General Info

URL

https://data-cdn.mbamupdates.com/web/mb3_acct_trial/mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe

Full analysis
https://app.any.run/tasks/d6d12b8d-4844-4c4a-9359-3a17e6407d60
Verdict
Malicious activity
Analysis date
6/16/2019, 11:41:43
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
300 seconds
Additional time used
240 seconds
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (73.0.3683.75)
  • Google Update Helper (1.3.33.23)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 65.0.2 (x86 en-US) (65.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • mbam.exe (PID: 2940)
  • mbamservice.exe (PID: 2796)
  • mbamtray.exe (PID: 1208)
  • WerFault.exe (PID: 1928)
Application was dropped or rewritten from another process
  • MBAMWsc.exe (PID: 728)
  • mbamtray.exe (PID: 1208)
  • mbam.exe (PID: 2940)
  • mbamservice.exe (PID: 2796)
  • mbamservice.exe (PID: 1972)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe (PID: 3428)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe (PID: 2628)
Changes settings of System certificates
  • mbamservice.exe (PID: 2796)
  • certutil.exe (PID: 304)
  • certutil.exe (PID: 2608)
Reads Internet Cache Settings
  • rundll32.exe (PID: 2972)
Creates files in the user directory
  • mbam.exe (PID: 2940)
  • rundll32.exe (PID: 2972)
Uses RUNDLL32.EXE to load library
  • mbam.exe (PID: 2940)
Reads the BIOS version
  • mbamservice.exe (PID: 2796)
Searches for installed software
  • mbamservice.exe (PID: 2796)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Creates or modifies windows services
  • mbamservice.exe (PID: 2796)
Adds / modifies Windows certificates
  • mbamservice.exe (PID: 2796)
Creates files in the driver directory
  • mbamservice.exe (PID: 2796)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Removes files from Windows directory
  • mbamservice.exe (PID: 2796)
  • certutil.exe (PID: 2608)
  • certutil.exe (PID: 304)
Creates files in the Windows directory
  • mbamservice.exe (PID: 2796)
  • certutil.exe (PID: 304)
  • certutil.exe (PID: 2608)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Creates COM task schedule object
  • mbamservice.exe (PID: 2796)
Executed as Windows Service
  • mbamservice.exe (PID: 2796)
Executable content was dropped or overwritten
  • mbamservice.exe (PID: 2796)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe (PID: 3428)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe (PID: 2628)
  • chrome.exe (PID: 3132)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Modifies the open verb of a shell class
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Changes IE settings (feature browser emulation)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Reads the Windows organization settings
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Reads Windows owner or organization settings
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Creates files in the program directory
  • mbamservice.exe (PID: 2796)
Dropped object may contain Bitcoin addresses
  • WerFault.exe (PID: 1928)
  • mbamservice.exe (PID: 2796)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Application was crashed
  • mbamtray.exe (PID: 1208)
Creates a software uninstall entry
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Loads dropped or rewritten executable
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Reads settings of System Certificates
  • mbamservice.exe (PID: 2796)
  • chrome.exe (PID: 3132)
Application was dropped or rewritten from another process
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 3320)
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)
Reads Internet Cache Settings
  • chrome.exe (PID: 3132)
Application launched itself
  • chrome.exe (PID: 3132)
Creates files in the program directory
  • mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp (PID: 2384)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Screenshots

Processes

Total processes
65
Monitored processes
26
Malicious processes
9
Suspicious processes
0

Behavior graph

+
drop and start start drop and start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp no specs mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp chrome.exe no specs certutil.exe no specs certutil.exe no specs mbamservice.exe no specs mbamservice.exe mbamtray.exe werfault.exe no specs mbam.exe rundll32.exe no specs mbamwsc.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
3132
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://data-cdn.mbamupdates.com/web/mb3_acct_trial/mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\samcli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\oleacc.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\hid.dll
c:\windows\system32\propsys.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\d3d11.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\credui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winusb.dll
c:\windows\system32\msi.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wpc.dll
c:\windows\system32\samlib.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\kbdus.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\users\admin\downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\mpr.dll

PID
3460
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=73.0.3683.75 --initial-client-data=0x7c,0x80,0x84,0x78,0x88,0x6f5e0f18,0x6f5e0f28,0x6f5e0f34
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll

PID
3332
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=2140 --on-initialized-event-handle=308 --parent-handle=312 /prefetch:6
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\ole32.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_watcher.dll

PID
1824
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=12093851127285970670 --mojo-platform-channel-handle=984 --ignored=" --type=renderer " /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll
c:\program files\google\chrome\application\73.0.3683.75\d3dcompiler_47.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libglesv2.dll
c:\program files\google\chrome\application\73.0.3683.75\swiftshader\libegl.dll

PID
936
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --service-pipe-token=16422241629782155459 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16422241629782155459 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2020 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1252
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --service-pipe-token=7889076824854982512 --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7889076824854982512 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
3520
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --service-pipe-token=17596412431970965992 --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=17596412431970965992 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2236 /prefetch:1
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2196
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAACAAwAAAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --service-request-channel-token=9698360212252228821 --mojo-platform-channel-handle=3644 /prefetch:2
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\mf.dll
c:\windows\system32\atl.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\avrt.dll
c:\windows\system32\ksuser.dll
c:\windows\system32\msmpeg2vdec.dll
c:\windows\system32\evr.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\slc.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\dxva2.dll

PID
2652
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --lang=en-US --no-sandbox --service-request-channel-token=1480933792067931018 --mojo-platform-channel-handle=3060 /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\twext.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sendmail.dll
c:\windows\system32\zipfldr.dll
c:\windows\system32\fxsresm.dll
c:\program files\winrar\rarext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\slc.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\notepad++\nppshell_06.dll
c:\windows\system32\acppage.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\msi.dll
c:\windows\system32\wer.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\netutils.dll

PID
2628
CMD
"C:\Users\admin\Downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe"
Path
C:\Users\admin\Downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
Indicators
Parent process
chrome.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Malwarebytes
Description
Malwarebytes
Version
3.7.1.2839
Modules
Image
c:\users\admin\downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-cam6h.tmp\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp

PID
3320
CMD
"C:\Users\admin\AppData\Local\Temp\is-CAM6H.tmp\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp" /SL5="$9016A,62600533,239616,C:\Users\admin\Downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe"
Path
C:\Users\admin\AppData\Local\Temp\is-CAM6H.tmp\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
Indicators
No indicators
Parent process
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-cam6h.tmp\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\apphelp.dll

PID
3428
CMD
"C:\Users\admin\Downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe" /SPAWNWND=$40142 /NOTIFYWND=$9016A
Path
C:\Users\admin\Downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
Indicators
Parent process
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Malwarebytes
Description
Malwarebytes
Version
3.7.1.2839
Modules
Image
c:\users\admin\downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\apphelp.dll
c:\users\admin\appdata\local\temp\is-8ijdv.tmp\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp

PID
2384
CMD
"C:\Users\admin\AppData\Local\Temp\is-8IJDV.tmp\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp" /SL5="$60140,62600533,239616,C:\Users\admin\Downloads\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe" /SPAWNWND=$40142 /NOTIFYWND=$9016A
Path
C:\Users\admin\AppData\Local\Temp\is-8IJDV.tmp\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
Indicators
Parent process
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Description
Setup/Uninstall
Version
51.1052.0.0
Modules
Image
c:\users\admin\appdata\local\temp\is-8ijdv.tmp\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\version.dll
c:\windows\system32\mpr.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\profapi.dll
c:\users\admin\appdata\local\temp\is-t8uj7.tmp\_isetup\_shfoldr.dll
c:\windows\system32\shfolder.dll
c:\users\admin\appdata\local\temp\is-t8uj7.tmp\innocallback.dll
c:\users\admin\appdata\local\temp\is-t8uj7.tmp\suhlpr.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\psapi.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\imageres.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\propsys.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\program files\malwarebytes\anti-malware\unins000.exe
c:\windows\system32\apphelp.dll
c:\program files\malwarebytes\anti-malware\mbamservice.exe
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll

