cloudapp.azure.com tcp
NL 178.250.1.25:443 csm.nl3.vip.prod.criteo.net tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 34.195.26.228:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
GB 18.172.88.27:443 cdn.mwbsys.com tcp
US 8.8.8.8:53 cdn.mwbsys.com udp
US 8.8.8.8:53 228.26.195.34.in-addr.arpa udp
US 8.8.8.8:53 hubble.mb-cosmos.com udp
NL 18.238.243.16:443 hubble.mb-cosmos.com tcp
US 8.8.8.8:53 16.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 ocsp.trust-provider.com udp
US 104.18.38.233:80 ocsp.trust-provider.com tcp
US 8.8.8.8:53 crl.trust-provider.com udp
US 172.64.149.23:80 crl.trust-provider.com tcp
US 8.8.8.8:53 www.intel.com udp
GB 23.211.239.194:80 www.intel.com tcp
US 8.8.8.8:53 certificates.intel.com udp
GB 2.18.190.80:80 certificates.intel.com tcp
US 8.8.8.8:53 194.239.211.23.in-addr.arpa udp
US 8.8.8.8:53 80.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 ocsp.thawte.com udp
DE 152.199.19.74:80 ocsp.thawte.com tcp
US 8.8.8.8:53 crl.thawte.com udp
SE 192.229.221.95:80 crl.thawte.com tcp
US 8.8.8.8:53 74.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 telemetry.malwarebytes.com udp
US 44.234.138.160:443 telemetry.malwarebytes.com tcp
US 44.234.138.160:443 telemetry.malwarebytes.com tcp
US 8.8.8.8:53 sirius.mwbsys.com udp
US 34.195.26.228:443 sirius.mwbsys.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp
US 8.8.8.8:53 66.112.168.52.in-addr.arpa udp
US 104.18.38.233:80 crl.trust-provider.com tcp
US 172.64.149.23:80 crl.trust-provider.com tcp
US 104.18.38.233:80 crl.trust-provider.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 184.25.193.234:80 www.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\activity-stream.discovery_stream.json.tmp

MD5 1725fc0cded5684bd7bd89d58e201422
SHA1 4b4079ed0bd582ad8fe9ee5c86bf28eee18027bc
SHA256 9d4cee3ab59f845c6b012f5f491613c2a72fe22f525ccd5082a585f9017abb78
SHA512 9727ab151cfdc38421d7c05e23b8ee459a52159f44cc3e946483177ce20f01c83031afc40c731da34e35a3d7af890b688b1755e327ccd012dfb98a05e03053ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\b32fb5d6-0828-48a6-9e2c-a9e41ce28802

MD5 ab48402bc511023b5ed93c51a678d830
SHA1 2d8fb29751222fd41a7f48778a09e7ca4bd4d3ef
SHA256 5fe9619b9690fe7d01cf68616d97ffd12e892b31fdfedbf99f9ef529112da505
SHA512 f37030d8880649c251150d17ce90f1aa88402e4f6c28219662065b8e2a800186c5b532b34edad4405dce37d258e78293db105bf317514d8a1b7a7bc5dc75f45f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\262c0784-e1ea-458a-9179-411c23ba30a6

MD5 80367b1822b391c241c921fb50c43e61
SHA1 245f33df0461157e459c05ebda7e6b776d49bcff
SHA256 27ff23343947de92342e27dece10bf9bacf66e8057b81d56edcbf1bfeca9201a
SHA512 10e539e4716e78761d26f36dbb247e00f5a062277edef914fabc93a92df577fdd6392d93c2ef0a44e49a4e7c59421c81325c7be035f87b34a986e66b768a5cae

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\pending_pings\65c6f9be-063a-4521-9637-969353c3acb1

MD5 6283f1c8ccde9dc9ced121cab0ff8cc1
SHA1 ac2d0d3fcdfc77f22464720c833ced897326f5a5
SHA256 70f3b002b5f5ebecdf998f08b6f66f91e7173f2c6d1eb409170703b8f5342135
SHA512 86b4fbb29671237adfe0aeafd3c1c527b175eae81f9c57df9ebd37c1dac468e305abca945e7c312659ee6b55b22ae01b375b124961adaeea384c664d48960e2f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 557347f090ff961b1eef4566fbdeeb34
SHA1 a0e03a7b27d1ca184a809b3484ff3c0371cc243e
SHA256 a4a945955d524c9981aa047be52b3e528f2f2f0e32622ef795c886f3909dc2d0
SHA512 27977ba600c62236a98b28beb794096ee9f02c37d84f6f9b024d4d85798f85577e6746f2134716027d2b4cb7ef5016573e8733b56820d78a751ccff0678bff6c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 bce0280e00fb38f3261f65918f6282e0
SHA1 2eac0fc01dac55de86f75ef305cb3c05034254f2
SHA256 aa84161cad97ce27184a8cd79f17617492b51d7ada919f1de7c10d198cc4370e
SHA512 afaf2c3ed859da0e5e26217a78a4561b3d9b5fc7a07524f4c78b50f5466a6892758fac644500b0cc9c7639bb808423d8204936a77a9c3d645b1a03d947300847

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs.js

MD5 b949dbe609213f4685176cb9d587243e
SHA1 8a1e688957f293177e768b72885f44cbb8b33b0b
SHA256 415d56c22e15f23dfb9b567ab974b7716fdff04c0437af2ff1a503d06f697d90
SHA512 fe869a1a4980c1bbb591ea6df91c4a2b2099419e4037fb404ada772179384fa5f73ed77e153100e74a7b15dd15732e45abb73e087b20df3c96cd946e6fa21a35

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

MD5 f9964417a97f00a5638d3602023120eb
SHA1 f9b9cf89eccfd6ca026683d4ef792ebb8aa1cfd4
SHA256 3e4022b3672f61b319948c2027d9b4adfbcf3c396bc1cdf4fdd38f2b306402bf
SHA512 a9d560a64dfc64ccfad88937b41460ff1ac476785ffefa74f7c7518a448ab8b83cfe4130c764f2b5c7c0bea05a86b8ac0f9c155a26e7443381e9b80e38b8143e

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\doomed\17457

MD5 e3fe3e5c25dc7d93885aee80cd731b26
SHA1 8dd0ed3dd627e06ba028a477f74a39c1dffb2d89
SHA256 0303d5a48d43be5f75ac7704c042a30556ef29ad0bb1419b5b526b37f01702f1
SHA512 c106f04f1cd0cc4ca9907a0193112dcd31324acf88fcde1784a9f1181e1f2c4183c233257dee661233830660de58f254f901d686ba59ea66b02ab6ad647114a8

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Cmycleanpc.co.uk%29\cache\morgue\245\{8f34a9a2-3e11-4606-b933-f3e9c3cbbff5}.final

MD5 7fd116230491d5754c0b8b21d8aac3a4
SHA1 505c970507e1ee607f55221d72dd3c8d5c34a006
SHA256 c7e87cc66882a9f33a088046f6bccf88d71b3c746c737cd922845e4f964ddc3a
SHA512 2d782cac56b3691bb4189b85a4f2882ab30a5d23eb71e5db4aa04f27d19956cedc246213fcf66c333ce86cdd57a808a1cbebba54f885bc2e85b601d02a9c943c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 9bae7ce5fb274fc183a2be8b5631f925
SHA1 d5eef5e7733e0e17c9ef9ba7fb82c4c943e42571
SHA256 ed2bc100c77b7c055e1042acbc2470201ea639e7298797c483509e9500d81414
SHA512 d8a32bad9ad52e13e2f6c092e6f7a9af6bfa3bb903ecf4c46a5167f74c1298527a0abd3afec6409659dbc3d9fedb8bb4f8b69a29c21bb92a0dfb41fffaf073b4

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 60687bf10d87c5f58f2afc0b8e8a15c4
SHA1 7396d416c3280d94ad35e7ab7818b196bebddfed
SHA256 e94b148ab58c07454081906f6b51a21aadc47c9cab22f495b97ebad2d5c2e153
SHA512 cb6576f41766d97c542ab7c6c67aa988760a4b1f76e9d16b66c4bd1f071d179894a681fe9c2cb199c38ff7f8cf58642e2b55aee616c384910cbbc22ee8447c64

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 376b0a229c27f9560432a37cbd986334
SHA1 577a8762bceb38bf64afe10b2aec183e50e58e8f
SHA256 253b70365599fdbc9877edb8ce5aed57710b7641575d003cbba6c8aa77c994a7
SHA512 b215de1cff716b1a7711a2e2902f2d46f4edda38fb3fdae11af6281a2be3eae950891753a0a877f6c68465df8303cf8347061fe6ab235d49ba524151c51409f7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\AlternateServices.bin

MD5 050a05d707deef5ff930121693d424f3
SHA1 48e914777e548df95d929259f62e953397267fa6
SHA256 d178e842c5ae983d554326d9c85bd5418e7639e754bd0eb016c0df9f5a5f603a
SHA512 f5504452916c056f45900acd8d607ed9a3846110a0257d9f49f245bc0b12ebeba866a8d41dfd0355938cf4ef9502fdc65967794c6fb444506c05ed3917ed4ebd

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 09372174e83dbbf696ee732fd2e875bb
SHA1 ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256 c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512 b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

MD5 2a461e9eb87fd1955cea740a3444ee7a
SHA1 b10755914c713f5a4677494dbe8a686ed458c3c5
SHA256 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA512 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

MD5 842039753bf41fa5e11b3a1383061a87
SHA1 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256 d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512 d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 443a1dee0aa3e711288cf417cc7ea606
SHA1 ebab4f62b52fd36e85d8e5ab4f378994f4e22354
SHA256 b04ba9955cc12c1799ae334074353cdde26056d0e8aed9bdd0fddb5dc21931a8
SHA512 a773614c8854e171b87e4b7fa915d4296445c0753100a762d31e6518a89d779ce2f76ec7e1a94f2ac259f7fa7af32a67b1e269137f5deb3144c283edba153d02

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 d6af595de92a7c16d5608b1d4f37d49b
SHA1 dda0ffb8681e8e0fa77cf04ba6b54e66291bdf4f
SHA256 7f388546a0cdbbaf9119ef848415291e0e85b323e61a862ce12c63dee1d2e60a
SHA512 b2d1d0a15ddd2ab08047dc946e1cd530070f9f798cfac8176357914ed96437d16504e00460ae0d889d05553ed30db3c56b5254207e750714416e32bc05f8dbb8

C:\Users\Admin\Downloads\MyCleanPCInstall.usMydNEN.exe.part

MD5 50d21fecbd4a986c4ddd51acbed43532
SHA1 865c15d07ef7df1a2690a1a8c8fbb5641daa2e38
SHA256 15280db86cf430919c03bc3c162f5920d47cfb493a6a39ccf02c3c08d5eadcf4
SHA512 48e2329db5450b0acc5e0938fbebc9d2f8561da988ee93ecb36aa0eb4d6a3bf2cdf24816cbadf3a5c1be6129123d08478de53d65b4a37a9d97eb4b90205e473e

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 0a8747a2ac9ac08ae9508f36c6d75692
SHA1 b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA256 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA512 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

MD5 daf7ef3acccab478aaa7d6dc1c60f865
SHA1 f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256 bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA512 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

MD5 bf957ad58b55f64219ab3f793e374316
SHA1 a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256 bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA512 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 f30f6e5abf4be1d62495c6b382681973
SHA1 bd1b2b482a4451a9c1b91906e1925c9ff6e5078a
SHA256 4847889cbb74912811bdaf881338dea38ef22f152292168a68da89d011850f45
SHA512 612ad652fccbdd7cbd7c46892fa86d730a91007f089023707c64da61654a73ef416c071c1034e9bafb6e553666ae66424bb09bc1b1f1315331ef2756c8a8a90c

C:\Users\Admin\Downloads\MBSetup.exe

MD5 6b3b44639456a3230e3838d0d2202939
SHA1 6aa554f51497c21d684d80fdf363e23b8f1f28f2
SHA256 eedb91d5c57418231eaf086f3739353392fa83267075bc50de2cabd11db66c1f
SHA512 fab38b9b7d587aed6f2ab267cf9afa878213832b86cc00519e0cf5880072aa95516796131afe87d641fe113f2041eef52988845df15b716330de0080bf5ccfea

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 024af699e67f11319bcac68f75bbc85a
SHA1 2e32142538ca28b0be23f937c8bf9ae56b529c77
SHA256 f178f8d7336b9ad0c2a8e075fde730d1bbba768d8eb098eca827a4365257a703
SHA512 a305c7716b9a6466e0c54cac22e6f419f2f8d64e17883ee27e5d20c31d89ef83b9c94cd9faff2fde3f0a6ed6096322875c68712987358d41b3a256098f0d5199

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 64b316315cc12be8ec7a4a3e4a279d65
SHA1 ceef5e36595c6e5607ae20bd709cae44f51d5994
SHA256 6193b96032c2f7619288d359fcef99a952f01f921f4f9272c4d30c5c1701abfa
SHA512 ea2f7239157e415efaeb582ddb52bad440033e5d25e12f83073c8c7186a6236cee6e55f90bf4f607b66fd765097e775127911867680e7f7a9c182773001c229d

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

MD5 f35a6782aea69cda718cc378504db826
SHA1 5fc4028de1c51089d9f487caa02a78d4d42266fd
SHA256 20f89ddb4dd26f98ce006ae2034a87e1c2347788697e0fdb68b87c95af0b680c
SHA512 5a5dcf1ecb32addf5fa9ffbce583fbdb4714e5b87553abd57723cb1b199c54bbaf038db1a7ee1cb095b1aad878f8d17919b55cb093c4a869d7356aaf28fb3a4f

