What is MBSetup-106724.106724.exe?
MBSetup-106724.106724.exe is part of Malwarebytes and developed by Malwarebytes according to the MBSetup-106724.106724.exe version information.
MBSetup-106724.106724.exe's description is "Malwarebytes"
MBSetup-106724.106724.exe is digitally signed by Malwarebytes Inc.
MBSetup-106724.106724.exe is usually located in the 'C:\Program Files\Malwarebytes\Anti-Malware\' folder.
Some of the anti-virus scanners at VirusTotal detected MBSetup-106724.106724.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on MBSetup-106724.106724.exe:
| Property | Value |
|---|---|
| Product name | Malwarebytes |
| Company name | Malwarebytes |
| File description | Malwarebytes |
| Internal name | MBSetup.exe |
| Original filename | MBSetup.exe |
| Legal copyright | Copyright (C) 2017 - 2019 Malwarebytes, Inc. All rights reserved. |
| Product version | 4.0.0.108 |
| File version | 4.0.0.108 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | Malwarebytes |
| Company name | Malwarebytes |
| File description | Malwarebytes |
| Internal name | MBSetup.exe |
| Original filename | MBSetup.exe |
| Legal copyright | Copyright (C) 2017 - 2019 Malwarebyt.. |
| Product version | 4.0.0.108 |
| File version | 4.0.0.108 |
Digital signatures [?]
MBSetup-106724.106724.exe has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | Malwarebytes Inc |
| Certificate issuer name | DigiCert Assured ID Code Signing CA-1 |
| Certificate serial number | 08a2ec4e78a09e174b192e5535984b59 |
VirusTotal report
1 of the 69 anti-virus programs at VirusTotal detected the MBSetup-106724.106724.exe file. That's a 1% detection rate.
| Scanner | Detection Name |
|---|---|
| Jiangmin | Trojan.Agent.bvko |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\mbsetup.log"
],
"dll_loaded": [
"kernel32",
"C:\\Windows\\syswow64\\MSCTF.dll",
"kernel32.dll",
"UxTheme.dll",
"OLEAUT32.DLL",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"ole32.dll",
"comctl32.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\mbsetup.log",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MPlayer2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Mozilla Firefox 60.0.2 (x86 sv-SE)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MozillaMaintenanceService",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DXM_Runtime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\{0398A685-FD8D-46B3-9816-C47319B0CF5f}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\b9dc6dafb81bcc3edf2c89f9b8d72d3060964ee32e173d59d60ebf559fec7a82.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\mbsetup.log"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Program Files (x86)"
],
"mutex": [
"C__Users_cuck_AppData_Local_Temp_b9dc6dafb81bcc3edf2c89f9b8d72d3060964ee32e173d59d60ebf559fec7a82.bin"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MPlayer2\\DisplayName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MozillaMaintenanceService\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent\\DisplayName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook\\DisplayName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\{0398A685-FD8D-46B3-9816-C47319B0CF5f}\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DXM_Runtime\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack\\DisplayName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
]
}Dropped
[
{
"yara": [],
"sha1": "e78aff08897b685495f37940c4803f89fadd1f1f",
"name": "35c56af4033f80ca_mbsetup.log",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\mbsetup.log",
"type": "ASCII text, with CRLF line terminators",
"sha256": "35c56af4033f80ca080bfed59d3cb7564f649307a80f2e31a7f6c06df8983c3a",
"urls": [],
"crc32": "26DE31A8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/4356\/files\/35c56af4033f80ca_mbsetup.log",
"ssdeep": null,
"size": 750,
"sha512": "8c3ae9147ecc4fb318414f3eb607f1a35d8c90cb103f28f82d0473cccae1ece6b1e39a4baace6b4de18dda029b7e8ace21651c9d18d3530372b1c315915d3702",
"pids": [
2660
],
"md5": "a4166dea5d87fa8800fd9a9c8e09d591"
}
]Generic
[
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1576655586.328125,
"ppid": 376
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\b9dc6dafb81bcc3edf2c89f9b8d72d3060964ee32e173d59d60ebf559fec7a82.bin",
"process_name": "b9dc6dafb81bcc3edf2c89f9b8d72d3060964ee32e173d59d60ebf559fec7a82.bin",
"pid": 2660,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\mbsetup.log"
],
"dll_loaded": [
"kernel32",
"C:\\Windows\\syswow64\\MSCTF.dll",
"kernel32.dll",
"UxTheme.dll",
"OLEAUT32.DLL",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"ole32.dll",
"comctl32.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\mbsetup.log",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MPlayer2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Mozilla Firefox 60.0.2 (x86 sv-SE)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MozillaMaintenanceService",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DXM_Runtime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\{0398A685-FD8D-46B3-9816-C47319B0CF5f}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\b9dc6dafb81bcc3edf2c89f9b8d72d3060964ee32e173d59d60ebf559fec7a82.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\mbsetup.log"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Program Files (x86)"
],
"mutex": [