PID
3980
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=15381492696964878371 --mojo-platform-channel-handle=3952 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
304
CMD
"certutil.exe" -f -addStore root "C:\Users\admin\AppData\Local\Temp\is-T8UJ7.tmp\BaltimoreCyberTrustRoot.crt"
Path
C:\Windows\system32\certutil.exe
Indicators
No indicators
Parent process
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
CertUtil.exe
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\certutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll

PID
2608
CMD
"certutil.exe" -f -addStore root "C:\Users\admin\AppData\Local\Temp\is-T8UJ7.tmp\DigiCertEVRoot.crt"
Path
C:\Windows\system32\certutil.exe
Indicators
No indicators
Parent process
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
CertUtil.exe
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wldap32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\samcli.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\version.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\certutil.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll

PID
1972
CMD
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" /service
Path
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Indicators
No indicators
Parent process
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Malwarebytes
Description
Malwarebytes Service
Version
3.2.0.765
Modules
Image
c:\program files\malwarebytes\anti-malware\mbamservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cscapi.dll

PID
2796
CMD
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
Path
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Malwarebytes
Description
Malwarebytes Service
Version
3.2.0.765
Modules
Image
c:\program files\malwarebytes\anti-malware\mbamservice.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\mpr.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\program files\malwarebytes\anti-malware\policiescontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\mbshlext.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\program files\malwarebytes\anti-malware\licensecontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\updatecontrollerimpl.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\program files\malwarebytes\anti-malware\cloudcontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\7z.dll
c:\program files\malwarebytes\anti-malware\telemetrycontrollerimpl.dll
c:\windows\system32\dhcpcsvc.dll
c:\program files\malwarebytes\anti-malware\cleancontrollerimpl.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\program files\malwarebytes\anti-malware\actionsshim.dll
c:\program files\malwarebytes\anti-malware\scancontrollerimpl.dll
c:\windows\system32\imagehlp.dll
c:\program files\malwarebytes\anti-malware\actions.dll
c:\windows\system32\samcli.dll
c:\program files\malwarebytes\anti-malware\mbamshim.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\program files\malwarebytes\anti-malware\swissarmyshim.dll
c:\program files\malwarebytes\anti-malware\swissarmy.dll
c:\windows\system32\tdh.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\spinf.dll
c:\windows\system32\spfileq.dll
c:\windows\system32\cabinet.dll
c:\program files\malwarebytes\anti-malware\browsersdkdllshim.dll
c:\program files\malwarebytes\anti-malware\browsersdkdll.dll
c:\program files\malwarebytes\anti-malware\rtpcontrollerimpl.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sspicli.dll
c:\program files\malwarebytes\anti-malware\mwaccontrollerimpl.dll
c:\windows\system32\normaliz.dll
c:\program files\malwarebytes\anti-malware\arwcontrollerimpl.dll
c:\windows\system32\winsta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\rasadhlp.dll
c:\program files\malwarebytes\anti-malware\aecontrollerimpl.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ncrypt.dll
c:\program files\malwarebytes\anti-malware\spcontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\selfprotectionshim.dll
c:\program files\malwarebytes\anti-malware\selfprotectionsdk.dll
c:\windows\system32\apphelp.dll
c:\program files\malwarebytes\anti-malware\mbamtray.exe
c:\program files\malwarebytes\anti-malware\rtpshim.dll
c:\program files\malwarebytes\anti-malware\arwsdkshim.dll
c:\program files\malwarebytes\anti-malware\aeshim.dll
c:\program files\malwarebytes\anti-malware\mwacsdkshim.dll
c:\program files\malwarebytes\anti-malware\arwlib.dll
c:\windows\system32\fltlib.dll
c:\program files\malwarebytes\anti-malware\mbamcore.dll
c:\program files\malwarebytes\anti-malware\mwaclib.dll
c:\program files\malwarebytes\anti-malware\mbae-api-na.dll
c:\windows\system32\gpapi.dll
c:\program files\malwarebytes\anti-malware\rtp.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\credssp.dll
c:\windows\system32\dhcpcsvc6.dll
c:\program files\malwarebytes\anti-malware\mbamwsc.exe

PID
1208
CMD
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
Path
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Indicators
Parent process
mbamservice.exe
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Malwarebytes
Description
Malwarebytes Tray Application
Version
3.1.0.1807
Modules
Image
c:\program files\malwarebytes\anti-malware\mbamtray.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\program files\malwarebytes\anti-malware\qt5quick.dll
c:\program files\malwarebytes\anti-malware\qt5gui.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\program files\malwarebytes\anti-malware\qt5core.dll
c:\windows\system32\mpr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\program files\malwarebytes\anti-malware\msvcp140.dll
c:\program files\malwarebytes\anti-malware\vcruntime140.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\ucrtbase.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-localization-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-file-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-file-l2-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-synch-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-string-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-math-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-time-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\qt5qml.dll
c:\program files\malwarebytes\anti-malware\qt5network.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\malwarebytes\anti-malware\qt5widgets.dll
c:\windows\system32\uxtheme.dll
c:\program files\malwarebytes\anti-malware\qt5winextras.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\psapi.dll
c:\program files\malwarebytes\anti-malware\mbcut.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\malwarebytes\anti-malware\platforms\qwindows.dll
c:\windows\system32\cryptbase.dll
c:\program files\malwarebytes\anti-malware\styles\qwindowsvistastyle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll

PID
1928
CMD
C:\Windows\system32\WerFault.exe -u -p 1208 -s 580
Path
C:\Windows\system32\WerFault.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows Problem Reporting
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\werfault.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wer.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\program files\malwarebytes\anti-malware\mbamtray.exe
c:\program files\malwarebytes\anti-malware\qt5core.dll
c:\windows\system32\dbgeng.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\apphelp.dll
c:\program files\malwarebytes\anti-malware\7z.dll
c:\program files\malwarebytes\anti-malware\actions.dll
c:\program files\malwarebytes\anti-malware\actionsshim.dll
c:\program files\malwarebytes\anti-malware\aecontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\aeshim.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-console-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-console-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-datetime-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-debug-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-errorhandling-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-file-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-file-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-file-l2-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-handle-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-heap-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-interlocked-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-libraryloader-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-localization-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-memory-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-namedpipe-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-processenvironment-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-profile-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-rtlsupport-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-string-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-synch-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-synch-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-sysinfo-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-util-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-xstate-l2-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-conio-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-math-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-multibyte-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-private-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-process-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-string-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-time-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\arwcontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\arwlib.dll
c:\program files\malwarebytes\anti-malware\arwsdkshim.dll
c:\program files\malwarebytes\anti-malware\assistant.exe
c:\program files\malwarebytes\anti-malware\browsersdkdll.dll
c:\program files\malwarebytes\anti-malware\browsersdkdllshim.dll
c:\program files\malwarebytes\anti-malware\cleancontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\cloudcontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\licensecontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\malwarebytes_assistant.exe
c:\program files\malwarebytes\anti-malware\mbae-api-na.dll
c:\program files\malwarebytes\anti-malware\mbae.dll
c:\program files\malwarebytes\anti-malware\mbam.exe
c:\program files\malwarebytes\anti-malware\mbamcore.dll
c:\program files\malwarebytes\anti-malware\mbampt.exe
c:\program files\malwarebytes\anti-malware\mbamservice.exe
c:\program files\malwarebytes\anti-malware\mbamshim.dll
c:\program files\malwarebytes\anti-malware\mbamwsc.exe
c:\program files\malwarebytes\anti-malware\mbcut.dll
c:\program files\malwarebytes\anti-malware\mbshlext.dll
c:\program files\malwarebytes\anti-malware\msvcp140.dll
c:\program files\malwarebytes\anti-malware\mwaccontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\mwaclib.dll
c:\program files\malwarebytes\anti-malware\mwacsdkshim.dll
c:\program files\malwarebytes\anti-malware\policiescontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\qt5gui.dll
c:\program files\malwarebytes\anti-malware\qt5network.dll
c:\program files\malwarebytes\anti-malware\qt5qml.dll
c:\program files\malwarebytes\anti-malware\qt5quick.dll
c:\program files\malwarebytes\anti-malware\qt5svg.dll
c:\program files\malwarebytes\anti-malware\qt5widgets.dll
c:\program files\malwarebytes\anti-malware\qt5winextras.dll
c:\program files\malwarebytes\anti-malware\rtp.dll
c:\program files\malwarebytes\anti-malware\rtpcontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\rtpshim.dll
c:\program files\malwarebytes\anti-malware\scancontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\selfprotectionsdk.dll
c:\program files\malwarebytes\anti-malware\selfprotectionshim.dll
c:\program files\malwarebytes\anti-malware\spcontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\suhlpr.dll
c:\program files\malwarebytes\anti-malware\swissarmy.dll
c:\program files\malwarebytes\anti-malware\swissarmyshim.dll
c:\program files\malwarebytes\anti-malware\telemetrycontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\ucrtbase.dll
c:\program files\malwarebytes\anti-malware\unins000.exe
c:\program files\malwarebytes\anti-malware\updatecontrollerimpl.dll
c:\program files\malwarebytes\anti-malware\vcruntime140.dll
c:\program files\malwarebytes\anti-malware\zlib.dll
c:\program files\malwarebytes\anti-malware\iconengines\qsvgicon.dll
c:\program files\malwarebytes\anti-malware\imageformats\qico.dll
c:\program files\malwarebytes\anti-malware\imageformats\qsvg.dll
c:\program files\malwarebytes\anti-malware\platforms\qwindows.dll
c:\program files\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
c:\program files\malwarebytes\anti-malware\qt\labs\settings\qmlsettingsplugin.dll
c:\program files\malwarebytes\anti-malware\qtqml\models.2\modelsplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\controls\qtquickcontrolsplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\dialogs\dialogplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\layouts\qquicklayoutsplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\privatewidgets\widgetsplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\window.2\windowplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick.2\qtquick2plugin.dll
c:\program files\malwarebytes\anti-malware\qtwinextras\qml_winextras.dll
c:\program files\malwarebytes\anti-malware\scenegraph\qsgd3d12backend.dll
c:\program files\malwarebytes\anti-malware\styles\qwindowsvistastyle.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\profapi.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\mpr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\system32\verifier.dll