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\7z.dll

MD5 3430e2544637cebf8ba1f509ed5a27b1
SHA1 7e5bd7af223436081601413fb501b8bd20b67a1e
SHA256 bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa
SHA512 91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\storage\default\https+++www.malwarebytes.com\ls\usage

MD5 9a1c5e6fe15a3f5c952a0ce5604cddeb
SHA1 5fd1a12254267edc191e726e879db7f4bfe1d8c4
SHA256 2c3a828c6eae6528fbead6fcb7e2374b1733bfca672c9ca8674abe8016bea692
SHA512 466ca4c395b1a06e4f83f78b9b5df4cca75cc7582a5900864582e993a7ec19acc44f9757657195a5133d3a137984851c7de0e5b945190440a3b5e9552f01610b

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.33\mscordaccore_amd64_amd64_6.0.3324.36610.dll

MD5 0377b6eb6be497cdf761b7e658637263
SHA1 b8a1e82a3cb7ca0642c6b66869ee92ce90465b2a
SHA256 4b7247323c45262bbb77f0ef55c177a2211040fa77d410513a667488bf1bc882
SHA512 ff3f6f6d1535e7aab448590fdbdf60d37e64e00d4081853f201c0103d7b7918f388db5469774f32af211e0990bc103bc9ff3708fa44efd868aa312c76ea65600

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\servicepkg\MBAMService.exe

MD5 69186998f66f291690f40c3e4e3b9832
SHA1 22ea0106cd46bf4ec55dba7bc674f915017151e0
SHA256 bb088058ee2d51b7d5b146bc8d29463c2e25cdbccbc108763cd0f5f7f4eeeac9
SHA512 56bb14ac7ec4d54940efb874e922d5acf7517fdb42179c6f188c0268a646ddbea857ee33435ce43fc851593d135a3e9f222c6d4d9b0f4db17192ad0984952b31

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\dbclspkg\MBAMCoreV5.dll

MD5 5e84b24b7d4e5d5a161074da559a1b49
SHA1 c5dea018ff9ce1c9a3e0cc90d1363fff57ab10f4
SHA256 b1fdd023dd927099a2991b44f17cf2845cd70e7869c3bdb95fca52424d9a6eb1
SHA512 f962b0022e544dffb722456409e90b3046df07262f7a493188f6e17b26fd8ed16363acb89729615a01361fceea792ad640e51606443a007653c1f269aa805774

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\servicepkg\srvversion.dat

MD5 91ae66a8d2f09adcfbb1e0dc66b80478
SHA1 3fd6c4c0c05d20dca3c9e948febd93b215ee2eba
SHA256 903a82ae359f8872d54b73028eda294653ccd2d1810a2c9786456025d10e0b77
SHA512 f1bb9f991e01c2673b37249f9aec8fb9302c88f506b7ca94a198aeddbea22f3e688abfdca50952ae99de8826f39d5394e14523ef395d95cac9d7ea1a552c8385

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\Assistant.runtimeconfig.json

MD5 d94cf983fba9ab1bb8a6cb3ad4a48f50
SHA1 04855d8b7a76b7ec74633043ef9986d4500ca63c
SHA256 1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a
SHA512 09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\mbamelam.inf

MD5 c481ad4dd1d91860335787aa61177932
SHA1 81633414c5bf5832a8584fb0740bc09596b9b66d
SHA256 793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3
SHA512 d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\mbamelam.cat

MD5 60608328775d6acf03eaab38407e5b7c
SHA1 9f63644893517286753f63ad6d01bc8bfacf79b1
SHA256 3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59
SHA512 9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\mbamelam.sys

MD5 9e77c51e14fa9a323ee1635dc74ecc07
SHA1 a78bde0bd73260ce7af9cdc441af9db54d1637c2
SHA256 b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0
SHA512 a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

C:\Windows\Temp\MBInstallTemp1017deef96ce11efb229e60b6437e69c\ctlrpkg\mbae64.sys

MD5 95515708f41a7e283d6725506f56f6f2
SHA1 9afc20a19db3d2a75b6915d8d9af602c5218735e
SHA256 321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6
SHA512 d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

MD5 46f875f1fe3d6063b390e3a170c90e50
SHA1 62b901749a6e3964040f9af5ddb9a684936f6c30
SHA256 1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec
SHA512 fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll

MD5 2bbf63f1dab335f5caf431dbd4f38494
SHA1 90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0
SHA256 f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364
SHA512 ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5

C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

MD5 5d1917024b228efbeab3c696e663873e
SHA1 cec5e88c2481d323ec366c18024d61a117f01b21
SHA256 4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8
SHA512 14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat

MD5 8abff1fbf08d70c1681a9b20384dbbf9
SHA1 c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6
SHA256 9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658
SHA512 37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys

MD5 83d4fba999eb8b34047c38fabef60243
SHA1 25731b57e9968282610f337bc6d769aa26af4938
SHA256 6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c
SHA512 47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

C:\Windows\System32\CatRoot2\dberr.txt

MD5 0c88eb6e3b115909327426b28442a57c
SHA1 80f793d001c1ee4da5875becf53a49a5ecddc9df
SHA256 5c2f826989a15bdf9090d70bb568707042c0fab845d40263808b86a7aec8e964
SHA512 c29424384a6ed53488ac8341ee0996be6f03f3fa1f0f3dd62d6c2773d7ab6366d35aaa09294f12ea7e49d9a510ab36188759007efd4ac71c6144d4814e75b344

C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

MD5 7587f2270bfa12bc78851274787ed39b
SHA1 f8ee5dba0fb13ae55404a6ed433991e798d9a1d7
SHA256 0368c1ff7ee6f8007e0ed9746071e465fda7493a7cdeef745a8e8f75b508de1c
SHA512 e74277a11ec114737bdac3fea96228eb325b95a859935ee5d2fd7bd76659e2e7e4764602189e5ca6b83aab843eebb2f9ad4eba596c3a9dc0f35ea57d8613fc8a

C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

MD5 2ccb84bed084f27ca22bdd1e170a6851
SHA1 16608b35c136813bb565fe9c916cb7b01f0b20af
SHA256 a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb
SHA512 0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986

C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll

MD5 03d6455dc6934a409082bf8d2ce119d5
SHA1 995963c33a268a7ed6408c2e6de1281e52091be2
SHA256 82ca2aec64fe151efd59a838c1845111bfb9f94ff277be3afae4e3f684ef3a62
SHA512 a0ff71bc01a11c9a95c1a0186a7bbfec9c3f84d7e600d0bca877934fa5f84053627bc59bb355f53ce9e3c9e4c6a841b8f5cb7436fe7f43b63426a8a851392c6d

C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

MD5 b7e5071b317550d93258f7e1e13e7b6f
SHA1 2d08d78a5c29cf724bc523530d1a9014642bbc60
SHA256 467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064
SHA512 9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll

MD5 4542a8ef208fd61899a88f1571e5bf61
SHA1 b210f280eed1be5ecf7841a2682eecb7ea660ac6
SHA256 016026f65885b49cf87e7c15a0d4ca1f3b0aa08e7edaeaeaac53473c30e95280
SHA512 305991083f46dfb8172a8cc2b8c7bbe30edbed2801040570d8bcdc8baad9361c694624e98b2016c9d44ab6332fd6b3929f0cb190a4c9771e4cbf5b252b3fe581

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 dd15efa2293bfe9031280a7e10d46d21
SHA1 55241caa7b58763e64278aae6c3c5bb8d2f3ae35
SHA256 8b36edc3a75810f5c068643e6c7c68f48235e2e67988dddbb3661f40615c37e3
SHA512 9e5bcb6e3067921d94c1ad13dbba7f1a4e017eedd7c5183e9f97642ba5ac93d7341cb872fd39df3da4ee0e05c2426815d714b7d94aea5a88cc3bd6e8bd6700aa

C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll

MD5 68eacafc2d4837960257800fcf9e8566
SHA1 d1dde4b802a71da319aaad5de50a27ecb538229c
SHA256 d5e0c9eb4fa6daa994eede66dda650b2de03054da399fd1082cd30f58e181554
SHA512 719ad758d53e5f1f4ebeb48acb601e0f05cd2fe7bc5270eff3ed6ca40b70d9880338480f71340a0821d66cf60fa7b56cea6900a3c05e6e27ec4a78da44c91adc

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat

MD5 82c7a04fefe63e4a91e502df3ab4c89f
SHA1 afef7324a9f95241a3e1bf9dfcb32af6b85c3089
SHA256 454180a61a45df0564875dc03cfbbc351bf94125a1bcbf0f28633b015e921d54
SHA512 02943370387566156f6b0e8e07d0097e01abf103ec8963140c14b100b7ac0d62c82ed8f17d87a55d9616dd642b22fe0ea9de9f2cdf298877fcaba4ae587e037b

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 2a9c03dcd976b38b6aba4114b5d8fa6b
SHA1 050dae6ff3b6dfe999afd34f3705fbdbf3c18d1d
SHA256 a6c1f61a541830454762f1f2ec1b26ff00c276e43f1493fd4c1cbd69b0b2caa7
SHA512 cd6b791c81816e7f42938e97a530ab9094d5033b40b35d7d58e7f47f90b10c2b47bc8d1dba5a5929efceb9da97c4d2d3f325230af0fd4940236131d959639102

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 42cd552de77fd377893cbf7dae0ad0a7
SHA1 5cd727c5887846cb3f25bfd4523604d4f425cc35
SHA256 d5aa239af3e9cf0dbd4be11e1589f3941c3be375b0a081f10e79244d92b1fb9c
SHA512 e585598ae31d3d0b00d7d63fc9c0820b0a1f0368eb8755c19184a65cd23a5d6cc097b03c4c9833068bdce9d2b6d6baf42e26c6a4bbbde6c352a5d6b7ba8569b1

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 082ad7901068eb42869d08a8e0879f13
SHA1 a7f9ae4e5a6b63eb8862f2c84e1a127660e7a60a
SHA256 8187f34aa7a4515e3cf741e750574de16d16e0169d876c4fcaa9719502650b2f
SHA512 4abee71571a69dcf8d45366253676c6b03f44faa99322815f50c51fe2fe63139b341ea74468500e6414ffc283fbce78a23e532f136473831364fb577ca476170

C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll

MD5 613ab847b0d13530eeb9f2b71cc3071e
SHA1 dc9b91bb491fedb129a472e2fd84f88c20dbb54a
SHA256 fd07831fa483e399ece0acea2e534ac5b5bf6599568345c8c927721ab723fa38
SHA512 e6a7efe8b1cea7786f4efed2b49bada081e93c3f768bfe0c1294dcaf8a48c1186dca82a559ea42acd5b4be8437497f4324ba854a056c94d452002b081647f323

C:\Program Files\Malwarebytes\Anti-Malware\7z.dll

MD5 4da585f081e096a43a574f4f4167947e
SHA1 38c81c6deae0e6d35c64c060b26271413a176a49
SHA256 623e628393bc4b8131c1f4302b195429dfa67e890d3325ceaa56940660052b1b
SHA512 0fe168bf1661691dbaa103e478dd7e46b476db094bf1938bf1ad12ddb8a8f371bf611ff504d2eb3ac319862444cc64a27ebee8735aa3752aa32a399b09427243

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 55b541cf6d3c7b91577727cd98051d60
SHA1 47aaf39abb711921750807da9602d5105c17b793
SHA256 2ec0798f950f5d96ddc65259fa1d04345b6a34be2b5619d442cd8e63f21a3832
SHA512 c01a70091f24d6792c9950b0c73a2fa32d7271c98fccf862c1e20b953ddfcce37b197dacd378d5d44cde57f10242b6d0ae3b5f75eb29de43869aea91afb99049

C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll

MD5 596fd4bbb10a5ddde247cce1a9f0277c
SHA1 ee51f4fbf73bf99254d7d0c298db38b50c419a10
SHA256 e6726ffea08daba749809faf6193d7e1dd8e94b47dad67d559b86efd348746a6
SHA512 2c96669211dd3a128752a07ecf86901c09324aa1ad0de4f32871449cbb2be82a4e0d39f111fab6847a884951aa710ab8782830cfc0aa0283bd049bf23f587c01

C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll

MD5 de74fc8a4c593c624200099e3e109ffc
SHA1 cef741c140f9180eb04207f4716a9995a570b35f
SHA256 013aa4d2659ff4d20d35e5f8dc8df1098adfc00a45da63314e445a285f4e3059
SHA512 8b9a765cfdc9f7b9467259c77d702427486c7e56a07f04e843a7833ce83ba4d0adc7473a17110b17ca81c7b8f4c5e97500c2c74aad6637a3d8dfdf6ae9b11c85

C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll

MD5 13ee270968b2eaf9d45770e831412c0a
SHA1 6f4bfee0efd52db649a9378298148fd5ae5001e1
SHA256 81a28988d59a8e75b771456f61aa3029f334f2a492da70f53bd93403122e2951
SHA512 36f9339f15bd1982fe196eaf23ed879db5fdf1cc1c41683a915d1ee9718053720c9794e77d093a51adf9c20f58b2f5191abeecef41ea87746933c845be48bcde

C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll

MD5 fb9c35407e43d6ca5f90f2be3f0fe5cd
SHA1 013df7745c4e33396874e281f4333ac47aece0f1
SHA256 7d04f2535381c73572728cb3689d72c8ae57825298775e1ddaef3dee4d12f570
SHA512 1a2c0f23fbd280ded6f43e7ba3495710c60c94b82528d0aa28372be80d97ba961d4028872a64edb56dd6c65099e408e6d9d1a015afc012f4428b2db13230701d

C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll

MD5 f802ae578c7837e45a8bbdca7e957496
SHA1 38754970ba2ef287b6fdf79827795b947a9b6b4d
SHA256 5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b
SHA512 9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll

MD5 8345900e9e0ecd0e276b3543e84e2c91
SHA1 ab794b8f15b4246273ed73a7a1c6e6f9fbdec7a7
SHA256 a2ae9a2c50d010db80370cb85f88119c67e2f6a1ff2ab47e951a5debf7625191
SHA512 dc056416407975a024efb52991ee7e50d2b0e0771ee2e8b90bbdb9e5d4985fd463af47a8d771eba369643e16bc312296208087104e134979af8df7d0cb1cb562

C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll

MD5 b2b2316bc3f8b743b64dd62497f97586
SHA1 db6a1ac369fb1bd0fef76953a0dea86411077e5f
SHA256 7c254536d5af66d1fa7e621c0f9dd5e1a5c5c2ca2799840be8a58a27ade8cb3f
SHA512 f2f6b9071123b7cb9bb0bcd859039ab97089ef6af03dae0f3095b5ef24f15d7540f607e8327918ab3f58ab9d3cea5cb8881b28c2d1f03f3579a47603cd7fc8b1

C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll

MD5 436401663703228e60a399498dcb5576
SHA1 030662340dba2101aaf9275a5058ad818a80d204
SHA256 10ea6f901a3adb9300081ce25e99c4be9318208e6b69d726ff04d9d42b3b97c8
SHA512 a7c74a31433fccc6ce3c903e57c562c8d9ffadf325d85fc9d82291bf751bde82966fc1eb3c20d7863e3a1686bc8ee30611bcb40de704a60b151486a1910de519

C:\Windows\System32\CatRoot2\dberr.txt

MD5 35013b0034ea049521fb966149ba7141
SHA1 a1d7f2da39711a853860896646e77a7fef2dc944
SHA256 4e8d1921977eb2502869964303d3dd30f13102eaa54e68115ced8a51ad009c26
SHA512 0db66c620d8a06a1f505268c4a4a1102662382db1659ee6d2f02de7de0c3ae95370fd80b2a8ef71eda2e92833aa85d341ae70059532dc857fb00dc321f60c395

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

MD5 246a1d7980f7d45c2456574ec3f32cbe
SHA1 c5fad4598c3698fdaa4aa42a74fb8fa170ffe413
SHA256 45948a1715f0420c66a22518a1a45a0f20463b342ce05d36c18b8c53b4d78147
SHA512 265e6da7c9eede8ea61f204b3524893cf9bd1ed11b338eb95c4a841428927cccbed02b7d8757a4153ce02863e8be830ea744981f800351b1e383e71ddaad36ad

C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLLShim.dll

MD5 20428ef660d0b7de652cd7b03d0a2a5e
SHA1 2ec86483f33773d7117473da2718db693a6107bf
SHA256 2d424a3a4571993ecd6d4e1d5f5c9f77c595a5e89a0da7ddffb002c6ed13c074
SHA512 5696eb6f1a432e5d787574bc9b4c3a15e25690f86e6ebfc869e449ed35d99509d4b5dd6fa993886ae43e722fb9ddeaa8e5ec9372de0f0747931e8485b4b7581c

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf

MD5 d87c2f68057611e687bdb8cc6ebea5b8
SHA1 27b1311d3b199e4c22772fa1b7ea556805775d37
SHA256 ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8
SHA512 4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819

C:\Program Files\Malwarebytes\Anti-Malware\BrowserSDKDLL.dll

MD5 956b145931bec84ebc422b5d1d333c49
SHA1 9264cc2ae8c856f84f1d0888f67aea01cdc3e056
SHA256 c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3
SHA512 fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat

MD5 ddb20ff5524a3a22a0eb1f3e863991a7
SHA1 260fbc1f268d426d46f3629e250c2afd0518ed24
SHA256 5fc1d0838af2d7f4030e160f6a548b10bf5ca03ea60ec55a09a9adbbb056639a
SHA512 7c6970e35395663f97e96d5bf7639a082e111fa368f22000d649da7a9c81c285ee84b6cf63a4fccb0990e5586e70e1b9efc15cf5e4d40946736ca51ec256e953

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 1f7a15881b7f5ce6c906adef7a261ac3
SHA1 e473ad4ac3836e85f8bba0f5b32fc58221bee38a
SHA256 1bf703567dce84a96a36aa80de025e9c203f84ca89d6c362b4c62bde3f7dca3f
SHA512 dabc68edf1089d55d19d9faa521bc2da2e6ee98dd700286f5e08a06e5dab81731e409e0608cf0c4f4e958ca95d4dcb70e5198157ad65174fed3263c3d6be2d6f

C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionShim.dll

MD5 bee8c8476542ed613477c4585ec29130
SHA1 bd013e1d546070417c7864f828cafb1d02a6fbfa
SHA256 7fef24c811bf3482beff312aedb10a3805ea3a25c54291d176add2762fcbb534
SHA512 6901a58f6527f58fc754e97b0596363c54f2f0543fabeb9464013ddbb2d6fe5e6e51355eae2a7c2869b22e8584227aa036c3ef74562f6171dc6326295b818dd8

C:\Program Files\Malwarebytes\Anti-Malware\SelfProtectionSdk.dll

MD5 1580cdf9c0a5914a652eb990a36058ec
SHA1 0e0eba4c2d17728cc3da2d34356d87b60777aa21
SHA256 22d179176a9adab7cdeffda3f568ef3ec47c93adc21331f033de919a48c45d2a
SHA512 f343cbfa84dc2812d4a6a1eefece4d0361c6720a741f5692c79261a8e70f931f0360016e90756ddd37dcf16803b7bab901b5460bd8689a6ab02fd4e9114e13b5

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 cd31d09af8f67110f68e0051b360ac91
SHA1 dca7483242e76390c2ad7d75aea195aa13548066
SHA256 8ebb9d84f7656f091cb4ef1cd074b45a2b78644b1ca1e6c95e6efc5795964e48
SHA512 730251b3a7361ced97fb721b680711264f6f075d60c63268a0b28e598cd27fc05dac3987bd8206df68f6ad1296c71a0fd6959b2638564f2e1820401359051846

C:\Windows\System32\catroot2\dberr.txt

MD5 d0608a5086e7b65461f9d60895c66fe8
SHA1 41285e321188241d0b4c24c37852ee4b6ece7b19
SHA256 5e43fb375c28794db33d08ca05110280537c47ac5bc02f4753b7acdd54072b3a
SHA512 465a1ddea1481709cd1e4a48260ca9e9eeee89e2f708ec5a703af44719766aac005fc52af2ee559d6c23e5d62f099b6d5d019d40abda1a40cb88a552719edb51

C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll

MD5 3f58f7487648ed971844dff6d46aaf4d
SHA1 a54f535a3c4f522411d5e811d7bf055a8f3c2a45
SHA256 bc4fc265178e831d145d22e5438c3ac7de7b2282d15511463ef5d462b9609a1c
SHA512 b48e4763367bf010500e5bce6a897a938020c334c3493369306f32586068d3a4556854f042c7b3f95412140efc9ba0331f7fa02c29a5906bd5aa7e300fe7dae9

C:\Program Files\Malwarebytes\Anti-Malware\MWACControllerImpl.dll

MD5 1a69c068355d67c35dcbe4d578c810e5
SHA1 31711077a8514fadd444e9eaea5d1f42c22376e8
SHA256 fa2f78e7be5e92d6eaaca83fde2e59ca1aae16f303a6762b0daa207f498cd5c6
SHA512 21f41a2982603b01c5c0ddf2cf23e0c7ed7f9181ebd0c53c6753d0161c10f7e77102ac9fab9429bf38f979fa45644b76afe0bb168803fa546ebc4c0d611d8bc5

C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

MD5 9e4d637bb7a3d776d02615ae2d94d9b4
SHA1 a0723ef7ba0a8ab12b32d5a2b60b5349f05e6301
SHA256 3135494c0bdc9011b0738b2c71a7315c9cfc7d7669648b5ab4224b99b65cc704
SHA512 037ab959859862c21db55661575819a3cda85670cfd158f88ae353256c7911758e8d5e3cc4e3a3a5a72ea381a147d231d1b6bf0177a1365bd742ca7c74d3157f

C:\Program Files\Malwarebytes\Anti-Malware\ArwControllerImpl.dll

MD5 bfec4212cd9d9bd65e580107c1c4db61
SHA1 a165134db4ee3f89f107d8cf47571a528adb4fb7
SHA256 ca16aed04d4f1d61b0d9aa3d3dc6c21c2ec3ffa344dfedb1fc43e67874d65bc0
SHA512 4081dcfa2168c89e516d8441c9ff7cb05e84a8c85bde20b474534cfc1ec4d1c775f6f47586b3ae618b1a122da956292c0d97b2374b685ea4bfaa2edc3c82481e

C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll

MD5 1c642981c51b453a380c7fbc9e192b3f
SHA1 e1ae062f6490868978bb42b25107a0aa71bf4e21
SHA256 cc4a09428b52cddf7119e0eb6abd4fcf11002c7d2f9cff143dce9e20acdd4d1c
SHA512 96161a812c7138d703b52b7cfad4ac44f6de8053750d3f5fa288b5bd7cc34ed7fefa37a94f353914a1f2d8aff3a41921337464ce65f19733e7cf4bb3533bc307

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 5af4ae910020c308d7bc4d247c412369
SHA1 08087f3e9eca60ca2961d30ad60f9229236ebf44
SHA256 ecaf60a6358081c1875cb1ebd1d091761038f6e5791ce3aede4baffeb877745c
SHA512 b7db3c0727a40bc438aa6732605a166e6aa5c8cfdd597ac7687fa4f6f684607efe4c34eefde0b30eaf4c3539f80f733f494b84c7e7f87e647b9b3e5c38c55fda

C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll

MD5 d1da59eef448073ca44a777acd92cce3
SHA1 6c10f420b0bfc54145968b1d8a7b70d637d56fb4
SHA256 6d6debf90a89c17ce1df55f643fc5b02aafa8401e9ccc7a6c4cab22273f95afe
SHA512 f405ce630f6235f23304855d65abee861bc16b0da6609ca58ef714d91d58b358b02c8b369f7f298488a8fd2e54267cf7182cfc8d65a7e70a6b6f2695a15a6005

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 29568d8e932915f8f75bd0c2e075e526
SHA1 6f1fc0f8e5744b971cb4c6af91bcf50070e95ffc
SHA256 a52eaacd9a965d9214bc76f6cf58d8dfa996148d916fbf2aad5d3021fd8e8c5e
SHA512 64ceeb671b73eefbec638f0e7f1cb3f7b3c52bb87f1db6b30d13b0335daa09ea56ec34a765839ad813ce97d6dc5bf0a5b3b8b786d3f3bb466a3ac4cf32cafbde

C:\Program Files\Malwarebytes\Anti-Malware\VPNControllerImpl.dll

MD5 3923c49849130bf71236227c4eba641f
SHA1 696a86e92cf9362be5c22bf23b1dd49c1a86f2f7
SHA256 d66c64333af2205960b7f13690dab4ad64954c08f7e4bdd906a784913f263f75
SHA512 ec8a9b2e485a7696e7fe54caa5ab0f229464f0e67d1710e2839889f0dd1e12ccc0f87e03612e7505796c4dfce5167db10d18689df37bb6700cb46a3966e7c414

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 7b80a3b44c6747fce04dce879e8cb068
SHA1 a213d28753db7ed1d7dcc45b9af387ac8b726b26
SHA256 6a62f376c4d2a50153d2082b640092b7e186adeb73faa24749439621f4d6cf35
SHA512 3014236105405d292d46f5403a9d2092ea0d3ba4cf3d07230ed539f28b43bef6edf9f6adf1ccc6fb6a438892e707a7be153076bdbbcef9d03c9659fbfe54bb86

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 f8ca4d3357c1c87239b4253ea9f9f1bd
SHA1 8d06bf6840a1a08b0fb35b58b37883bb0a36f5bf
SHA256 00e01ef9f32b77aeabfd9a2579674b2598d375059366cc617e91d028c06dfe2f
SHA512 8a7ffdc39377393341f157521f92917ba5a6b76acba7ddf2f2c6d2dfaaf9442de7c3e8087024ebd12c229f4d783c47d5949ee2af33ca3c8e584353a7f9ddb457

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 703a133350b5e46f863dc4d1b9af1b37
SHA1 1b2b265bc6e9a68826b1ab1c1fbd86fb057c4f24
SHA256 4528b1d1eead17e4286c36a1a014f5b247a67bb450dab036db998d8ea7840dcf
SHA512 5a53af0bdb76057e6d63b2c56774747d2a21d8396f308e457ac97a91aaa027734aa94ef824f8d24febd438e77f62464593eb8dcaf6be11848bc0b23bc2f8bfe0

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 dc8e3791b58239139ab0cabb5a9367b6
SHA1 58ee444e7dcc14e4661f3f44033011a6df8cdd29
SHA256 c670f355cfd2fab60c1261711bf9d1e1ba61b130ea919d371e49d0197b3710a5
SHA512 5843da0e5292533ab98bfd14a72ab135d1b294363d321c3d9cbfd2123bfedf78a85e84b020b1ea54c77488b654cb63c6e8aeb417fd9836878ddd53f28845781b

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

MD5 355347a81fd2ac2e10fa7780743683b5
SHA1 9c56cb229a882d07666bca4dfd75e5a26f4ce7cc
SHA256 b76c1d3d3b05d53082fd615214d14d6da55cb5455ca0ec4869c15e5af88983de
SHA512 e9839ac8ccc4168a0e743d1b47aac4b4a37a80c24a13b35c9a258db818544809b92d1cbc624381eab8bb4f47360e3ed2ac68933c26858992de5b1c6a0cc20863