"C__Users_cuck_AppData_Local_Temp_b9dc6dafb81bcc3edf2c89f9b8d72d3060964ee32e173d59d60ebf559fec7a82.bin"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MPlayer2\\DisplayName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MozillaMaintenanceService\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent\\DisplayName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook\\DisplayName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\{0398A685-FD8D-46B3-9816-C47319B0CF5f}\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DXM_Runtime\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack\\DisplayName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
]
},
"first_seen": 1576655586.578125,
"ppid": 1624
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "d:\\jenkins\\workspace\\A_MB4_MBSetup\\bin\\Win32\\Release\\MBSetup.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "The file contains an unknown PE resource name possibly indicative of a packer",
"severity": 1,
"marks": [
{
"category": "resource name",
"ioc": "RESOURCEFILE",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_unknown_resource_name"
},
{
"markcount": 100,
"families": [],
"description": "Foreign language identified in PE resource",
"severity": 2,
"marks": [
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
},
{
"name": "RT_STRING",
"language": "LANG_CHINESE",
"offset": "0x001c2770",
"filetype": "data",
"sublanguage": "*unknown*",
"type": "generic",
"size": "0x00000182"
}
],
"references": [],
"name": "origin_langid"
},
{
"markcount": 29,
"families": [],
"description": "Queries for potentially installed applications",
"severity": 2,
"marks": [
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020119",
"base_handle": "0x80000002",
"key_handle": "0x000000d4",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL",
"regkey_r": "SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 165
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook",
"regkey_r": "AddressBook",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 167
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager",
"regkey_r": "Connection Manager",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 171
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx",
"regkey_r": "DirectDrawEx",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 175
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DXM_Runtime",
"regkey_r": "DXM_Runtime",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 179
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore",
"regkey_r": "Fontcore",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 183
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40",
"regkey_r": "IE40",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 187
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data",
"regkey_r": "IE4Data",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 191
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX",
"regkey_r": "IE5BAKEX",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 195
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData",
"regkey_r": "IEData",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 199
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack",
"regkey_r": "MobileOptionPack",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 203
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MozillaMaintenanceService",
"regkey_r": "MozillaMaintenanceService",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 207
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MPlayer2",
"regkey_r": "MPlayer2",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 211
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent",
"regkey_r": "SchedulingAgent",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 215
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC",
"regkey_r": "WIC",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 219
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\{0398A685-FD8D-46B3-9816-C47319B0CF5f}",
"regkey_r": "{0398A685-FD8D-46B3-9816-C47319B0CF5f}",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 223
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020219",
"base_handle": "0x80000002",
"key_handle": "0x000000d4",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL",
"regkey_r": "SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\UNINSTALL",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 228
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\AddressBook",
"regkey_r": "AddressBook",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 230
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Connection Manager",
"regkey_r": "Connection Manager",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 234
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\DirectDrawEx",
"regkey_r": "DirectDrawEx",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 238
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Fontcore",
"regkey_r": "Fontcore",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 242
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE40",
"regkey_r": "IE40",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 246
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE4Data",
"regkey_r": "IE4Data",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 250
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IE5BAKEX",
"regkey_r": "IE5BAKEX",
"options": 0
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 254