PID
2940
CMD
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
Path
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Indicators
Parent process
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
User
admin
Integrity Level
MEDIUM
Version:
Company
Malwarebytes
Description
Malwarebytes
Version
3.1.0.1807
Modules
Image
c:\program files\malwarebytes\anti-malware\mbam.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\malwarebytes\anti-malware\qt5quick.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\program files\malwarebytes\anti-malware\qt5gui.dll
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\glu32.dll
c:\windows\system32\ddraw.dll
c:\windows\system32\dciman32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\program files\malwarebytes\anti-malware\qt5core.dll
c:\windows\system32\mpr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\version.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\winmm.dll
c:\program files\malwarebytes\anti-malware\msvcp140.dll
c:\program files\malwarebytes\anti-malware\vcruntime140.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-runtime-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\ucrtbase.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-localization-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-processthreads-l1-1-1.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-file-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-timezone-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-file-l2-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-core-synch-l1-2-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-string-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-heap-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-stdio-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-convert-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-locale-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-math-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-time-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-filesystem-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-environment-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\api-ms-win-crt-utility-l1-1-0.dll
c:\program files\malwarebytes\anti-malware\qt5qml.dll
c:\program files\malwarebytes\anti-malware\qt5network.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\program files\malwarebytes\anti-malware\qt5svg.dll
c:\program files\malwarebytes\anti-malware\qt5widgets.dll
c:\windows\system32\uxtheme.dll
c:\program files\malwarebytes\anti-malware\qt5winextras.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\program files\malwarebytes\anti-malware\mbcut.dll
c:\windows\system32\psapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\malwarebytes\anti-malware\platforms\qwindows.dll
c:\windows\system32\cryptbase.dll
c:\program files\malwarebytes\anti-malware\styles\qwindowsvistastyle.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sxs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rundll32.exe
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll
c:\program files\malwarebytes\anti-malware\imageformats\qico.dll
c:\program files\malwarebytes\anti-malware\imageformats\qsvg.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\program files\malwarebytes\anti-malware\qtquick.2\qtquick2plugin.dll
c:\windows\system32\fwpuclnt.dll
c:\program files\malwarebytes\anti-malware\qtquick\window.2\windowplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\controls\qtquickcontrolsplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\layouts\qquicklayoutsplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\dialogs\dialogplugin.dll
c:\program files\malwarebytes\anti-malware\qtwinextras\qml_winextras.dll
c:\program files\malwarebytes\anti-malware\qtqml\models.2\modelsplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\dialogs\private\dialogsprivateplugin.dll
c:\program files\malwarebytes\anti-malware\qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
c:\program files\malwarebytes\anti-malware\qt\labs\settings\qmlsettingsplugin.dll
c:\program files\malwarebytes\anti-malware\qtquick\privatewidgets\widgetsplugin.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\dwrite.dll
c:\program files\malwarebytes\anti-malware\iconengines\qsvgicon.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wpdshext.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\slc.dll
c:\windows\system32\imageres.dll

PID
2972
CMD
"C:\Windows\system32\rundll32.exe" "C:\Windows\system32\WININET.dll",DispatchAPICall 1
Path
C:\Windows\system32\rundll32.exe
Indicators
No indicators
Parent process
mbam.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows host process (Rundll32)
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\wininet.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\rasadhlp.dll

PID
728
CMD
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe" /wac 1 /status on true /updatesubstatus none /scansubstatus recommended /settingssubstatus none
Path
C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
Indicators
No indicators
Parent process
mbamservice.exe
User
SYSTEM
Integrity Level
SYSTEM
Exit code
3221225506
Version:
Company
Malwarebytes
Description
Version
3.0.0.198
Modules
Image
c:\program files\malwarebytes\anti-malware\mbamwsc.exe
c:\systemroot\system32\ntdll.dll

PID
2540
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=11711011933151672571 --mojo-platform-channel-handle=1464 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Exit code
0
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
2276
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=2962567689433884841 --mojo-platform-channel-handle=4128 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\winmm.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\program files\google\chrome\application\73.0.3683.75\chrome_child.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\dwrite.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dbghelp.dll
c:\windows\system32\comdlg32.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\cryptbase.dll

PID
1688
CMD
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=972,1202593172576514276,2785419405118137926,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=13849488768291928838 --mojo-platform-channel-handle=4120 --ignored=" --type=renderer " /prefetch:8
Path
C:\Program Files\Google\Chrome\Application\chrome.exe
Indicators
No indicators
Parent process
chrome.exe
User
admin
Integrity Level
LOW
Version:
Company
Google Inc.
Description
Google Chrome
Version
73.0.3683.75
Modules
Image