C:\Program Files\Malwarebytes\Anti-Malware\MwacLib.dll

MD5 f2a00f479e7d57237748e5d1c47ac85e
SHA1 307d7eff875266384f41eca5cea1b9a99bba2001
SHA256 d9b4e7e4bb64bfa9e0ae8900636673dff92b29006ecbab64039a6bc595e40119
SHA512 e49ca60c7395f6de1a535d065aa58bf09341488156b2b74a67292b340e8d66a49883e36a712f31f281552198cd961da09f77b088a730c0351a797714a0612988

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

MD5 5a9717e1385703e8f06b27aa10a69e87
SHA1 84ee67a9167b5eb6560711b9871de98898ad07a5
SHA256 47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4
SHA512 dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

C:\Program Files\Malwarebytes\Anti-Malware\arwlib.dll

MD5 5823950fb8fe9104f44b6694a5f3b22c
SHA1 2de982739bf16a6a1e9a3cc46197cb4cd49b0e14
SHA256 1637d3ae1ffe69d65d33a8cba07b77fd6fc95a8b79c8fee7a1c2aedc22964de7
SHA512 f58910911898d027007b525a6c66563e637837bd414971aad1af8c64d3be2263981fc12bf14cc9d48fa15520441f3a2a09f3f9703c32aca6a87cab54f7fd8ee4

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 f92086f9a166cdfcf11a938136a60b16
SHA1 d1ed56c74f9be1c93cedf7d9d6b1b67f772f494b
SHA256 d36ceb2edaace3d5a6cf17400b3bc8b9503c82e85e7daa4e1d08882c46791787
SHA512 5b9e22b305c8c17f2c2b84521c127192708debb65cd822faff6d540fa8df61879e3b2458b3d818431cd44f9a95dd79057f848283040df226f3b9c7fb245c3a9e

C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll

MD5 53197ed09b70fff3cc99f70c2f6a7b59
SHA1 e88498913a92c2ff798f67fe02d047f8f60c9165
SHA256 03907f55e9a86cc402f1824dd6399b39877b20763dd0d5f69a98d106565dfc6f
SHA512 0400f96e94d7846f0517c186308db56413ec840646c6af733fb27711dd3108e8777b3a4c226b22a9fa5ca686336e286b8515e29828718d47f7623f3590b144c7

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 5624d4ed5fdbc6fecd26d72a059ae402
SHA1 44e128a7693da8ec3984a84c10c6383ee9a68439
SHA256 de22d0ff3b18cc6fdcf3d6397f64a7f3cb35358f0366ce18d69654e1f85d8227
SHA512 6966f0a2cbae0ebc9eb2aa135e9c4e554875e3370ad233f838798430de27bd45c1ffdcda5290424c39bc4131f6b5cc64295aea8ecac05a37a1d43e645f134e82

C:\Program Files\Malwarebytes\Anti-Malware\mbcut.dll

MD5 2ee361fff2dc3bf58f7b5841c56d0253
SHA1 4a33a8b9a2d227280da51e5f4fdc7b48fb5295fe
SHA256 84dfee39a405b946ec966f7e3ab8fa65323d14fe5bba11ee2f8dbd22449bda79
SHA512 f2e74533fc7e827250a6232120a8bca111410a2b2251982badbdb647e1597a87aeb93cf294bd50fbfec57484fe349c8f1a2155ef9402402226b827ef09e76ddb

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf

MD5 358bb9bf66f2e514310dc22e4e3a4dc5
SHA1 87bfc1398e6756273eee909a0dfb4ef18b38d17c
SHA256 ff51780a5a854b2c18f71ae426cb066a13723ef6155e24f4910137c9e8dfdc17
SHA512 301ec5ec5c0813951843011f2204924240235494999136ea30a557cbf58146fc6043a8866b344fa7deb927d7c83d44e2aaf45adca7d221aba5d36715b9a63e09

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

MD5 954e9bf0db3b70d3703e27acff48603d
SHA1 d475a42100f6bb2264df727f859d83c72829f48b
SHA256 8f7ae468dba822a4968edbd0a732b806e453caaff28a73510f90cb5e40c4958a
SHA512 0e367ce106820d76994e7a8221aaaab76fda21d40aede17a8fe7dedaca8f691b345b95cf7333eb348419bc5f8ea8618949783717100b38ed92544b9199f847f0

memory/952-4385-0x0000029B40D30000-0x0000029B41196000-memory.dmp

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

MD5 e23fa7f3048a66d3e026c7548b947c17
SHA1 2f5a4eb5c1ca2ae25720161990b0c4ad45688c5b
SHA256 2f4f62af11a4b3a93c608cf0341807e52e1ec24ff7e415e1c9688b3fa2791444
SHA512 769efdb81be395b0ea3bd7f9aa2570de897885218af790070fd5b5dd250f9e2dc9944a26c397ab7e2da6e6d5d534606bf5b41073bc1b741f9e4cf396b0ddd62a

C:\Program Files\Malwarebytes\Anti-Malware\hostfxr.dll

MD5 cd89cc7be4bbfc4680eac9269edaa4a2
SHA1 1112c90fdd13c38fdfa4d62067bd083961b421cd
SHA256 7076214afac35aeda7b7464a40d5c4886109547e68f0c08d7c36bce2d74bc0c2
SHA512 7db06dcc95017e7f164f1899ff3a976b5bf2747f85d9b4b180bcd6f1cb5ce6324fc3f7a640977039fe1f6b31e3ca6b734cbd690ed5fad3eb812eb01896c91516

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\hostpolicy.dll

MD5 e49d9307815dc9f22de01572c118245c
SHA1 e2f9e332b333659f62ce798adcc084e1b3b93fdc
SHA256 b394eb7eb14e8801ba6d94944207b9753a540e28b4e0bc19057380293f991827
SHA512 12fdce39d4501044c483fb302efdbabc10ffed3d9a71d88c009ef353261de35b08d86597a3b99508a6dc787dcb006140329e11020fa21f23faf845ee725fd2f1

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\coreclr.dll

MD5 af75fe271bb0eaadafc0485bc64c7250
SHA1 da6cf1c01a18cf458ab10efda72258285e3276a1
SHA256 8aa0565df661c88a65c10d8b2d9cd7d198c48435218491c8a345102d82401cae
SHA512 23a39814b9ab89eba1849d34c7b915aec6fa8f8d0d2a7647f4486627d2b6c65bf5c1640a6fe8ab1d622bf9fe8cde1db607dbc6ac7349d9791076dcf2f238d21c

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Private.CoreLib.dll

MD5 6dbad223dbfbfa51c8a181d011d8fe38
SHA1 063ac8af53e169bc3350fd5c7dbce900d30d1d24
SHA256 1dacec838cec88c43b929d4d4f25fc57d653076eb5554f441525b8940dc6d5b4
SHA512 30dc8627cee7a85d0d48fcc0d6ac8e2929fd90c973e9e7fbba0ee9dabc6e1ac98b1b93a0100848874f410c08bc681bda1f45dbad1959696a0e7336bc858e89ff

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\clrjit.dll

MD5 96b03da61eab9566ab743ee8f4663775
SHA1 0a30d4deb860d673480e57664f2f3ded51a29317
SHA256 bef3b8c473dad95ffb33d4514e50c829c11dca5d5868c766deb7004463337b9e
SHA512 ffbfa8731c73807bf61335eb396e4cce58ca4884715600ca9dd6f7f0f0be48be76516aae810e3b02b58cf0a18b66808b0c305e954bb6273eed2681b88d9873b9

C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.dll

MD5 1d21df07c00ab145efffde32580a0b17
SHA1 0b1280b6085120699dd92b471e15e96de17d00f5
SHA256 68a52402a5023ee6bdee08b263e0337473d2be0b6076426132a111259a37965c
SHA512 f72959cace9f99065185f2bd9bf28cda1dd223d536e291b1818d8a96bc2977ac690ef466db3e53602e995e422f2bf2e3f44800837947e3b3fa1ce4a3976898bd

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\WindowsBase.dll

MD5 75eced36e5f3369a554bde0c58a79a43
SHA1 01318560ba243e9eed46a0de7a73685f422e8b59
SHA256 3f595d2084d12420098ee214d84a227becbb9b7cef86debec1658e7c57b60073
SHA512 5a94122a144a467e6e136f12a00b94f70fbbe78a9eaab9c4f0d8d38dcf1dcd4c3e7bdcf417e55c3d3b74ae14d93a832056861956eee82eee29a5e0845fac7bb9

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\System.Xaml.dll

MD5 fb1edbbc00baa9686d540bd028bb88e5
SHA1 5ee1794790a788283894e2453bc8ea185d684683
SHA256 cc4265de9e9d55f396bf54937f297a13c25b2c96eb70e920602f5fdfaffe5930
SHA512 302a714da81d048f12c563e44fc1efee6ebe8b367270ec4ce7a9a3caee51dc46c1333ff9212f048c53bc0f8757b3e79cbb25e6e79177f8efec00715df974742b

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.WindowsDesktop.App\6.0.33\PresentationFramework.dll

MD5 16a58c122f252ef45fc5c978ad2df76c
SHA1 3ea579d718db1773f52ec3a7fbfa6e400814f828
SHA256 5c19b4a1bc7cf90647cb791cc73424af8017b60df72cb013d8a0dcc3de380222
SHA512 d2b322e1e657aac8d4d8c7e3fb1f5a167b587f3a5c654878e8fd4e7e474cc6610bb0651bae4c041b5f89226b116e221df073cb9fa35cba27ec601180202147f5

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.ComponentModel.Primitives.dll

MD5 06b531d85669967a7ddb906cc13fc85e
SHA1 1e0df2633d9dfcf3550541beaaa8b0837a5b1693
SHA256 cd437e927dccb2083268fa48d179a4b50863769c04f9e61ffcba0bc8b16f1c4f
SHA512 39fee2dd60925d7479de7b170fe9dd67a656b99299908a0d91cb7d91a4494bcebfdc4e61cd1047e62cba4db7b204dd9ba05a891bbd4bbb869eb7e5a9a00800e5

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Threading.dll

MD5 3429b717fc27f250f874bea622b4e03b
SHA1 8caab76db001110d765d37850b6b8fa2d02cf01e
SHA256 be6e0369d53f3d3898d94bb98951b71e820b4a01709b0ad980f3740a77d12fd4
SHA512 489ec41315375460e4c499bca4d601633357b6f57eab9084e5005fe410f4fe6a2cbc40a164dcb0865d3d5f22b38aa2208f1e050189babc4affba51364a67f65f

C:\Program Files\Malwarebytes\Anti-Malware\shared\Microsoft.NETCore.App\6.0.33\System.Collections.dll

MD5 b4db6917e597c76ff49644d53225e30b
SHA1 0e8bd02cc04f4c7211f8691bd5de0fd1a7d42910
SHA256 5402cdf9ac94afd8d6ea1a96d6aeb0fb700f1a2e3768ec00d5bcc1f911cd728e
SHA512 041c106d52a0978921ba60a4ce1176afbb816b3b078852d8b5bf0f4fd01f29af5eebe5a68c0e308dcc2a7c9d2cc774cdca92e6e3998eac467f80d7af4268d85e

C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat

MD5 1c69ac8db00c3cae244dd8e0ac5c880e
SHA1 9c059298d09e63897a06d0d161048bdadfa4c28a
SHA256 02d57ac673352e642f111c71edbb18b9546b0b29f6c6e948e7f1c59bd4c36410
SHA512 d2ec2ff9fea86d7074998c53913373c05b84ddd8aa277f6e7cda5a4dfffd03273d271595a2f0bf432b891775bdd2e8f984c733998411cfc71aff2255511b29c9

C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

MD5 e5bd295850b593f6d7cbd8bbe59e71df
SHA1 c922df2483c7cefbed91b221299c0adb6e5a7db2
SHA256 70cb5eb4c7f600a56e6409f58cf02de1aa2883a33063d89a68f54f28c2209ce7
SHA512 8ff8342df8cbb255c741c42bc14c45309835f74eac8e4a498fd109b10664b788c6f573db709faeae1a781cdec4579691ec309fa66e5656a681ff9adcff3c2b60

memory/952-4507-0x0000029B40D30000-0x0000029B41196000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\2A5A6024F71CC116A65ED2CFA43B5CE84FDBAED7

MD5 05a415b9f6a58d8d465185c62ee3aa47
SHA1 557f821dc044b84f83d173e044e5d8a08e169c65
SHA256 29b810416cc67a748d291deac6e748f69bdcdb68f0bc7aa66a49f6baf81fede3
SHA512 d68dca91dc0d482cb5ff768c96988705413ea7ecfe5fc36841f584ff5a545be4ba5bd7c35bb649c64742b379a5155663ef10ddd067013b8484121a5914f2a03b

C:\Users\Admin\AppData\Roaming\MyCleanPC\MyCleanPC 4.2.3\install\A1E6143\MyCleanPC.msi

MD5 fcb1dc34831a8823d4109df926eeaab6
SHA1 933922eae9a7dd85437674a5b539146ac64e7ac4
SHA256 ba5c35fde93faedadae1d3ead7978353c7cff647ec66499a7ec12c9cbdfe368e
SHA512 ea41b2f98309d7e48b2c9afb184b86a438bdc6207976e3bc0b158553da4e489e088e9f77f4935aad42b1dee38404c85c329ddb3e3289b51d85817f00201ac634

C:\Users\Admin\AppData\Local\Temp\MSIA8EB.tmp

MD5 421643ee7bb89e6df092bc4b18a40ff8
SHA1 e801582a6dd358060a699c9c5cde31cd07ee49ab
SHA256 d6b89fd5a95071e7b144d8bedcb09b694e9cd14bfbfafb782b17cf8413eac6da
SHA512 d59c4ec7690e535da84f94bef2be7f94d6bfd0b2908fa9a67d0897abe8a2825fd52354c495ea1a7f133f727c2ee356869cc80bacf5557864d535a72d8c396023