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\IEData",
"regkey_r": "IEData",
"options": 0
},
"time": 1576655586.672125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 258
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MobileOptionPack",
"regkey_r": "MobileOptionPack",
"options": 0
},
"time": 1576655586.672125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 262
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Mozilla Firefox 60.0.2 (x86 sv-SE)",
"regkey_r": "Mozilla Firefox 60.0.2 (x86 sv-SE)",
"options": 0
},
"time": 1576655586.672125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 266
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\SchedulingAgent",
"regkey_r": "SchedulingAgent",
"options": 0
},
"time": 1576655586.672125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 270
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegOpenKeyExW",
"return_value": 0,
"arguments": {
"access": "0x00020019",
"base_handle": "0x000000d4",
"key_handle": "0x000000d8",
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\WIC",
"regkey_r": "WIC",
"options": 0
},
"time": 1576655586.672125,
"tid": 2308,
"flags": {}
},
"pid": 2660,
"type": "call",
"cid": 274
}
],
"references": [],
"name": "queries_programs"
},
{
"markcount": 3,
"families": [],
"description": "Collects information about installed applications",
"severity": 3,
"marks": [
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegQueryValueExW",
"return_value": 0,
"arguments": {
"key_handle": "0x000000d8",
"value": "Mozilla Maintenance Service",
"regkey_r": "DisplayName",
"reg_type": 1,
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\MozillaMaintenanceService\\DisplayName"
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {
"reg_type": "REG_SZ"
}
},
"pid": 2660,
"type": "call",
"cid": 208
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegQueryValueExW",
"return_value": 0,
"arguments": {
"key_handle": "0x000000d8",
"value": "Python 2.7.14 (64-bit)",
"regkey_r": "DisplayName",
"reg_type": 1,
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\{0398A685-FD8D-46B3-9816-C47319B0CF5f}\\DisplayName"
},
"time": 1576655586.656125,
"tid": 2308,
"flags": {
"reg_type": "REG_SZ"
}
},
"pid": 2660,
"type": "call",
"cid": 224
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegQueryValueExW",
"return_value": 0,
"arguments": {
"key_handle": "0x000000d8",
"value": "Mozilla Firefox 60.0.2 (x86 sv-SE)",
"regkey_r": "DisplayName",
"reg_type": 1,
"regkey": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\UNINSTALL\\Mozilla Firefox 60.0.2 (x86 sv-SE)\\DisplayName"
},
"time": 1576655586.672125,
"tid": 2308,
"flags": {
"reg_type": "REG_SZ"
}
},
"pid": 2660,
"type": "call",
"cid": 267
}
],
"references": [],
"name": "recon_programs"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.109539985656738,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5342,
"time": 12.110750198364258,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7186,
"time": 6.059545993804932,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7514,
"time": 4.124695062637329,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7842,
"time": 6.067546129226685,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8170,
"time": 4.7430760860443115,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8498,
"time": 2.9409091472625732,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8826,
"time": 4.703641176223755,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28236,
"time": 4.155249118804932,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36620,
"time": 6.156414985656738,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "967afbd559d2a40e9a25fac1f800af71fef703d45a40f486823497db11c6cbe7",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "81f4607e424cff9f38ee319c38adefcd9048339f175b5506b005aa192a229555",
"irc": [],
"https_ex": []
}Screenshots
Filename variants
MBSetup-106724.106724.exe may also use other filenames. The most common variants are listed below:
- mbuns.exe
Folder name variants
MBSetup-106724.106724.exe may also be located in other folders than C:\Program Files\Malwarebytes\Anti-Malware\. The most common variants are listed below:
- c:\users\%USERNAME%\downloads\
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 83caf0b992dd5d57da15fedb067f53ab |
| SHA256 | b9dc6dafb81bcc3edf2c89f9b8d72d3060964ee32e173d59d60ebf559fec7a82 |
Error Messages
These are some of the error messages that can appear related to mbsetup-106724.106724.exe:
mbsetup-106724.106724.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
mbsetup-106724.106724.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
Malwarebytes has stopped working.
End Program - mbsetup-106724.106724.exe. This program is not responding.
mbsetup-106724.106724.exe is not a valid Win32 application.
mbsetup-106724.106724.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with the file?
To help other users, please let us know what you will do with the file:
What did other users do?
The poll result listed below shows what users chose to do with the file. 100% have voted for removal. Based on votes from 5 users.
| Votes | |||
|---|---|---|---|
| Keep | 0 % | 0 | |
| Remove | 100 % | 5 |
NOTE: Please do not use this poll as the only source of input to determine what you will do with the file. Only 5 users has voted so far so it does not offer a high degree of confidence.
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.