Registry activity

Total events
3029
Read events
1750
Write events
1270
Delete events
9

Modification events

PID
Process
Operation
Key
Name
Value
3132
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3132
chrome.exe
delete key
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
failed_count
0
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
2
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
StatusCodes
01000000
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
state
1
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
dr
1
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome
UsageStatsInSample
0
3132
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
usagestats
0
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_installdate
0
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
metricsid_enableddate
0
3132
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
aggregate
sum()
3132
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumAccounts
S-1-5-21-1302019708-1500728564-335382590-1000
1
3132
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
aggregate
sum()
3132
chrome.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_NumSignedIn
S-1-5-21-1302019708-1500728564-335382590-1000
0
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\StabilityMetrics
user_experience_metrics.stability.exited_cleanly
0
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
lastrun
13205151735500375
3132
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000071000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E30706000000100009002A003500390000000000
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\Enum
Implementing
1C00000001000000E30706000000100009002A0035003D0000000000
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\PTimes
C
048BA0FD2724D501
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C1
1C1GCEA_enUA812UA812
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C2
1C2GCEA_enUA812
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Common\Rlz\RLZs
C7
1C7GCEA_enUA812
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aapocclcgogkmnckokdopfmhonfmgoek
37B9F76C320232A0958242D8138D5DAD6C7596F98C18042CD8A13EF424E20AC1
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ahfgeienlihckogmohjhadlkjgocpleb
15B1C3FE35F29528448F36A72A4DFBC58A8083C7190559D25865779166D220A2
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
aohghmighlieiainnegkcijnfilokake
EF5ECE5300336C893DB28A616EE9F03E69373C680840679ED39A37009EF61B10
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
apdfllckaahabafndbhieahigkjlhalf
7647A7BFAB31505C35E885A9EFB23568E78DE24559E63BF9AFDCC4769AD9F110
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
blpcfgokakmgnkcojhhkbfbldkacnbeo
A3275D831B39E12EC4A7CAE1E25C3C6245E8A3DE4A29DD6E5C57D72C5435776F
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
felcaaldnbdncclmgdcncolpebgiejap
FBACF06C9BBA45FC7C5D002F509BF9641885E883C82646934D9BAF4AC377D518
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
gfdkimpbcpahaombhbimeihdjnejgicl
D6B079666F209503A09486C70AC09307652A0F7F783166A999B27C99D0DA79E2
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
ghbmnnjooekpmoecnnnilnnbdlolhkhi
D1C181E2A2DA9E61229DAD8A4D546A0F0E394BAECC3ACC9B9B2B33941CC3154A
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
kmendfapggjehodndflmmgagdbamhnfd
00175B8120231631976CA8B862A3416996C9373BA3D289F0619DDA992973DDFA
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mfehgcgbbipciphmccgaenjidiccnmng
63355C14E8C7DF9A075F2EDDEA6F2807DC8166B83F96F4C975B9B6554C6324D7
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
mhjfbmdgcfjbbpaeojofohoefgiehjai
0E265BFED6F1C7D5F0A9BD790C50BB30E78E959631D51EEBB8BB0DE73E65763C
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
neajdppkdcdipfabeoofebfddakdcjhd
04A45240BDA55E8777FA04357712CA6DD942253A21323E4C7D3CCF769B34BFED
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nkeimhogjdpnpccoofpliimaahmaaome
EFA63CBF982B82CF44E63E567FF3BB95FE3F51570D9A0CED8846E77B13199169
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
nmmhkkegccagdldgiimedpiccmgmieda
8640690787CDAED4D7AF3B9DEE86F036C7DF019CA22D3A3BA07F04F18E24B4A9
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pjkljhegncpnkpknbcohdijeoejaedia
C7DC74C3314E81DECE0E8C2C3125AFCAACAA6C78A63AA8B3D601B50B64B4E453
3132
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\PreferenceMACs\Default\extensions.settings
pkedcjkdefgpdelpbcmbmeomcjbeemfm
230C2396765981675322D6D42D1170C14223FC3D694C857C5A54D6487496FFEB
3332
chrome.exe
write
HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
3132-13205151733828500
259
2652
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2652
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-21
Desktop (create shortcut)
2652
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@zipfldr.dll,-10148
Compressed (zipped) folder
2652
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@sendmail.dll,-4
Mail recipient
2652
chrome.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
@C:\Windows\system32\FXSRESM.dll,-120
Fax recipient
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
mbam.exe
11000
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION
mbamtray.exe
11000
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MBAMService
Service
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\MBAMService
Service
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_CURRENT_USER\Software\Malwarebytes
FirstRun
false
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\malwarebytes
URL:Malwarebytes Protocol
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\malwarebytes
URL Protocol
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\malwarebytes\DefaultIcon
C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe,0
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\malwarebytes\shell\open\command
"C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe" -uri "%1"
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
Inno Setup: Setup Version
5.5.8 (u)
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
Inno Setup: App Path
C:\Program Files\Malwarebytes\Anti-Malware
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
InstallLocation
C:\Program Files\Malwarebytes\Anti-Malware\
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
Inno Setup: Icon Group
Malwarebytes
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
Inno Setup: User
admin
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
Inno Setup: Selected Tasks
desktopicon
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
Inno Setup: Deselected Tasks
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
Inno Setup: Language
en
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
DisplayName
Malwarebytes version 3.7.1.2839
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
DisplayIcon
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
UninstallString
"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
QuietUninstallString
"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /SILENT
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
DisplayVersion
3.7.1.2839
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
Publisher
Malwarebytes
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
URLInfoAbout
http://malwarebytes.com
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
NoModify
1
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
NoRepair
1
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
InstallDate
20190616
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
MajorVersion
3
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
MinorVersion
7
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
EstimatedSize
161858
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
UninstallString
"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /LOG
2384
mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.tmp
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1
QuietUninstallString
"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" /SILENT /LOG
304
certutil.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
304
certutil.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
Blob
030000000100000014000000D4DE20D05E66FC53FE1A50882C78DB2852CAE47420000000010000007B030000308203773082025FA0030201020204020000B9300D06092A864886F70D0101050500305A310B300906035504061302494531123010060355040A130942616C74696D6F726531133011060355040B130A43796265725472757374312230200603550403131942616C74696D6F7265204379626572547275737420526F6F74301E170D3030303531323138343630305A170D3235303531323233353930305A305A310B300906035504061302494531123010060355040A130942616C74696D6F726531133011060355040B130A43796265725472757374312230200603550403131942616C74696D6F7265204379626572547275737420526F6F7430820122300D06092A864886F70D01010105000382010F003082010A0282010100A304BB22AB983D57E826729AB579D429E2E1E89580B1B0E35B8E2B299A64DFA15DEDB009056DDB282ECE62A262FEB488DA12EB38EB219DC0412B01527B8877D31C8FC7BAB988B56A09E773E81140A7D1CCCA628D2DE58F0BA650D2A850C328EAF5AB25878A9A961CA967B83F0CD5F7F952132FC21BD57070F08FC012CA06CB9AE1D9CA337A77D6F8ECB9F16844424813D2C0C2A4AE5E60FEB6A605FCB4DD075902D459189863F5A563E0900C7D5DB2067AF385EAEBD403AE5E843E5FFF15ED69BCF939367275CF77524DF3C9902CB93DE5C923533F1F2498215C079929BDC63AECE76E863A6B97746333BD681831F0788D76BFFC9E8E5D2A86A74D90DC271A390203010001A3453043301D0603551D0E04160414E59D5930824758CCACFA085436867B3AB5044DF030120603551D130101FF040830060101FF020103300E0603551D0F0101FF040403020106300D06092A864886F70D01010505000382010100850C5D8EE46F51684205A0DDBB4F27258403BDF764FD2DD730E3A41017EBDA2929B6793F76F6191323B8100AF958A4D46170BD04616A128A17D50ABDC5BC307CD6E90C258D86404FECCCA37E38C637114FEDDD68318E4CD2B30174EEBE755E07481A7F70FF165C84C07985B805FD7FBE6511A30FC002B4F852373904D5A9317A18BFA02AF41299F7A34582E33C5EF59D9EB5C89E7C2EC8A49E4E08144B6DFD706D6B1A63BD64E61FB7CEF0F29F2EBB1BB7F250887392C2E2E3168D9A3202AB8E18DDE91011EE7E35AB90AF3E30947AD0333DA7650FF5FC8E9E62CF47442C015DBB1DB532D247D2382ED0FE81DC326A1EB5EE3CD5FCE7811D19C32442EA6339A9
2608
certutil.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
LanguageList
en-US
2608
certutil.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Blob