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_8024\Installer2.jpg

MD5 ad149d1655b65e0d99c1c216e424e1af
SHA1 b805c3acc59b53db1571b4b8be1c240362310f73
SHA256 534d9f3c6f152a818ced853237c3e73e4aebd1eeeaaeaa22b9c619b74839bdcb
SHA512 f8e00c025559adbbd0091623f5cd3117c8d7c6515c8c743749fa3d7d575cabbf59d4fc19ef91d94ea559ef031e14a15f94df5dd7eaac6e91e0f012cae3fc2458

memory/952-4635-0x0000029B40D30000-0x0000029B41196000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_8024\Installer1.jpg

MD5 f0f3f0416111674e3944e152cdc0615a
SHA1 07fb63a61b7b3aa2d33d4e502d1eee2713ab13dc
SHA256 34829461f5d26d16aa53181b814d5839312b3423e4ac7ad9a200c287b176f410
SHA512 c841f01ad115756b0eb3c607caaebb6bce61de66b800a3dc81fad76138443f6f0c6fb8148cd16ad0438f5581397c4eaf5312452a4fccef262151d59830feb369

C:\Users\Admin\AppData\Local\Temp\MSIB00D.tmp

MD5 a67acb81551a030e01cda17fa4732580
SHA1 9f6b54919ee967fddf20e74714049b8c13640083
SHA256 107fd7ee1eaf17c27b4ed25990acace2cb51f8d39f4dfc8ef5a3df03d02e1d34
SHA512 30cc0870797220e23af40d5f50a9ce823c1120fba821ff15e057587c2a91c7247058e9a8479088047b9dc908c5176793e6f3ccd066da30bd80e1179649b2f346

C:\Windows\Installer\MSIB333.tmp

MD5 b1ca6f0d6edb2a6c4246261957098518
SHA1 13e0ef50ffadf6c5a00884c7146d653b1b0f7022
SHA256 78035b1d13620a8d68c96a3da5ead38963054fe26aa85e07f820db4a680b0404
SHA512 f6b0093d0319fc823f1f66da0ba312c69ad19cd50e8bb32edc5e1bd6b20d5a7ce3f09cea6b9fb505a90ac60848698e1c92495ba075c351bd6aa260ec92f27ee3

memory/7056-4714-0x00000000006C0000-0x00000000006CC000-memory.dmp

memory/7056-4715-0x00000000029B0000-0x00000000029D0000-memory.dmp

C:\Config.Msi\e59b0db.rbs

MD5 26a535952f56a7c7e4ec1194885ee2f1
SHA1 120030ff2c664629297fcb1ac544ff98271c9eee
SHA256 61254c828fd24dc6e0acf344fd93c150d63e327716c1669f485b5bb04d0404c0
SHA512 b1537eddd15cc6b11e217c79f2fe15a53e66c5eaebce6aaa8f5d095b15b5f3da7353fb0442627df3d60439a9856766bfd16c4ed59abaca95af78f49c3e8c4b30

C:\Config.Msi\e59b0d9.rbs

MD5 a90958c327e269e16d55bae72287e410
SHA1 1c2b1189c410fb453beeac9df9f8dba6231a2771
SHA256 d100b24da3f69cf7d653b2f6186309ecb6988e762dc77c2fb8fbbb0976fac8f6
SHA512 a3724e14aeaf333a86a22f7099d02af2e5fc698c39fafcc856a889629ac8859e01ec2d3fbc43bef53d85f51cad5ce817ce7d34987095493f9521dae05238c408

memory/7524-4782-0x0000000005E20000-0x00000000063C6000-memory.dmp

memory/7532-4781-0x0000000005520000-0x0000000005586000-memory.dmp

memory/7524-4783-0x0000000005970000-0x0000000005A02000-memory.dmp

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\5E1B6B38B8A87867DE1204A5C4B6DB8D28E8F74A

MD5 21027284783a063c0273e61df4c15300
SHA1 5c8f845367383cec4c6ecedc868954de22389765
SHA256 b56acbdc689fea03b63e6ffc04c1cd3626b77277d8500f179f5b1ca9aafdc2a4
SHA512 1db145e29d5b92851f7a6a875320cc21c5a651cda608e768c0abd45b4937f7dc18e680c62ac4f8b65f5d43ce7302b4ae0ec31a6a31429ddc98d415c9e8f9b73a

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mfuo34j5.default-release\cache2\entries\74D25E73FDEEC4E4488589D16B1054B5649F9243

MD5 6e3c1fe2558cb59eac2436a55d00157b
SHA1 7176093b02085426d0baf558bedd5e57949c562d
SHA256 7e46cd682f16a172174882c567fd66fc4363f863b6d2d4454184414af191ed82
SHA512 8247bd39878f5677d168acbbdaf164b15c51ac74d377a844e945fcbebf831917dfdd94915b2eead30eb92d5b4c56fc640e5452e4fb75d5b2cbf2e2f0f0d5d302

memory/8012-4807-0x0000000000CC0000-0x0000000000FDC000-memory.dmp

memory/8012-4813-0x00000000074E0000-0x0000000007772000-memory.dmp

C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\user.config

MD5 b0a634be28679f5cca32c9af816161bf
SHA1 e78f68c907994cfcea7904044fe767e373af8e3a
SHA256 4e5f6dfc6a6474b98eb6a74ca1eab751b589ad6e70cae871127e1206011676f2
SHA512 28869d8f92178af0fd89ab92853fd8e8870e369772d155c10d0f43c5a85c0de2ff164d89a13c8c9a788a3b0ade14ffb13b29ff42ef1e83ff4abc49c08f365cd4

C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\b2lwop2c.newcfg

MD5 1b8a7238a216cd9c46c687f6de0dd95e
SHA1 1cfe3f569c4694f955db477c78f42247d307857c
SHA256 9881e1a7179c6a20c26b47a1ee76f6596727a864587de732f40efbe6ffb93452
SHA512 e618c5919ac08a8db594231bd016ad4768c2b77f909e87a9cd7ff05df821bb14fbb8249d0ce5fd14b653d0e6802ccbf904f5fab8de58cec5c9fca0824b1a6a67

memory/8012-4827-0x0000000006180000-0x000000000618A000-memory.dmp

C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\hnthiz5l.newcfg

MD5 448809b97eb40520028f606ca92a242e
SHA1 ac29f231955f6bcca0559e5b1e6bbdd664851fa3
SHA256 db936ffd1b1cd559fc06ac4b4d251d71553297afaecd8c21c8c5f7fc6962fb62
SHA512 a1866fa59ac53ab08e31ed46639baf5e8953349f004f87ef95c33a27906149706ec92cccc6cbd3192854fbc032ba6fd0620c19d7a29b3ecac60a0f149c893f9c

C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\te3edc1s.newcfg

MD5 1053277a3c41f657b9ebef7430ff10b8
SHA1 6dfbf00f12903d20a6966bd1588d3c02082104c4
SHA256 552fded03e4a810cb36fd2cd643019dd1769f9d3095911fc0d5697620215c5e1
SHA512 f45186a0999c22c5177c16d96cfaaaf3b5bf6f0116c2fe7ee77ce6f845d8a0f3e863e9216a1ad9ddf47f6193003b88b27d3b64be10578184cc5b5f80378a0bf5

C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\2jinkhwo.newcfg

MD5 8119b958c54d0d79302bbf3b4b871de3
SHA1 cdba7abc71c522db9e9ccfc944e1c5569d60d928
SHA256 077580bff516d444342534fe2bfd3eb22ae37714c987f77bb43aca0145d42f1b
SHA512 84a749fe6d68f43214ea14f842d8728b2cdaf05c5f3b020464d8368b9f33b7b4a4956c0958318872e3ab3af1aa15379423814f75acb332a69cf3d8cfb3f64673

memory/8012-4890-0x0000000008300000-0x0000000008386000-memory.dmp

memory/8012-4902-0x0000000009C20000-0x0000000009C42000-memory.dmp

memory/8012-4904-0x000000000EEC0000-0x000000000F217000-memory.dmp

memory/7532-4926-0x0000000005D30000-0x0000000005DCC000-memory.dmp

memory/7532-4927-0x0000000006300000-0x000000000682C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fccab8a2a3330ebd702a08d6cc6c1aee
SHA1 2d0ea7fa697cb1723d240ebf3c0781ce56273cf7
SHA256 fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712
SHA512 5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5 e5e3377341056643b0494b6842c0b544
SHA1 d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256 e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9d533e1f93a61b94eea29bf4313b0a8e
SHA1 96c1f0811d9e2fbf408e1b7186921b855fc891db
SHA256 ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3
SHA512 b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 ed659b1d7a51e558246bd24f62fff931
SHA1 84685d6f04379c290e4261ff04e9e1879d54d42c
SHA256 23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690
SHA512 1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2935995505d56da3b1dcaacd7b778050
SHA1 cc36530b0df865020c73a9f4ee49ef8c41cdb330
SHA256 96aacec3d7f54ec4404b3070ed068c0db02990ef0d7b93bcd36a3db558d49b6c
SHA512 57f7cb34e762e6e424694daaf19b5f9bbc6b64601e8d55be97f9ed40f99c61f7489349e26975c457488af8ed08b59d1c13ea264473b0cb9295bf519e955ca171

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 8ec8bbc7d71df3c7fb8f0e287d4604e0
SHA1 f5cded96fedc4194cc96a9d5da8456e4b2c02f68
SHA256 9d53089b72d4828a1939167117db78dd89806f5e0658357695d4094d340483b4
SHA512 d31ebbcc2b5658c2eeff3090e42a02fd7f8eb75897cc8075c16363422193175766329d786d79495a3da5fcf86b741a04e0782d0993b461205047d5c2bdb10f0a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 b960afa58969024743efff5030fed546
SHA1 ba748cb717e20f2160541a638b0d0866844ac7c6
SHA256 59bd30baf9405f92dc212e1411a7cbc5f916c666307ec911e3016915e3f0bafa
SHA512 f8522eeb559986db47ea729ac9462d520db62e83dcb8cd305afd150ff945aae8f1fd65c95e0fad9a5413be20040b0c5e685cdb0116fbf75c313de3ffd6e41917

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 6987343e5518da79bb18153ecdbcfffd
SHA1 6339beb48f01121491c5f7928fdf365319ba8609
SHA256 df6bd67eb63586f677b965f1a91f21960ad18aa28762e9225144a7dafc9d2b62
SHA512 a1f62651d8525597dec60f28389cb9b74a621ec6d5cfafad323c5c90b7167fdfe73318bf7477da0b89606be216e5f6cddd5f29ea43e6834d27b9eeaddb626850

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 344d0ffebf08f53a23f53cbb53c4c50f
SHA1 ef49a4a7dd256afad18031e7369198708e151c0a
SHA256 f0637d16effa179a2894751933359408b1088490c2cc525905a3909d3b1aa8f9
SHA512 ed85d5b33333a19f7ac9ba295760156a175073706f83fb7e1af69e6e6cbc7829be7a33bbeda3131fc1884a2d25976e971d681fe5053a542b07e4f482aa423b35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 6ff0e2ef9c8ae1209396dc2a19137a35
SHA1 7a5850c9ea6a93f7cec4877c232057be7d53bab0
SHA256 2dedff428cf5d0f273e9afd1cd384b8b6360154c1d787c6629dde1b0d39ce2a4
SHA512 f1881f2920898aea217e4947ee3707038cbc7da26bce8d4b147bc32b96d9798bba9a2d3147e1a5e0f4f9e07d981ccced6eb31bfdfc5b7679574110212066bfc7

memory/8012-5157-0x0000000008D40000-0x0000000008D94000-memory.dmp

memory/8012-5171-0x0000000009470000-0x000000000949E000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a6dc03095706936d30035565d6d5ca43
SHA1 d70f759e969e21de094c652d2fe2f038b01cd5f3
SHA256 cd751cdb7d223150a1897e4e58375981d2e88f5fce38625cc527a27ac88f6117
SHA512 c78161ecdc36a03f97877c13a163d15613cf982129743bb427c31c7dea119caffe69dd73fa91108b263d4200045b1f8c3ea50e2b684fa3d358f3abeb02664788

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 01e332e9d867ffcd54790e75206fa625
SHA1 430af61baa8db1c08741faec8f0bc9037d553a11
SHA256 a38cb2adc3d38d4e3cc6538c9e4a4ec8c346fc3b5bff6fcb07701e38778bff56
SHA512 fa6d62b87405cfc50cec814367ccc31149e91bbddaa93214d42e38c293589eba56ed6ba97413ef77ab0322fdf15ecfdcef2fadadb15401b6c47c0e1421bda83d

memory/8012-5219-0x0000000009790000-0x00000000097A2000-memory.dmp

memory/8012-5222-0x000000000AA80000-0x000000000AAE8000-memory.dmp

memory/8012-5223-0x000000000AB10000-0x000000000AB30000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7b3bb25f1e7d3cdf3edfd20dfacaa9ab
SHA1 943d936da609a5231394445ecc749a08fa414b83
SHA256 a9894f2734d18f6cb736059780d27ed004f242e29ba66376b01b8427a5a97ff8
SHA512 a5e95fee303dc88deda5beeb2c9959d13ef4d27fc1cd99f16c30aad77813e4b7555f65ab9a7f7c7f424325efde28dd000d8d47cce10deca30d5e17f7e3d251d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5a69f27a4589cc5381d64d5212e8834a
SHA1 380d8f54792617e8b02546f35d612e55830c160a
SHA256 76fda156adc41de26573fce3008ab6cc6d9df7fb722800a5eb23ff19ec4b79f6
SHA512 cf15e8a49b1cccb893ec7f3902cddb6e4ba74c08ef7b0361e168a618bf1aa9908780b2d8d4604d0544915880824adb85bcd926d4c7cd9b3650d183fbfe70ba83

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 7ec09c7cbd7cb0b8a777b3a9e2a1892e
SHA1 3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd
SHA256 a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e
SHA512 5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\4eytw0l0.newcfg

MD5 bd1c31821dbf08bcd63f6144cadeddeb
SHA1 97d37e7886e4e372744c8a2e6aca26ceee6ad968
SHA256 85bbdf69a969319d16584d1282635282c011396185a46cb7aafaf3ded15669c4
SHA512 417b309e1b87f5ebe3058109fa906c0bb73a76e59b9af95d9e35da023f41d73c3bd861cb40fb79779cd431f259c0b6fb57d1827ee5359aa012ba2fcdb50041e8

memory/8012-5274-0x000000000ECD0000-0x000000000EE31000-memory.dmp

memory/8012-5275-0x000000000DA90000-0x000000000DADC000-memory.dmp

memory/8012-5277-0x000000000C8C0000-0x000000000C8E1000-memory.dmp

memory/8012-5276-0x000000000E3A0000-0x000000000E3DC000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 2eccafa24fbf7f03c437a9a3f7bbcd22
SHA1 0b3ebccf4f95d94e8d6f19f3391581a6475a71a9
SHA256 7f5c70e5ff358ceed6ac99a6b4d0ded66bc1eb97d2fe96d42adbef3c270f82b2
SHA512 dd83bcebf9be54d91fa6d7b78994aa0c51e83917d695f5eac0c7e7d7e950af1b3b65a2e8813a4c0e3018a90cc1515691dbd9e0a8b2acb93730e3453d7f9b461e

C:\Users\Admin\AppData\Local\RealDefense_LLC\MyCleanPC.exe_Url_qt00azpf5rjxiq2gkbgexk3tbp1i323t\4.2.3.0\ycza5eal.newcfg

MD5 22d8d4991b2e8b73390344bbc6926745
SHA1 5d270a672370b920b78db119e94f0ef080951337
SHA256 60ac7e1de093f4cf6aae6a7077ed4cb93bbaf2f81614bd91a395ab862defc45e
SHA512 7a5682e987850cb907367e0f5f5cd2b32ee48bd76d8b8c3c39c15c1859a763368b8a1af2eef107ab9ec0f4c55672759e626a285ba3df7785c355a16dd37aba2b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a22eb.TMP

MD5 2d23fb18391af9be7a7ab25c6723a3f3
SHA1 9812ee1cd0ac7652d9a86a12babbaa4d5147b44e
SHA256 ba1e85996b34c83895b800c58d60e25898088e4371ba30afef10a56e31cfb770
SHA512 47af2a318b5a105ff893c45ad9055aa1806772ae2c05e9f72984f690b5b03a098e3cb0abce370e668f076f4b7f2cc36068fcec3fc841bebaf4b6b466dcf6a8db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 4808f0389b828664601e7a3e85c20609
SHA1 e2344948675999cfd318f1429590098cda4ad6d6
SHA256 a16250e341b3c75f16e1832864e0d7579ef106114fb36bc0ebf5b0007886d12b
SHA512 dae3d1330983a32c206e115af7f2439418a4349cac4a4653855a2ee9b7d78eccfc7e697908e7ebe255c8a8c1b762b32b94e400fecfeec50ffae6397c6b84f575

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionstore-backups\recovery.baklz4

MD5 81684ecc2b1027ade8d7bfab82b1b970
SHA1 cfee68bcbbffc73167140df0e4389d0800a8817b
SHA256 dcd3e893195bbfecb623ab0bea5ec559b9c858e4c2b3fbd49147a032389ccc95
SHA512 97934c00148b58c5a6fe15a4512e1ddc97a08662e6931aa380e7835b7d878efc252ab28dcf5d4890cef314d97f03ed3152a09617fc279441cc5ca90c6fdc2d9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 415c9217d79df1e46ca8efd8ff21e3b6
SHA1 9659b85ba7ad1d5f2e5a461ad709aefb8202ebb3
SHA256 ee85c8b45ee76bd6ce9e6a849a983550b490b1fd884727fee5b2fa3c8616a598
SHA512 4d879f1cb90b024c35e486cce455027ce4816b3af8d061d2dcbd742cdda6fd8164625b114a16fd2b4c8531147b540917a372a21f2218d6b621046a0e5f5e7325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8d58671a3664a942e9bf7eb6a715e535
SHA1 b5ebce22d650b4b54e997d3b22f5a16fdcc0e92d
SHA256 f95361e630e03390877da62f898f788f445000a4628408cf5aaa0fb4cac8d3df
SHA512 1bffee71ea0d343780e1c134f7ca4da7edd989490d23a932d7e8dcc696dfa499f01d23e3c7b89b4b1af5cf1b4b261c870bcb9ca3327f30eaea8b8d25d52bd78f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2884bb819ebe5490ff3f170a5140110e
SHA1 d5bda195799d0b098a01767e78bd1c7738597c4d
SHA256 cc0805ee3ef73ba583752148d8aae20e6f3aaebe1ae790339b49d877aa8cdf77
SHA512 d7a052a88c5283690c937487a0dfc243f7fef06c76470f0689d6e134aa3e793169f126dac5b68b1425a35b35daf97d17eadd38ed4142d940214e1a52608401dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99b665784fbc5eca9862361b64fdaf51
SHA1 af5e376ebbc7ae6c7ecb390836378b36499df36b
SHA256 f681d120a2ce01c0b975f8178780f7ef5cf341a2c2a23afaa385c5d5f1de747a
SHA512 65dee825433abf5f8522a0ac2cbfa5278e9315e0fad10e6f4da928078fa81c336dabe5df478dd4802709f2cb31ecaccfa67fd51604bb6c548f54512f831350f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a16966d5b77a150b6703e7f16600dddc
SHA1 26aa3859cf55ddfacb50194f6b76e327d5de41ec
SHA256 f4870971718833e4ae544f3bf53ddf3e075dbfc18a4bcd0543c5ecc9122d2e31
SHA512 db795fae25065172d208e37e9123967b190db1391513b1e086b8fa8e1557e7e83d61bbf483ff409ae72780a3315e90fe6d6996f3b0741112b87c52cd5b185b55

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 5d06b7b88cd35c21ee1e062325b271e7
SHA1 078e3bbd1bb64d0581d1b73013aa49d58608e183
SHA256 254d8eb817e38b163f9c4826efd5ba748df1c67c54817a0778523550ef880cbf
SHA512 c9a1d481181f3c2dbc3d735a1e408c772bf3e450c2acaf827e9992d0073bd5d83382ba2d2dec494b3173f3e4aec9d03eb600180255484b0a343f2664d1776c2a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\datareporting\glean\db\data.safe.tmp

MD5 fbaba2f2f1068b79fb7946a0b60f2bbc
SHA1 faf7d35a95b8adadc6107b3336d9002d6bf3180f
SHA256 df223c5b97fae1cb3783902420bf047176f3a375c7d13ed890ba702894196e7f
SHA512 666f1ba9dd6530e54c43d7664908c5f177c9e899a0d4fe55d31aa7f432222f442a984afb3f00f49cb617b0ac2715d7ade973afd8ec8bf1f21f471d94f583d16e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\sessionCheckpoints.json

MD5 a0821bc1a142e3b5bca852e1090c9f2c
SHA1 e51beb8731e990129d965ddb60530d198c73825f
SHA256 db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2
SHA512 997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release\prefs-1.js

MD5 d0e5b1fccfc2947228c22df65ade14fb
SHA1 4e73c17b38a3dfb2b702ab4d13e4423aacf36742
SHA256 9b73e564b4be750c38e94caaba5384f58b366274db257b6006ca61214305b427
SHA512 1084ecf9698f04b39d7544c87148a1dbfbb5eec18349d4769893544dba02cf66c06762639f48709f7877f0a6eadc15ba79c71771f53a7c027fe9678ca7e76e50

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\mbupdatrV5.exe

MD5 e1134014dec51258520dd70ae965d1c3
SHA1 aed1f77627674f69d48292dd57c274e3399d87ab
SHA256 ae9263a10e0dbeb982d26b00e241626a3a4ea0bc9489789427d080a3bc3e7ed2
SHA512 b9fba8664aff58681db7bd68ca11f79270f25a25cf9a6da808d065b98f398992b4a4f40e6153d99429a6b9fba6c24c0af7ac5f4ae95c194af8f802684f390c05

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 f08a77647ce4354684c06a59e0727558
SHA1 b4424c3ee769092cabd06cb018c5fa75f67c9d9e
SHA256 6d62a7d1ad1554c39d13e1ec89e4839b59c8960df9c71034344655a413c32acb
SHA512 0e81f4ee90be4fcf2afb621542f378808e5008da7821bb76db58b17dd2a0b786c55ad5fc2d1d627cf0a1c6edc87efa955fa73992a90fa6f58031198f840fd71c

memory/952-5662-0x0000029B40D30000-0x0000029B41196000-memory.dmp

C:\Windows\Temp\Tmp84F0.tmp

MD5 6a65510f36c7f3d0e6fb767ce187386d
SHA1 afe06e5ee101fa61ea5a29e22a66354b1b7c4d0b
SHA256 413aca70d1197103a1c312a014ec7c93e450e4a452e3f8753094714ad995d498
SHA512 73840864868ee4326b32f2b77381ae743c62456ea529396a54cd8a163d27e5f89d06d5d959e3c1b28937de98cc9a886233f627e8c3e8e9e592fccf2d76954c4c

C:\Windows\Temp\Tmp8772.tmp

MD5 6b9e18a8287264b5d40c820f86c5b66e
SHA1 173a9f4dfde8ba44fc8c7aecfca6ea410a0dacaf
SHA256 d176caabb32b173e1f99da61346d72a2952df22acc73f08ec90c57383bed0279
SHA512 cff6cc65ff60b5e59df6cf98cbf6158c76180ee334619f242e7d019c54166539cd0fb488c6df7a27e46511920e8fd573b8d2a2761d1e9647b1875abbafe23095

memory/952-5711-0x0000029B40D30000-0x0000029B41196000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 f25f8d6bfdb810ee9dfbcd96ede6955a
SHA1 58cb0042633af1fb1123465d6b333e26165a0fc4
SHA256 d5cb2e8f8de2e094b4e2dc99b5cba13e3d4c5deeef28b144e97620b5e326263f
SHA512 d60102e63d9cf03dd473ac00b95e5673d206860087e95e05f2cdc6d28afd29118ec33d8f98d4c6cf30d5785cb36d149f4fd932950253b9835ab3c674de756b1c

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_10CFC0D4C45D2E76B7EA49C8C22BEDFE

MD5 5bfa51f3a417b98e7443eca90fc94703
SHA1 8c015d80b8a23f780bdd215dc842b0f5551f63bd
SHA256 bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128
SHA512 4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

MD5 650003a596c2f5ff6f2ec2af92c7c97b
SHA1 781c79b0dcc4d4391b1397d043d2d99a1aefed56
SHA256 01ac2dbde4e94d607d9eba6c3f0c6d54635538bf145746f33b1870dc47493743
SHA512 e086d6bbabd68ac26d20922ae9a482779a88ff9ad69e3dfd23f242fa3c1cb8801de623da12006fc14b29014a9ddf69ca0e3a43ac05c4715d860041f462124cfc

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 9fcfccca3ed0dbef8e748e7d86a3d6f2
SHA1 f373ce467a0a8204fd208e3aa00c6801654cae86
SHA256 8c824c62ea39fb0e5c4a921cd869d56a0f43e26587a86f649d29d61abe0ef808
SHA512 ea249c6b89852c1833bdb6f12ca06cc3bb6a24a589cf59de26d22ebd59cf860443be91f6b60bf60dab9cac42df58c0691ed0e1b8042ab7707cccf9d0240571ab

C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

MD5 d6e64fc844908e40c04f4248b2bed2b3
SHA1 225114653f571642bc534813ddf6b6d4090e46b5
SHA256 331ab83790069363da3834fbc9a9dca7c05c8ec270234c768a6ef5f0cd4b7424
SHA512 e1b320210109eebac40112bda6d82cb314c88bbd9c7d450d5a5d55633cf8d5e1a67725290e08cc002d617b6dda8e8f36a17bed7b834e0d7f0af8b4c2efdc34a7

C:\ProgramData\Malwarebytes\MBAMService\updatrpkg\SdkDbUpdatr.dll

MD5 52c4aa7e428e86445b8e529ef93e8549
SHA1 72508ba29ff3becbbe9668e95efa8748ce69aa3f
SHA256 6050d13b465417dd38cc6e533f391781054d6d04533baed631c4ef4cea9c7f63
SHA512 f30c6902de6128afbaaed58b7d07e1a0a674f0650d02a1b98138892abcab0da36a08baa8ca0aba53f801f91323916e4076bda54d6c2dc44fdad8ab571b4575f7

C:\ProgramData\Malwarebytes\MBAMService\version.dat

MD5 ea44c19edb3a33406bf4a498b326f31c
SHA1 6d573962c25b421ed7e99df445f6b46a4c91e57a
SHA256 f3efe708dd82794c1203557469014d4096246446b7dbe64303df0284d52d90eb
SHA512 78119df6a18afed0009f79d07d00c1938cd975a4f4dd7096a185ddc6f4592917427c793d85aaf32d6082fd37697cbef2aecc72f6eb5d9507f26452dfbe5745f9