0300000001000000140000005FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC252000000001000000C9030000308203C5308202ADA003020102021002AC5C266A0B409B8F0B79F2AE462577300D06092A864886F70D0101050500306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B30290603550403132244696769436572742048696768204173737572616E636520455620526F6F74204341301E170D3036313131303030303030305A170D3331313131303030303030305A306C310B300906035504061302555331153013060355040A130C446967694365727420496E6331193017060355040B13107777772E64696769636572742E636F6D312B30290603550403132244696769436572742048696768204173737572616E636520455620526F6F7420434130820122300D06092A864886F70D01010105000382010F003082010A0282010100C6CCE573E6FBD4BBE52D2D32A6DFE5813FC9CD2549B6712AC3D5943467A20A1CB05F69A640B1C4B7B28FD098A4A941593AD3DC94D63CDB7438A44ACC4D2582F74AA5531238EEF3496D71917E63B6ABA65FC3A484F84F6251BEF8C5ECDB3892E306E508910CC4284155FBCB5A89157E71E835BF4D72093DBE3A38505B77311B8DB3C724459AA7AC6D00145A04B7BA13EB510A984141224E656187814150A6795C89DE194A57D52EE65D1C532C7E98CD1A0616A46873D03404135CA171D35A7C55DB5E64E13787305604E511B4298012F1793988A202117C2766B788B778F2CA0AA838AB0A64C2BF665D9584C1A1251E875D1A500B2012CC41BB6E0B5138B84BCB0203010001A3633061300E0603551D0F0101FF040403020186300F0603551D130101FF040530030101FF301D0603551D0E04160414B13EC36903F8BF4701D498261A0802EF63642BC3301F0603551D23041830168014B13EC36903F8BF4701D498261A0802EF63642BC3300D06092A864886F70D010105050003820101001C1A0697DCD79C9F3C886606085721DB2147F82A67AABF183276401057C18AF37AD911658E35FA9EFC45B59ED94C314BB891E8432C8EB378CEDBE3537971D6E5219401DA55879A2464F68A66CCDE9C37CDA834B1699B23C89E78222B7043E35547316119EF58C5852F4E30F6A0311623C8E7E2651633CBBF1A1BA03DF8CA5E8B318B6008892D0C065C52B7C4F90A98D1155F9F12BE7C366338BD44A47FE4262B0AC497690DE98CE2C01057B8C876129155F24869D8BC2A025B0F44D42031DBF4BA70265D90609EBC4B17092FB4CB1E4368C90727C1D25CF7EA21B968129C3C9CBF9EFC805C9B63CDEC47AA252767A037F300827D54D7A9F8E92E13A377E81F4A
1972
mbamservice.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32
1972
mbamservice.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\ProgID
1972
mbamservice.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\Programmable
1972
mbamservice.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\TypeLib
1972
mbamservice.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\Version
1972
mbamservice.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\VersionIndependentProgID
1972
mbamservice.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.MBAMServiceController.1
MBAMServiceController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.MBAMServiceController.1\CLSID
{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.MBAMServiceController
MBAMServiceController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.MBAMServiceController\CurVer
MB.MBAMServiceController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}
MBAMServiceController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\ProgID
MB.MBAMServiceController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\VersionIndependentProgID
MB.MBAMServiceController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\TypeLib
{783B187E-360F-419C-B6DA-592892764A01}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\MBAMService
EventMessageFile
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\MBAMService
TypesSupported
7
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
LocalService
MBAMService
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.AEController.1
AEController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.AEController.1\CLSID
{F415899A-1576-4C8B-BC9F-4854781F8A20}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.AEController
AEController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.AEController\CurVer
MB.AEController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}
AEController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\ProgID
MB.AEController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\VersionIndependentProgID
MB.AEController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\TypeLib
{2446F405-83F0-460F-B837-F04540BB330C}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.ArwController.1
ArwController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.ArwController.1\CLSID
{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.ArwController
ArwController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.ArwController\CurVer
MB.ArwController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}
ArwController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\ProgID
MB.ArwController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\VersionIndependentProgID
MB.ArwController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\TypeLib
{A23C190D-C714-42C7-BDBB-F4E1DE65AF27}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.CleanController.1
CleanController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.CleanController.1\CLSID
{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.CleanController
CleanController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.CleanController\CurVer
MB.CleanController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}
CleanController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\ProgID
MB.CleanController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\VersionIndependentProgID
MB.CleanController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.CloudController.1
CloudController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.CloudController.1\CLSID
{BF474111-9116-45C6-AF53-209E64F1BB53}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.CloudController
CloudController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.CloudController\CurVer
MB.CloudController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}
CloudController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\ProgID
MB.CloudController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\VersionIndependentProgID
MB.CloudController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\TypeLib
{F5BCAC7E-75E7-4971-B3F3-B197A510F495}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.LicenseController.1
LicenseController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.LicenseController.1\CLSID
{580243BF-3CEE-4131-A599-C6FED66BEB1B}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.LicenseController
LicenseController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.LicenseController\CurVer
MB.LicenseController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}
LicenseController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\ProgID
MB.LicenseController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\VersionIndependentProgID
MB.LicenseController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\TypeLib
{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.LogController.1
LogController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.LogController.1\CLSID
{251AD013-20AD-4C3F-8FE2-F66A429B4819}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.LogController
LogController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.LogController\CurVer
MB.LogController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}
LogController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\ProgID
MB.LogController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\VersionIndependentProgID
MB.LogController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\TypeLib
{C731375E-3199-4C88-8326-9F81D3224DAD}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.MWACController.1
MWACController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.MWACController.1\CLSID
{8F1C46F8-E697-4175-B240-CDE682A4BA2D}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.MWACController
MWACController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.MWACController\CurVer
MB.MWACController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}
MWACController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\ProgID
MB.MWACController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\VersionIndependentProgID
MB.MWACController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\TypeLib
{49F6AC60-2104-42C6-8F71-B3916D5AA732}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.PoliciesController.1
PoliciesController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.PoliciesController.1\CLSID
{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.PoliciesController
PoliciesController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.PoliciesController\CurVer
MB.PoliciesController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}
PoliciesController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\ProgID
MB.PoliciesController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\VersionIndependentProgID
MB.PoliciesController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\TypeLib
{0E2822AB-0447-4F28-AF4C-FFDB1E8595AE}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.RTPController.1
RTPController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.RTPController.1\CLSID
{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.RTPController
RTPController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.RTPController\CurVer
MB.RTPController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}
RTPController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\ProgID
MB.RTPController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\VersionIndependentProgID
MB.RTPController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\TypeLib
{FFB94DF8-FC15-411C-B443-E937085E2AC1}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}
CustomScanParameters Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}
MinimalScanParameters Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}
NormalScanParameters Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.ScanController.1
ScanController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.ScanController.1\CLSID
{D5599B6B-FA0C-45B5-8309-853B003EA412}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.ScanController
ScanController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.ScanController\CurVer
MB.ScanController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}
ScanController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\ProgID
MB.ScanController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\VersionIndependentProgID
MB.ScanController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}
Scanner Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.SPController.1
SPController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.SPController.1\CLSID
{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.SPController
SPController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.SPController\CurVer
MB.SPController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}
SPController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\ProgID
MB.SPController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\VersionIndependentProgID
MB.SPController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\TypeLib
{59DBD1B8-A7BD-4322-998F-41B0D2516FA0}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}
ExploitRecord Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\TypeLib
{226C1698-A075-4315-BB5D-9C164A96ACE7}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.TelemetryController.1
TelemetryController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.TelemetryController.1\CLSID
{DE03E614-112D-43E0-8E15-E7236CC32108}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.TelemetryController