C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

MD5 39ccf914537bab3e60562b9a1f3c7799
SHA1 40dcc580890637a3f25b21a3f383d23628baf1e6
SHA256 80c2e8ce30f77cccf619448de56671875c977d00951891824717fcb2ee655a94
SHA512 438f32635079d38886ebbdaa39a2bd8b9f4bd83f843e11b78b305cc512c316476bace7a91f150ddd4e042a550ae2c1376750711f30824c9f3371c5592b23b016

C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

MD5 f7be3a62bc61c19e6dfb40b4670b0939
SHA1 34c2fecfcdd4eb6c489114a3bae049329450f150
SHA256 5c798a94404d774a2351ecd742ee08044d5788b2b9966539e9fe658de77d1f00
SHA512 6f5e5cacb528c13710f73da9864c4d25949307e8caf37173747bb82092285597289112b9392b72cb37441e436f8b594ba821c6b65af5d892f6cafbfbdc3b6773

C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log

MD5 9ed52ac7af17b93f205f37a92066b117
SHA1 51616cdcf4b4feba147371538ae5441380b1a6a4
SHA256 d1ac90d1a60a53dc475ecf6691245d4ef35803e62399e91c28861e8d92d4198d
SHA512 b9b7965a85a4896919f3f91d262998e27b5eb2970096e73fb39f956b75a12359298a9196ecbd9a704ec009a9088cccf5adb0db55a4ac3d68bf71c1e3149b3064

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 c10796c22947656dd544a0d161e8d505
SHA1 f77859c84a494ac5d8238a1c73febf8bc75dfffe
SHA256 03a49916b3e95663639c855945aba22ab52aa65bce7c49ffc7a610f9e3a7e859
SHA512 d3fe78cce911c3faca0467fe12271d4c2f27423bb1e5790a0de7be5dd17e89fbcef2c3fadbc6be2b23671455ed30534bc0a24906939e75dd71d450705b37216a

C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

MD5 945eac0041e372c35531df572eb5bffe
SHA1 fd636a17416bd5f53d5c64ee061dc975e82f34e7
SHA256 571e4831fb6d6a3787242f7cdb9bf527f068020a3ad8f1698b981b674dc93486
SHA512 0e840232d104541ff447ea7da530b5b68f54e684217d56ba33d55072c1618c0f5a033f437d8016648a0710ddab3daae15948f28ef3bfe42cd81a834a348a0b85

memory/952-5827-0x0000029B40D30000-0x0000029B41196000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 24248d13e871328a57c75289281b2760
SHA1 f5ca68d13e89c1d018a3e73e0a8b53f72fb886f7
SHA256 e273cac2a8eb67fc053f71b8fafab3835a71c7c22a507ee58a47e5ee71daffaf
SHA512 cdaaca7f8d35c80cc5c5e13da1eb8f5350be92bea06462765489b4dd0385cc99d11526ddfad3073fdd11a47e1d2032e0a0e7edce7a67d5e9860b0b13d3007648

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 2b43c0af9d69e8ca24e1aab1a506f3b2
SHA1 e5cc2f5fa3dc8bdf87d796d26c01d4429bc04f32
SHA256 43b95a5641522adf91a5e500e939829b3e9ba9627681a1649cc9968cdac16ed3
SHA512 f47c6448f1996c0388f09bd4e1c1def7cdb0d95be1e778009e484a0dfefbd1407fe2267ee8b8d1267db5b35918a331f95166922968dabdd011d60f14deb75e5d

C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

MD5 a0323a48aaed0671c01c2e9a8ac15da9
SHA1 d0dfcb411b21a340e99bd2156be54212e137a456
SHA256 4159ddf36312eaff7ed6eae64d67d2be2c310c279f827963f8d9600f9ef6e0f1
SHA512 9c85c7d57126f22749ae78e697e20cd0ff0cda894493e7d0c3f2ef8c21f2dcd1ef6ab56b291895988ee0f233e3b8e0622b57a3288242e50f6215f5ccbc78f460

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\4d68c01a-96ce-11ef-8d25-e60b6437e69c.json

MD5 891b7c5e9d0c7961b3b0a259123b7dff
SHA1 29a7d97c3ee1275cf14dabbc2b5ee2ba04803c9f
SHA256 bd4530595da939323d25ec3cfaa7fb7f0db2d60c25fdfcbf4c553e3dd6fe637f
SHA512 d332375cb8582f025fdb67117f26891c77e082dc2a87ada7b32c1e5ed4839c4c3661891dc9a79aa7e5ddba15d407199e123b7f8fb8f5e99c739eaf6c1c3ee597

memory/952-5876-0x0000029B40D30000-0x0000029B41196000-memory.dmp

memory/952-5877-0x0000029B40D30000-0x0000029B41196000-memory.dmp

memory/952-5895-0x0000029B40D30000-0x0000029B41196000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\ScanResults\4d68c01a-96ce-11ef-8d25-e60b6437e69c.json

MD5 c50b9c424675bd11b11c5c91c1a9c021
SHA1 bd36f83ce8c2065456d8850019f3487b7cb01b8b
SHA256 087937239c9d6a44e2465cf5259ae52f1a19c04c392bd12d1db9d1b6272a478a
SHA512 d3a4ebd1164a68cdab61dfad77ca563cfa756135ea2093b7aad91545cefebbfac9a876dafcdd2e552c97737e98a0fb5fdf4c781ddd3e66d798da6a5f04b4f551

C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

MD5 16d3d7141f8b5c8f9a2bf1106aed4ab8
SHA1 3a0dbe535229a83396d3fedd63c6bbfeafcef672
SHA256 ed4970d96ab039f5e290b388605564b7a685ff9b6ca3060e82b40ad16cda8581
SHA512 658357ea73806fd23aff7ceaf73b4ce08be23afccc231d6939568a440c6d0f0c9e0fea365b28dcab37b86766ccf78cde315a3a11ce2a080ac022f0de83b99a9b

C:\Windows\Temp\Tmp45B4.tmp

MD5 9a46433478757269b86b07c0d14f5098
SHA1 6f0b3c25a8d70046265a85974409adc17ea0e308
SHA256 e3eb2e9dcc89e570e181bc7ac07458a70ed6f85ed697509c30eecd1f04115308
SHA512 1792b0662b68c8b46f3e8a805cfb9eb44877746d1b9625af16e625c3c957acf20dae4e015a007f69ce31724453901a57420f79fbdffb543db26c8bcc6f73028d

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

MD5 f68c5900f8b5a614b5bd296f5dbd043e
SHA1 1d97c70694a2c34bed65aea921d29a049196b6f0
SHA256 d03e4f50a8f04567976acd428d4b12f51867382e1a4a695aed95b68be2c68dda
SHA512 a7dc09a8dcdfd81efaff3a5ba7e8ed4997915c02827fa7a95715f177d74b6333be60ff3eb0acb9ccb5721ac4dacb096bfae19d225448c51e2eb68c5116346f99

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

MD5 78f2fcaa601f2fb4ebc937ba532e7549
SHA1 ddfb16cd4931c973a2037d3fc83a4d7d775d05e4
SHA256 552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988
SHA512 bcad73a7a5afb7120549dd54ba1f15c551ae24c7181f008392065d1ed006e6fa4fa5a60538d52461b15a12f5292049e929cffde15cc400dec9cdfca0b36a68dd

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

MD5 3facbc65ae92f87f2c25969761322148
SHA1 0c283d43e6c3fe4050f8c41ab73f41b967602144
SHA256 f1cc662f7a678579e2cb6a6867e8325c0b96176249c1d8f6e6123319537e3644
SHA512 d3f1e4e1d963bcdfe2bd2171b61e53c9f90a094cbe4383cb99030f590e74e7324e6f7f3b80be0d261c609b1da3713654f8621b1f5fe1aa819b1e3e6c37cef009

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

MD5 d91299e84355cd8d5a86795a0118b6e9
SHA1 7b0f360b775f76c94a12ca48445aa2d2a875701c
SHA256 46011ede1c147eb2bc731a539b7c047b7ee93e48b9d3c3ba710ce132bbdfac6b
SHA512 6d11d03f2df2d931fac9f47ceda70d81d51a9116c1ef362d67b7874f91bf20915006f7af8ecebaea59d2dc144536b25ea091cc33c04c9a3808eefdc69c90e816

C:\Windows\Temp\Tmp4613.tmp

MD5 e08eafee9a9e3c69b0963365f3cb0970
SHA1 9d19103f930968cb2b85a7af3f5296ea846654ef
SHA256 e9049dfbba1c029bfe5e1b5c40d7f53370fac70078b64ca80abfb73097a02b7b
SHA512 3a36159197e294cf0bba2b58ecc7293f52c9fcf86de21ae2d299415e4d643c4dfed235333c8634daa4245a79aa149d05afbbca0e93f409a4e2d56beae67ff3b4

C:\Windows\Temp\Tmp46C0.tmp

MD5 dd912f84dd62a1318d16c9c46d5730c5
SHA1 8b9b8778c658ad150114e2b67d0d4cc94b1bbd56
SHA256 8c69a22af0ad862d105c5ccd29e1e0470ebb611031f33d8b7861229aef6ddc44
SHA512 79d8088064bc190237bb6eb2d32cdd95b42fe67963d017bc9d1227eea6da568b833fa13710554feb4a7bf20de7a7819742d184ee96a8aa48e3ad5faa98b3567f

C:\Windows\Temp\Tmp473E.tmp

MD5 c1d4ee18fd86f49db7ab8b7410ec48b1
SHA1 b83688b5258ea1c0c49f3829d06151a87d3780f4
SHA256 502e77aefb62da4d82c8131a3271f8ace8f5a513332e736e78a6ecae8437e11a
SHA512 442192ac1dfcc194ca5d329b817761f2d7fb8a455595bb876a4afd545aa2201aa97ef83ed0c615b90e589eb8196b3ea564cf37085131bb08873a2805e7e16d4b

C:\Windows\Temp\Tmp473F.tmp

MD5 47271f9c166906b8880aa06bd68aef4e
SHA1 063e616aca43274a2954c2b327f796fa6357cae3
SHA256 ae71ac835bea9ef1e629f7b9e1ea36bd4d66d00fef9cb4622bc0d204933164ec
SHA512 398aa472a52718af8d755242ac904d9ec4ea5500c90bb9188f87e797fc237e3a7ce50834eeb7e90077aca684f29db9e3fbe39a6d3b64a21a13b4e8a37099260f

C:\Windows\Temp\Tmp4F10.tmp

MD5 d348e2c3f38851085f60011f52e72c18
SHA1 f9217ec8b6a51b96fb7f83d86bcfa1ae65df8b03
SHA256 bf034d6528b3e43ee6af07d27804e0e47401a5ab29050ee5c0e62303bbc56ded
SHA512 adf3a381582c9a0f88c809baae70b7fb63d15a13298c3cad85d68ffdeb39e97abc70ecd4404373801655d3b8734fe6bf1c6435c87b408ca8305a815de4fdc7ce

C:\Windows\Temp\Tmp4F40.tmp

MD5 74450c582ff5c8c7452905ebb3a97abb
SHA1 893053ebcd28122f6577cdd25c4bdbd7cfa8cc4d
SHA256 8a299ec7732ed47c0bc1708b023acdd1d61e0d4cf60209ba83710f7b92dcb842
SHA512 9d47d884e714428b34c9be90d91f535583cc822f325b9fb1430637c71072193a770060e11bfef518a83db815cf307ffd21098bfc4a464218c1511434d0a32e62

C:\Windows\Temp\Tmp4FFC.tmp

MD5 2dd250304968c5400844048c8107baf3
SHA1 42835742d68843d86f8edd21aa84cc9e9ce900f1
SHA256 366a764587fb82f041ab902d3e41598ab531fd7f0d69a6016977158c93422ab9
SHA512 14707ffba318eb575a2b7e210b836863b0ae4b73fbaf49fd7c82510a70b66ff51d3847899ce624b3d9acb4353e73787763713420e9e19a24113184a2d9505383

C:\Windows\Temp\Tmp504D.tmp

MD5 724545d890e10887bebca8a4b87f80fe
SHA1 76173fbf2d976c2abb900396bba0f1bfd39e378f
SHA256 cf705e22d76637831e9400c56580190820aa3eb1f9a35d143aebfcdfd5a25ef5
SHA512 0e64953f354abb627a68f9656d3e08af667ee04b4b8135ebbc35bf8714aace7677ef355fc04b0341bee1f07948e65d12a096592506a976a760113cccf12b9b93

C:\Windows\Temp\Tmp504C.tmp

MD5 7e2d6b8a60d981302ef2a20c32ef37a8
SHA1 af2a6fc16a284fa76f074218775f02401cda0568
SHA256 fc0e03ea8daad496be011c796eca91b4e8411ae74cc3424012b8fd4baee7ce17
SHA512 32ad5ba5f76097f4f3925769f72313973040693a5734c2dc9f80af5407aaf38cebdc1dceeb97b01685741fcfc942f5042402a1907f41a4e596c5e9ab6bc2aa0e

C:\Windows\Temp\Tmp50BC.tmp

MD5 c179ddcf640531e7a9e4dea2ebee4e4e
SHA1 a93ef4f97ef1aa9b1a3a7554e30064abf88dafce
SHA256 b6c31ac34083d8ed643b783f4e21600c1172028925bb2cbe4e2f29d63e708187
SHA512 24bc607bde42283ef5d136b660eb35aebcaff65eab6d665e3138bc2a78c40ba07c5ff60c5fc79f9cb7461ef804059f998cc1c803c636ebc4f8c77e4203eb42c5

C:\Windows\Temp\Tmp5178.tmp

MD5 669a3658c3a7a2aac578ec2627a8a11a
SHA1 c42ea39aea5fe0659554e334402a8cad4a252ab3
SHA256 0e1a14ebd074f040d7582b42f9a07682df34965d396797becb437a3deb2be0dd
SHA512 846c02ecab77038c1a7c9cd4b029f944ead3c52b0ba45f1674713f47cacede952bd25ae2b519007c37f95018cd18606b9b44af65b842e2fd31a4111735d50f2b