TelemetryController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.TelemetryController\CurVer
MB.TelemetryController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}
TelemetryController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\ProgID
MB.TelemetryController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\VersionIndependentProgID
MB.TelemetryController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\TypeLib
{226C1698-A075-4315-BB5D-9C164A96ACE7}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.UpdateController.1
UpdateController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.UpdateController.1\CLSID
{376BE474-56D4-4177-BB4E-5610156F36C8}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.UpdateController
UpdateController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MB.UpdateController\CurVer
MB.UpdateController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}
UpdateController Class
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\ProgID
MB.UpdateController.1
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\VersionIndependentProgID
MB.UpdateController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32
ServerExecutable
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\TypeLib
{74630AE8-C170-4A8F-A90A-F42D63EFE1E8}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}
AppID
{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}\1.0
MBAMServiceLib
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}\1.0\FLAGS
0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}\1.0\0\win32
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{783B187E-360F-419C-B6DA-592892764A01}\1.0\HELPDIR
C:\Program Files\Malwarebytes\Anti-Malware
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB30855D-36DF-41BD-9EEE-03BA7E8E70B7}
IMBAMServiceControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB30855D-36DF-41BD-9EEE-03BA7E8E70B7}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB30855D-36DF-41BD-9EEE-03BA7E8E70B7}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB30855D-36DF-41BD-9EEE-03BA7E8E70B7}\TypeLib
{783B187E-360F-419C-B6DA-592892764A01}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB30855D-36DF-41BD-9EEE-03BA7E8E70B7}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}
_IMBAMServiceControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\TypeLib
{783B187E-360F-419C-B6DA-592892764A01}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{97DA9E74-558F-4085-AE41-6A82ED12D02C}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}
IMBAMServiceControllerEventsV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F927AD37-BA5F-4B86-AE22-FE2371B12955}
_ILogControllerEntryEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F927AD37-BA5F-4B86-AE22-FE2371B12955}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F927AD37-BA5F-4B86-AE22-FE2371B12955}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F927AD37-BA5F-4B86-AE22-FE2371B12955}\TypeLib
{C731375E-3199-4C88-8326-9F81D3224DAD}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F927AD37-BA5F-4B86-AE22-FE2371B12955}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}\1.0
ScanControllerCOMLib
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}\1.0\FLAGS
0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}\1.0\0\win32
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe\3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}\1.0\HELPDIR
C:\Program Files\Malwarebytes\Anti-Malware
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE}
IScanParameters
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89AE2EF4-3346-47C7-9DCF-ED3264527FDE}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F}
IScanParametersV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1861D707-8D71-497D-8145-62D5CBF4222F}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EF16D72-5906-4045-86BC-16826F6212FE}
IScanParametersV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EF16D72-5906-4045-86BC-16826F6212FE}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EF16D72-5906-4045-86BC-16826F6212FE}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EF16D72-5906-4045-86BC-16826F6212FE}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7EF16D72-5906-4045-86BC-16826F6212FE}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7}
IScanParametersV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6655E528-3168-47A4-BF82-A71E9E6AB5F7}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}
IScannerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5F128CCB-D86F-4998-803A-7CD58474FE2C}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60}
_IScannerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71B13605-3569-4F4A-B971-08FF179A3A60}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}
IScanner
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A5091804-600E-4226-BF28-80ABFDF4AFAB}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B440A-6CBC-4AFD-AA22-444552960E50}
IScanController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B440A-6CBC-4AFD-AA22-444552960E50}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B440A-6CBC-4AFD-AA22-444552960E50}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B440A-6CBC-4AFD-AA22-444552960E50}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F77B440A-6CBC-4AFD-AA22-444552960E50}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}
IScanControllerV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0DB6AD16-564C-451A-A173-0F31A62B7A4D}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}
IScanControllerV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DAE713-FD88-4ADB-9406-04CB574D543C}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}
IScanControllerV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\TypeLib
{783B187E-360F-419C-B6DA-592892764A01}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFC6C7E6-8475-4F9B-AC56-AD22BECF91C4}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}
_IMBAMServiceControllerEventsV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}\TypeLib
{783B187E-360F-419C-B6DA-592892764A01}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C5B86F3-CEB8-44E3-9B83-6F6AF035E872}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31A02CB9-6064-4A3B-BCB4-A329528D4648}
IMBAMServiceController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31A02CB9-6064-4A3B-BCB4-A329528D4648}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31A02CB9-6064-4A3B-BCB4-A329528D4648}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31A02CB9-6064-4A3B-BCB4-A329528D4648}\TypeLib
{783B187E-360F-419C-B6DA-592892764A01}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{31A02CB9-6064-4A3B-BCB4-A329528D4648}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}
IMBAMServiceControllerV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\TypeLib
{783B187E-360F-419C-B6DA-592892764A01}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BAFDF38F-72A8-4791-AACC-72EB8E09E460}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37}
IMBAMServiceControllerV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37}\TypeLib
{783B187E-360F-419C-B6DA-592892764A01}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3498D9E4-6476-4AC0-B53A-75BC9955EF37}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}
IMBAMServiceControllerV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\TypeLib
{783B187E-360F-419C-B6DA-592892764A01}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ABC1D1AF-23ED-4483-BDA4-90BCC21DFBDB}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}\1.0
LogControllerCOMLib
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}\1.0\FLAGS
0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}\1.0\0\win32
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe\2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C731375E-3199-4C88-8326-9F81D3224DAD}\1.0\HELPDIR
C:\Program Files\Malwarebytes\Anti-Malware
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}
ILogEntry
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}\TypeLib
{C731375E-3199-4C88-8326-9F81D3224DAD}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{106E3995-72F9-458A-A317-9AFF9E45A1F0}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C842243-BDAD-4A93-B282-93E3FCBC1CA4}
ILogController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C842243-BDAD-4A93-B282-93E3FCBC1CA4}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C842243-BDAD-4A93-B282-93E3FCBC1CA4}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C842243-BDAD-4A93-B282-93E3FCBC1CA4}\TypeLib
{C731375E-3199-4C88-8326-9F81D3224DAD}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8C842243-BDAD-4A93-B282-93E3FCBC1CA4}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}
ILogControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\TypeLib
{C731375E-3199-4C88-8326-9F81D3224DAD}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3B24818-1CC9-4825-96A9-1DB596E079C8}
_ILogControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3B24818-1CC9-4825-96A9-1DB596E079C8}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3B24818-1CC9-4825-96A9-1DB596E079C8}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3B24818-1CC9-4825-96A9-1DB596E079C8}\TypeLib
{C731375E-3199-4C88-8326-9F81D3224DAD}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B3B24818-1CC9-4825-96A9-1DB596E079C8}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}
ILogControllerEntryEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}\TypeLib
{C731375E-3199-4C88-8326-9F81D3224DAD}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{40D6E119-3897-41B3-AC5D-5FE6F088C97B}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{553B1C62-BE94-4CE0-8041-EB3BC1329D20}
IScanControllerV5
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{553B1C62-BE94-4CE0-8041-EB3BC1329D20}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{553B1C62-BE94-4CE0-8041-EB3BC1329D20}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{553B1C62-BE94-4CE0-8041-EB3BC1329D20}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{553B1C62-BE94-4CE0-8041-EB3BC1329D20}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{118F4330-CAF5-4A54-ABB0-DC936669ED2F}
IScanControllerV6
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{118F4330-CAF5-4A54-ABB0-DC936669ED2F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{118F4330-CAF5-4A54-ABB0-DC936669ED2F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{118F4330-CAF5-4A54-ABB0-DC936669ED2F}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{118F4330-CAF5-4A54-ABB0-DC936669ED2F}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{115D004C-CC20-4945-BCC8-FE5043DD42D0}
IScanControllerV7
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{115D004C-CC20-4945-BCC8-FE5043DD42D0}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{115D004C-CC20-4945-BCC8-FE5043DD42D0}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{115D004C-CC20-4945-BCC8-FE5043DD42D0}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{115D004C-CC20-4945-BCC8-FE5043DD42D0}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A66A096-E54B-4F72-8654-ED7715B07B43}
IScanControllerV8
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A66A096-E54B-4F72-8654-ED7715B07B43}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A66A096-E54B-4F72-8654-ED7715B07B43}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A66A096-E54B-4F72-8654-ED7715B07B43}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A66A096-E54B-4F72-8654-ED7715B07B43}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AEBAD20-B80A-427D-B7D5-D2983291132E}
ICustomScanParameters
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AEBAD20-B80A-427D-B7D5-D2983291132E}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AEBAD20-B80A-427D-B7D5-D2983291132E}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AEBAD20-B80A-427D-B7D5-D2983291132E}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7AEBAD20-B80A-427D-B7D5-D2983291132E}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04F8CDB5-1E26-491C-8602-D2ADE2D8E17A}
IMinimalScanParameters
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04F8CDB5-1E26-491C-8602-D2ADE2D8E17A}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04F8CDB5-1E26-491C-8602-D2ADE2D8E17A}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04F8CDB5-1E26-491C-8602-D2ADE2D8E17A}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04F8CDB5-1E26-491C-8602-D2ADE2D8E17A}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}
INormalScanParameters
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B471ACFB-E67A-4BE9-A328-F6A906DDDEAA}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC5390D0-3831-4D42-BD1D-8151A5A1742C}
IScanControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC5390D0-3831-4D42-BD1D-8151A5A1742C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC5390D0-3831-4D42-BD1D-8151A5A1742C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC5390D0-3831-4D42-BD1D-8151A5A1742C}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AC5390D0-3831-4D42-BD1D-8151A5A1742C}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}
_IScanControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78E69E6F-EC12-4B84-8431-1D68572C7A61}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}
IScanControllerEventsV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C85F3EB8-B099-4598-89C3-E33BAC2CE53D}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1097B101-1FF8-4DD8-A6C1-6C39FB2EA5D6}
_IScanControllerEventsV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1097B101-1FF8-4DD8-A6C1-6C39FB2EA5D6}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1097B101-1FF8-4DD8-A6C1-6C39FB2EA5D6}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1097B101-1FF8-4DD8-A6C1-6C39FB2EA5D6}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1097B101-1FF8-4DD8-A6C1-6C39FB2EA5D6}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483}
IScanControllerEventsV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81541635-736E-4460-81AA-86118F313CD5}
_IScanControllerEventsV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81541635-736E-4460-81AA-86118F313CD5}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81541635-736E-4460-81AA-86118F313CD5}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81541635-736E-4460-81AA-86118F313CD5}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81541635-736E-4460-81AA-86118F313CD5}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}
IScanControllerEventsV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CFA1689-38D3-4AE9-B1E8-B039EB7AD988}\TypeLib
{F5BCAC7E-75E7-4971-B3F3-B197A510F495}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CFA1689-38D3-4AE9-B1E8-B039EB7AD988}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}
ICloudControllerV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}\TypeLib
{F5BCAC7E-75E7-4971-B3F3-B197A510F495}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7F95C137-46FC-42FB-A66A-F0482F3C749C}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}
ICloudControllerV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}\TypeLib
{F5BCAC7E-75E7-4971-B3F3-B197A510F495}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0CEAFA7-4F65-418C-8A61-92B2048115EE}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{172ABF99-1426-47CA-895B-092E23728E8A}
ICloudControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{172ABF99-1426-47CA-895B-092E23728E8A}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{172ABF99-1426-47CA-895B-092E23728E8A}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{172ABF99-1426-47CA-895B-092E23728E8A}\TypeLib
{F5BCAC7E-75E7-4971-B3F3-B197A510F495}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{172ABF99-1426-47CA-895B-092E23728E8A}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}
_ICloudControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}\TypeLib
{F5BCAC7E-75E7-4971-B3F3-B197A510F495}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66328184-6592-46BE-B950-4FDA4417DF2E}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}\1.0
CleanControllerCOMLib
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}\1.0\FLAGS
0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}\1.0\0\win32
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe\5
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}\1.0\HELPDIR
C:\Program Files\Malwarebytes\Anti-Malware
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}
ILinkerEventHandler
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA6C70E7-6A6D-4F4A-99BF-C8B375CB7E0C}
ILinker
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA6C70E7-6A6D-4F4A-99BF-C8B375CB7E0C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA6C70E7-6A6D-4F4A-99BF-C8B375CB7E0C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA6C70E7-6A6D-4F4A-99BF-C8B375CB7E0C}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FA6C70E7-6A6D-4F4A-99BF-C8B375CB7E0C}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}
ICleanController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1691A7E8-B8D1-46D5-BB29-3A4DB2D809C6}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}
ICleanControllerV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}
ICleanControllerV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0101B90-FD0B-40CF-90E4-33650F09A80F}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3641B831-731C-4963-B50B-D84902285C26}
ICleanControllerV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3641B831-731C-4963-B50B-D84902285C26}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3641B831-731C-4963-B50B-D84902285C26}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3641B831-731C-4963-B50B-D84902285C26}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3641B831-731C-4963-B50B-D84902285C26}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3822FA-CCD5-4934-AB6D-3382B2F91DB9}
ICleanControllerV5
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3822FA-CCD5-4934-AB6D-3382B2F91DB9}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3822FA-CCD5-4934-AB6D-3382B2F91DB9}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3822FA-CCD5-4934-AB6D-3382B2F91DB9}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4F3822FA-CCD5-4934-AB6D-3382B2F91DB9}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}
ICleanControllerV6
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}
_IScanControllerEventsV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ADA09B8D-A536-4429-8331-49808442D24B}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B42C782-9650-4EFF-9618-91118DF96061}
IScanControllerEventsV5
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B42C782-9650-4EFF-9618-91118DF96061}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B42C782-9650-4EFF-9618-91118DF96061}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B42C782-9650-4EFF-9618-91118DF96061}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3B42C782-9650-4EFF-9618-91118DF96061}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}
_IScanControllerEventsV5
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\TypeLib
{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3E3D4AC2-A9AE-478A-91EE-79C35D3CA8C7}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}\1.0
CloudControllerCOMLib
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}\1.0\FLAGS
0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}\1.0\0\win32
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe\4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F5BCAC7E-75E7-4971-B3F3-B197A510F495}\1.0\HELPDIR
C:\Program Files\Malwarebytes\Anti-Malware
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CFA1689-38D3-4AE9-B1E8-B039EB7AD988}
ICloudController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CFA1689-38D3-4AE9-B1E8-B039EB7AD988}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9CFA1689-38D3-4AE9-B1E8-B039EB7AD988}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8D488C7C-023D-4561-B377-DD9FB7124326}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81701AB9-0B9C-49FE-9C79-C3C4DCA91E7B}
ICleanControllerV7
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81701AB9-0B9C-49FE-9C79-C3C4DCA91E7B}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81701AB9-0B9C-49FE-9C79-C3C4DCA91E7B}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81701AB9-0B9C-49FE-9C79-C3C4DCA91E7B}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{81701AB9-0B9C-49FE-9C79-C3C4DCA91E7B}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A82D6A8-59F8-4B47-BBD0-8F5E5DBB3C7D}
ICleanControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A82D6A8-59F8-4B47-BBD0-8F5E5DBB3C7D}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A82D6A8-59F8-4B47-BBD0-8F5E5DBB3C7D}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A82D6A8-59F8-4B47-BBD0-8F5E5DBB3C7D}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A82D6A8-59F8-4B47-BBD0-8F5E5DBB3C7D}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F12E228B-821D-4093-B2E0-7F3E169A925A}
_ICleanControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F12E228B-821D-4093-B2E0-7F3E169A925A}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F12E228B-821D-4093-B2E0-7F3E169A925A}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F12E228B-821D-4093-B2E0-7F3E169A925A}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F12E228B-821D-4093-B2E0-7F3E169A925A}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFFF19F6-ECFE-446D-ACAD-8DC525DA2563}
ICleanControllerEventsV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFFF19F6-ECFE-446D-ACAD-8DC525DA2563}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFFF19F6-ECFE-446D-ACAD-8DC525DA2563}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFFF19F6-ECFE-446D-ACAD-8DC525DA2563}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFFF19F6-ECFE-446D-ACAD-8DC525DA2563}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63A6AB57-4679-4529-B78D-143547B22799}