C:\Windows\Temp\Tmp51F6.tmp

MD5 ae5b9acc84e84192b9a3dbea844aaf01
SHA1 3ca69948fab36df26044fd1d84db0c556e50b9ef
SHA256 ca38e58eab49682b2cd63d4dbb59bc6b3990b542895869a019af06d8bc24eee0
SHA512 d87e9b2ff129ffeebd37a0ad07f14d0d9e339592655951a8c841b223911b115b5b49c363499c4180f7e4da5a12168790c88e9bc2bc0386f954e255756d6744a1

C:\Windows\Temp\Tmp539E.tmp

MD5 ec91a11df51d1929974a2a4cd5b90900
SHA1 40d25668dfa05518c1c0b201467dc9027d691e57
SHA256 4f3db7c78f8274eaa1e840a9c2dc85caad59ee09648a3d45c9a9bc6ea83c81a1
SHA512 effef713228b4a1f37d8617c7b3f8742266c5af83c0191d2288a5b896fef1de19cedbe45dc35941ac354e799df94d3fe766f61f9b60bb7b3a66a61efeb6e05a0

C:\Windows\Temp\Tmp539F.tmp

MD5 5ec13e69b93d497fc6d8693ab3a82210
SHA1 6cf6d4a6d92e8c18d8b12a7ff0488d7f0aced45b
SHA256 5957162eed70cf3600dbe409e3d9379a8e797d06c0cbdb5dfc4e5a92383927cd
SHA512 4749b6b3389de3fa850067012001633007ab6b4ece9c50e9a0eeece03e956f3361a8e5ce8a214257e1b2689e7382d7250546601e8a0e5c845e742c84bfc8509f

C:\Windows\Temp\Tmp53FE.tmp

MD5 a9f469a795e19cbfaac1dd23b19af7ef
SHA1 18e3c2fe40f2b84b8a4171a17726566b795dbf51
SHA256 8261885649e52e6fe8fc62fa88c9f81f4287f7f264a6206e6841fa81c391fd7e
SHA512 e9c05842294a531ce1e979c055f4de34ce68eeccc0ae81cac89449a5afe4b7340b3b8b0c679d7f58e06654c7dac4b3c91b4345fc0a7cfd88489fcfcebe74ea81

C:\Windows\Temp\Tmp54CA.tmp

MD5 840e83d59dad735ac69b5aefe74feb03
SHA1 e27beb56c9f64bd18881738419502fad62a1d62a
SHA256 f1817e5bf1fb2b9f0d15d1fd5847603074aac3928f479010c528c242c42b7571
SHA512 834b58d4a649df9febbf3f712fea7c0cba52bc5e2e24cf7c4d2d54affeff5059f89d82cccc7488299685335cde88e17d134394e2d05458c134c6f31cb3941a55

C:\Windows\Temp\Tmp5586.tmp

MD5 1830fdfd511fbf3830c426c50b00612f
SHA1 f8dc8aca419def0fd7a8e1987a1b2ec2efa839dc
SHA256 3a2abeb94b95c27f00bbab9bf7aea2f6f1a2eafe9999fe886a0bb4fa0e192a46
SHA512 d0f6c92c7266563d67bf7360329d41e744b00e61abc4d7222393d418da29ce1cb9f27f111534a190bc4ba7ab0b72320520ad110413c35e937b94c001429bb783

C:\Windows\Temp\Tmp5604.tmp

MD5 7281bd2a1c36bb1875923bc0a7aa768e
SHA1 bb4432d9b8682044da51109d031c93a995031984
SHA256 6d4e1c830ec9bbb686fe0933468c9f3ce7911e1f4bc3fa20a6e8dd098b95fd0a
SHA512 1ff6672e2779db31bbabce9f1f55c05051f89cbe7b8b6b10389145ce67817a6584dde4ac2a0eefeada526e9199ad6631d2872f36de2ad9b664c571371170b507

memory/952-6178-0x0000029B40D30000-0x0000029B41196000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json

MD5 8d4e0bdd1a3089016c94d600d6d2b06a
SHA1 7b383564972d2a3aa79d6ae2fce6113e5f5186d8
SHA256 4d0c6cdfbe9bd87351121ae9848a9495ac12f13d612719b0e2e66356041265a7
SHA512 fbf30fc0f18b175e39dca97571fd8236b8c15f1ecd9913a71693c3072ff671d37a5b7dc9de3c64c021e585471ddd49ecf3314fc8a88d9aa5ea9198a32962956e

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 4899637cf712120a1448c58d5b966b09
SHA1 efda2f492e8cabdf9c4dadf386c22fb719b31c7c
SHA256 ec6b8507a8fb10d3071bc63aa976bebf081eaa69442a348d1ca03965a3cc659b
SHA512 93e4a0e97ac4bf15b54e7bd73f5f74ec7df7be6f0121ebfb1515498fb8dcf1681d82dea2a87ee13f0e72895b053d58fab32da702512894797a0a317e83556201

C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

MD5 a7324abfbb91fa816f609fdc069582f3
SHA1 053222a7340091dbaaeb9083cc92ccc4f8a87377
SHA256 e209e76f64d6e28499ca19758f86574f5c363a38d065ab1da2bee05f49521da3
SHA512 205474d3da31cba0d38ad073b832c7e3de2e03fed69bd7940f38fadcfa7f320e1ea98eaaf614f82aef085ff0ca14a6a9524e83f7edab625f3a2d74da4299af64

C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

MD5 f488bd4abb6a1695ac8ccc24017f9815
SHA1 ad55114cc1f99bbfc3257d11ad9baf3e848daf72
SHA256 9ce4670be926cf3cfb9da22833cb73c63d08cb10920c9c7d309d1fd92a821538
SHA512 579977baba152bd8608561c2f52fb35a3ecfdb4753d2d2a4214589a62bb16a34f8a8f9036537ef7f313c3b56e1c369c2c02a2c6e83ef3d893da5e3b691fcb869

C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

MD5 fcbc0cead7bd240e030880ecaae85f51
SHA1 895b035a5e198da0c7b4890c3adf409e75274d63
SHA256 ff274c54e12e498d5f2d02b9e2fbba47d689f39958136b3a39e2c1eaa7d7cbf3
SHA512 85a3a6b68ae8743eda5f57c5be76b097056215959898e31a7571a8aec60c9cd8eb2bdd5574399ffb8a6a469e2e938f8cdedf3c8da57d5474b9aa299d4269195d

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 921ca2360424e393753f73b299967c32
SHA1 be448de6c0c59e460694a79de44dc66bb8dbac09
SHA256 7a4350f86c33718b29eebd642c038c4d285855e1f6add48d906bfa54d5ea830b
SHA512 b739bbc8186e49e1d32c58d8aa579855c6b0fec453c7fb9fe3a4af89e6a2b4aa7bc7bb73d916caba66f1fd4e215b0ce91ac430e8cdfdb5352f50d84132608e70

memory/952-6228-0x0000029B40D30000-0x0000029B41196000-memory.dmp

memory/952-6308-0x0000029B40D30000-0x0000029B41196000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA2.tmp

MD5 3b337c2d41069b0a1e43e30f891c3813
SHA1 ebee2827b5cb153cbbb51c9718da1549fa80fc5c
SHA256 c04daeba7e7c4b711d33993ab4c51a2e087f98f4211aea0dcb3a216656ba0ab7
SHA512 fdb3012a71221447b35757ed2bdca6ed1f8833b2f81d03aabebd2cd7780a33a9c3d816535d03c5c3edd5aaf11d91156842b380e2a63135e3c7f87193ad211499

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DA5.tmp

MD5 b5d0f85e7c820db76ef2f4535552f03c
SHA1 91eff42f542175a41549bc966e9b249b65743951
SHA256 3d6d6e7a6f4729a7a416165beabda8a281afff082ebb538df29e8f03e1a4741c
SHA512 5246ebeaf84a0486ff5adb2083f60465fc68393d50af05d17f704d08229ce948860018cbe880c40d5700154c3e61fc735c451044f85e03d78568d60de80752f7

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DAC.tmp

MD5 699dd61122d91e80abdfcc396ce0ec10
SHA1 7b23a6562e78e1d4be2a16fc7044bdcea724855e
SHA256 f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1
SHA512 2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

memory/6108-6376-0x000002CDFD700000-0x000002CDFD800000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DAE.tmp

MD5 54dde63178e5f043852e1c1b5cde0c4b
SHA1 a4b6b1d4e265bd2b2693fbd9e75a2fc35078e9bd
SHA256 f95a10c990529409e7abbc9b9ca64e87728dd75008161537d58117cbc0e80f9d
SHA512 995d33b9a1b4d25cd183925031cffa7a64e0a1bcd3eb65ae9b7e65e87033cd790be48cd927e6fa56e7c5e7e70f524dccc665beddb51c004101e3d4d9d7874b45

memory/6108-6410-0x000002CDFEE00000-0x000002CDFEE20000-memory.dmp

memory/6108-6409-0x000002CDFF120000-0x000002CDFF140000-memory.dmp

memory/6108-6403-0x000002CDFEBD0000-0x000002CDFEBF0000-memory.dmp

memory/6108-6424-0x000002C5923C0000-0x000002C5924C0000-memory.dmp

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DB0.tmp

MD5 a7b7470c347f84365ffe1b2072b4f95c
SHA1 57a96f6fb326ba65b7f7016242132b3f9464c7a3
SHA256 af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a
SHA512 83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

C:\ProgramData\Malwarebytes\MBAMService\dds_tmp\DB1.tmp

MD5 804b9539f7be4ece92993dc95c8486f5
SHA1 ec3ca8f8d3cd2f68f676ad831f3f736d9c64895c
SHA256 76d0da51c2ed6ce4de34f0f703af564cbefd54766572a36b5a45494a88479e0b
SHA512 146c3b2a0416ac19b29a281e3fc3a9c4c5d6bdfc45444c2619f8f91beb0bdd615b26d5bd73f0537a4158f81b5eb3b9b4605b3e2000425f38eeeb94aa8b1a49f2

C:\Windows\Temp\Tmp7C74.tmp

MD5 492a163eb4d3be6d558c15a1787cb6c4
SHA1 15cb4a9ab0f6463d441726521d0874804ba78794
SHA256 9fcdbf55905d93bc95068deaf6b6b1dac6fea942f4d18325f20835ffb02e9eba
SHA512 daa0ee358398716e38758b3bbb05a02e42f3a179327f13a536bb864a4d006f59f80c972e30b6cab0e5224852a64506f0f8c7b9d7f0ba784f1a90ab8ddb1b9ad5

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 8ae04eeec9a162c475b53a730d2a2b29
SHA1 2a38e85743b0cf920d09a6b530b31e3d412f801d
SHA256 647c468be84b9d053012fa0fe662f7cadcf1bddf49c484d7e7d882469ed84d42
SHA512 2959a6345283c879efb4348c3cf6618f5ca3d9e67817dbdad342981fc8432c069d5544436547ec7239949e42bb460f603729a2f3ee8db79ef7619e1560ee660e

C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

MD5 0e00a56890f037af40d52dd9dc1c73c2
SHA1 04a58468d5ce16924887b78b8669405f7fad58fa
SHA256 73f6652e9c4bcb18a68b1aeea36c3a992a5365c900663d2d9cd1283cc008cc8f
SHA512 db2ee96f60274793e6636fb8d4113ddbab1fac0885f91c52a313856701c43d4fd4788e373d9beeed092b2086864e878ced7e1fe3a43483b5786dcc0bd2f74f04

C:\Windows\Temp\Tmp9E58.tmp

MD5 187f71cf676c75ba8f9dbfe295620474
SHA1 823fb8879b4ef97f8972cbb4f8dd5d8f98ba7d8a
SHA256 d7ef83bbb1449815adb055c7c6c66052d1c103c9cfa81e10146fd87358b4616e
SHA512 83d08893a7c4df1c46b9759c725c96f4b4a72a95b7aa04e9fd01c703fb5755b4a3741582be2b78c1e23c7ceff678a77b280477c88299fb7f6ebc7755e1ff153f

C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

MD5 e85a5d6d9adc51fb31dab7a89f64e31d
SHA1 1256039cd702732e5107021c9710c46822354532
SHA256 f59883e8d8cea48cb6ec7dbd2ff819b820193eb7e1496122ce8403ba5f76b1cf
SHA512 5c05effd4a76f1b2180a89f8a0082088831d2e11cb62075714cef09564a58e44de551951159a913673fd6ce4f5bcb7d8efec08e6816f15ff3c4644e55f194a45

C:\Windows\Temp\TmpA0BB.tmp

MD5 e64d3c98128cf7014fea41fd4d7fd7ee
SHA1 2a50522b59cf80a883cbcda255699fe6e0e27da7
SHA256 f039f4be44b16ca18e2d40250671ffba168213ae73a51438dd37c6272ea27de7
SHA512 43f65a65f9f5f49a53b9145b03034fa614aac30054439c1b7f00b00b5bdc472660c84eff20bafd909c879d9a7d38d778335fa886457691c142f37f6a5dce0db6

C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

MD5 cd0c339503a284eaf3c0e47cf234dd14
SHA1 ad54a8026acdcc0d83bf1f3d96203489fb06f423
SHA256 804776acdf5e081e622a8880a83ac529e3a3543a8459d91f8ca4e723f4479751
SHA512 899498ce612bd66bba43cf068b0079d5525db6359f5e29fd87a298872f8237c82570e1e2793e0f41e2806b9b3a55ed3af3b6d8d74cc9e7619d1210c37d0995c2