_ICleanControllerEventsV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63A6AB57-4679-4529-B78D-143547B22799}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63A6AB57-4679-4529-B78D-143547B22799}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63A6AB57-4679-4529-B78D-143547B22799}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63A6AB57-4679-4529-B78D-143547B22799}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55D0C28B-2BF3-4230-B48D-DB2C2D7BF6F8}
ICleanControllerEventsV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55D0C28B-2BF3-4230-B48D-DB2C2D7BF6F8}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55D0C28B-2BF3-4230-B48D-DB2C2D7BF6F8}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55D0C28B-2BF3-4230-B48D-DB2C2D7BF6F8}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55D0C28B-2BF3-4230-B48D-DB2C2D7BF6F8}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3}
_ICleanControllerEventsV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B14402F-4F35-443E-A34E-0F511098C644}
ICleanControllerEventsV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B14402F-4F35-443E-A34E-0F511098C644}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B14402F-4F35-443E-A34E-0F511098C644}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B14402F-4F35-443E-A34E-0F511098C644}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0B14402F-4F35-443E-A34E-0F511098C644}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}
_ICleanControllerEventsV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\TypeLib
{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{983849D5-BFE9-43E9-A9A0-CBAFBC917F39}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}\1.0
TelemetryControllerCOMLib
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}\1.0\FLAGS
0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}\1.0\0\win32
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe\6
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{226C1698-A075-4315-BB5D-9C164A96ACE7}\1.0\HELPDIR
C:\Program Files\Malwarebytes\Anti-Malware
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}
IExploitRecord
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\TypeLib
{226C1698-A075-4315-BB5D-9C164A96ACE7}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E0987E3-3699-4C92-8E76-CAEDA00FA44C}
ITelemetryController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E0987E3-3699-4C92-8E76-CAEDA00FA44C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E0987E3-3699-4C92-8E76-CAEDA00FA44C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E0987E3-3699-4C92-8E76-CAEDA00FA44C}\TypeLib
{226C1698-A075-4315-BB5D-9C164A96ACE7}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E0987E3-3699-4C92-8E76-CAEDA00FA44C}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAD5232C-6E05-4458-9709-0B4DCB22EA09}
ITelemetryControllerV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAD5232C-6E05-4458-9709-0B4DCB22EA09}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAD5232C-6E05-4458-9709-0B4DCB22EA09}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAD5232C-6E05-4458-9709-0B4DCB22EA09}\TypeLib
{226C1698-A075-4315-BB5D-9C164A96ACE7}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAD5232C-6E05-4458-9709-0B4DCB22EA09}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}
ITelemetryControllerV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\TypeLib
{226C1698-A075-4315-BB5D-9C164A96ACE7}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{993A5C11-A9B8-41E9-9088-C5182B1F279A}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC4D9C86-78F2-435F-8355-5328509E04F1}
ITelemetryControllerV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC4D9C86-78F2-435F-8355-5328509E04F1}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC4D9C86-78F2-435F-8355-5328509E04F1}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC4D9C86-78F2-435F-8355-5328509E04F1}\TypeLib
{226C1698-A075-4315-BB5D-9C164A96ACE7}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CC4D9C86-78F2-435F-8355-5328509E04F1}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}
ITelemetryControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\TypeLib
{226C1698-A075-4315-BB5D-9C164A96ACE7}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3DCF0F42-EF8F-4450-BA68-42B61F594B2F}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E3F0FEC-3E40-4137-8C7D-090AFA9B6C5E}
_ITelemetryControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E3F0FEC-3E40-4137-8C7D-090AFA9B6C5E}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E3F0FEC-3E40-4137-8C7D-090AFA9B6C5E}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E3F0FEC-3E40-4137-8C7D-090AFA9B6C5E}\TypeLib
{226C1698-A075-4315-BB5D-9C164A96ACE7}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E3F0FEC-3E40-4137-8C7D-090AFA9B6C5E}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}\1.0
LicenseControllerCOMLib
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}\1.0\FLAGS
0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}\1.0\0\win32
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe\7
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}\1.0\HELPDIR
C:\Program Files\Malwarebytes\Anti-Malware
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8307A4A5-A025-438B-B23B-8EE38A453D54}
ILicenseController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8307A4A5-A025-438B-B23B-8EE38A453D54}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8307A4A5-A025-438B-B23B-8EE38A453D54}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8307A4A5-A025-438B-B23B-8EE38A453D54}\TypeLib
{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8307A4A5-A025-438B-B23B-8EE38A453D54}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28}
ILicenseControllerV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28}\TypeLib
{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8ED8EAAB-1FA5-48D4-ACD4-32645776BA28}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E404A3-4E3F-4094-AE06-5E38D39B79AE}
ILicenseControllerV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E404A3-4E3F-4094-AE06-5E38D39B79AE}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E404A3-4E3F-4094-AE06-5E38D39B79AE}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E404A3-4E3F-4094-AE06-5E38D39B79AE}\TypeLib
{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C2E404A3-4E3F-4094-AE06-5E38D39B79AE}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}
ILicenseControllerV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\TypeLib
{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A7FB145-B72D-466E-A3AC-21599BBE9E8C}
ILicenseControllerV5
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A7FB145-B72D-466E-A3AC-21599BBE9E8C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A7FB145-B72D-466E-A3AC-21599BBE9E8C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A7FB145-B72D-466E-A3AC-21599BBE9E8C}\TypeLib
{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3A7FB145-B72D-466E-A3AC-21599BBE9E8C}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B44D50B8-E459-4078-9249-3763459B2676}
ILicenseControllerV6
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B44D50B8-E459-4078-9249-3763459B2676}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B44D50B8-E459-4078-9249-3763459B2676}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B44D50B8-E459-4078-9249-3763459B2676}\TypeLib
{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B44D50B8-E459-4078-9249-3763459B2676}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90F4450A-B7B2-417C-8ABB-BBD1BDFBFC27}
ILicenseControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90F4450A-B7B2-417C-8ABB-BBD1BDFBFC27}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90F4450A-B7B2-417C-8ABB-BBD1BDFBFC27}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90F4450A-B7B2-417C-8ABB-BBD1BDFBFC27}\TypeLib
{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{90F4450A-B7B2-417C-8ABB-BBD1BDFBFC27}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA}
_ILicenseControllerEvents
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA}\ProxyStubClsid
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA}\ProxyStubClsid32
{00020420-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA}\TypeLib
{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5201562-332D-4385-87E7-2BB41B1694AA}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}\1.0
MWACControllerCOMLib
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}\1.0\FLAGS
0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}\1.0\0\win32
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe\8
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{49F6AC60-2104-42C6-8F71-B3916D5AA732}\1.0\HELPDIR
C:\Program Files\Malwarebytes\Anti-Malware
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9F73DD6-F2A4-40F8-9109-67F6BB8D3704}
IMWACController
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9F73DD6-F2A4-40F8-9109-67F6BB8D3704}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9F73DD6-F2A4-40F8-9109-67F6BB8D3704}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9F73DD6-F2A4-40F8-9109-67F6BB8D3704}\TypeLib
{49F6AC60-2104-42C6-8F71-B3916D5AA732}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B9F73DD6-F2A4-40F8-9109-67F6BB8D3704}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EC225D5-FD37-4F9B-B80F-09FAE36103AE}
IMWACControllerV2
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EC225D5-FD37-4F9B-B80F-09FAE36103AE}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EC225D5-FD37-4F9B-B80F-09FAE36103AE}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EC225D5-FD37-4F9B-B80F-09FAE36103AE}\TypeLib
{49F6AC60-2104-42C6-8F71-B3916D5AA732}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EC225D5-FD37-4F9B-B80F-09FAE36103AE}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1F1EB48-7803-4D84-B07F-255FE87083F4}
IMWACControllerV3
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1F1EB48-7803-4D84-B07F-255FE87083F4}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1F1EB48-7803-4D84-B07F-255FE87083F4}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1F1EB48-7803-4D84-B07F-255FE87083F4}\TypeLib
{49F6AC60-2104-42C6-8F71-B3916D5AA732}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B1F1EB48-7803-4D84-B07F-255FE87083F4}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C}
IMWACControllerV4
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C}\ProxyStubClsid32
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C}\TypeLib
{49F6AC60-2104-42C6-8F71-B3916D5AA732}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DD3CFEBD-3B8E-4651-BB7C-537D1F03E59C}\TypeLib
Version
1.0
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9704115C-F54E-4D64-8554-0CAF8BF33B1B}
IMWACControllerV5
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9704115C-F54E-4D64-8554-0CAF8BF33B1B}\ProxyStubClsid
{00020424-0000-0000-C000-000000000046}
1972
mbamservice.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9704115