06a4bacdae17ad89c8fc93fc4ebf6603ca406e8bcc51f3fd32f700d18436be56

Resubmissions

24-03-2023 19:40

230324-yd146sbb2t 8

Analysis

max time kernel
121s
max time network
153s
platform
windows10-1703_x64
resource
win10-20230220-es
resource tags

arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
24-03-2023 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MBSetup.exe
Size

2.5MB
MD5

1ed0d8b2214a5d067d5422145689f747
SHA1

e671419cc7957c1118b9bb84251a40c03351f07f
SHA256

06a4bacdae17ad89c8fc93fc4ebf6603ca406e8bcc51f3fd32f700d18436be56
SHA512

e2a686efcb1bcda6b55c5d10654124fc2b27c426a979929a1e9de171794745abc9f0cd9dbd302a4e02d95269c7abee5dd051c1687e8f794da317b3fc4bf665b8
SSDEEP

24576:05mJfwapNdG219GpuNXCtbKoYFYE4XcUaOECcW0wd/ZL8Ug+JwNZgCxiIsCA2flq:0GNd28XOJYFYtcOcW0wxZN2DxiIq2dnq

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Drivers directory 13 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET5290.tmp	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\SET5290.tmp	MBAMService.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET58DA.tmp	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\SET58DA.tmp	MBAMService.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET5DDC.tmp	MBAMService.exe
File opened for modification	C:\Windows\system32\DRIVERS\mwac.sys	MBAMService.exe
File created	C:\Windows\system32\drivers\mbae64.sys	MBAMInstallerService.exe
File created	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe
File opened for modification	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe
File opened for modification	C:\Windows\system32\DRIVERS\mbamswissarmy.sys	MBAMService.exe
File opened for modification	C:\Windows\system32\DRIVERS\MbamChameleon.sys	MBAMService.exe
File created	C:\Windows\system32\DRIVERS\SET5DDC.tmp	MBAMService.exe

Modifies RDP port number used by Windows 1 TTPs

Remote Desktop Protocol
T1076

Sets service image path in registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMChameleon\ImagePath = "\\SystemRoot\\System32\\Drivers\\MbamChameleon.sys"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MBAMSwissArmy\ImagePath = "\\SystemRoot\\System32\\Drivers\\mbamswissarmy.sys"	MBAMService.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBAMService.exe

Executes dropped EXE 3 IoCs

pid	Process
4280	MBAMInstallerService.exe
4944	MBAMService.exe
4488	MBAMService.exe

Loads dropped DLL 27 IoCs

pid	Process
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe
4488	MBAMService.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9D372F21-E6DA-4B82-881A-79F6CA6B6AE1}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EE8A9269-9E6E-4683-BCD3-41E9B16696DC}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8F1C46F8-E697-4175-B240-CDE682A4BA2D}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{36A65E46-6CC1-4CA2-B51E-F4DD8C993DDC}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LOCALSERVER32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F6D29500-933C-447C-9D88-9D814AF73808}\LocalServer32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{17BE78EE-B40A-4B9E-835F-38EC62F9D479}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{03141A2A-5C3A-458E-ABEC-0812AD7FF497}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9DAB0CA5-AE19-41AE-955C-41DD44C52697}\LocalServer32	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DE03E614-112D-43E0-8E15-E7236CC32108}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\mbshlext.dll"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}\InprocServer32\ThreadingModel = "Apartment"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{130CD414-6BFD-4F6C-9362-A2264B222E76}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{376BE474-56D4-4177-BB4E-5610156F36C8}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\S:	MBAMService.exe
File opened (read-only)	\??\W:	MBAMService.exe
File opened (read-only)	\??\A:	MBAMService.exe
File opened (read-only)	\??\I:	MBAMService.exe
File opened (read-only)	\??\P:	MBAMService.exe
File opened (read-only)	\??\R:	MBAMService.exe
File opened (read-only)	\??\V:	MBAMService.exe
File opened (read-only)	\??\E:	MBAMService.exe
File opened (read-only)	\??\L:	MBAMService.exe
File opened (read-only)	\??\N:	MBAMService.exe
File opened (read-only)	\??\Q:	MBAMService.exe
File opened (read-only)	\??\X:	MBAMService.exe
File opened (read-only)	\??\F:	MBAMService.exe
File opened (read-only)	\??\K:	MBAMService.exe
File opened (read-only)	\??\O:	MBAMService.exe
File opened (read-only)	\??\T:	MBAMService.exe
File opened (read-only)	\??\M:	MBAMService.exe
File opened (read-only)	\??\U:	MBAMService.exe
File opened (read-only)	\??\Y:	MBAMService.exe
File opened (read-only)	\??\Z:	MBAMService.exe
File opened (read-only)	\??\B:	MBAMService.exe
File opened (read-only)	\??\G:	MBAMService.exe
File opened (read-only)	\??\H:	MBAMService.exe
File opened (read-only)	\??\J:	MBAMService.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	MBAMService.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	MBAMService.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\[email protected]	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\SwitchStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Switch.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\ToolSeparator.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\ToolTip.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-debug-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\CircularGaugeStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\PageIndicator.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\ToolSeparator.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-utility-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\WidgetColorDialog.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Qt5QuickWidgets.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\Label.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\PieMenu.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\plugins.qmltypes	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQml\plugins.qmltypes	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\TableViewItemDelegateLoader.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\ProgressBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\Popup.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Frame.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\RadioButton.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\ProgressBarStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Frame.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\ApplicationWindow.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Menu.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\Private\dialogsprivateplugin.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\crosshairs.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_pt_PT.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\GaugeStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Slider.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\DialogButtonBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\MenuSeparator.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\StackView.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qjpeg.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\qmldir	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\TabBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\ToolBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\qmldir	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\CheckBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\ScrollBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\SwipeDelegate.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-file-l1-2-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtCharts\qmldir	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\scrollbar-handle-horizontal.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\DefaultDialogWrapper.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-process-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\CheckBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\Tumbler.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\XmlListModel\qmlxmllistmodelplugin.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Slider.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Slider.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_cs.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-private-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\BasicButton.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\GroupBoxStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\TabBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Extras\Dial.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\resources\qtwebengine_resources_100p.pak	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\plugins.qmltypes	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\RadioButton.qml	MBAMInstallerService.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ELAMBKUP\MbamElam.sys	MBAMService.exe
File opened for modification	C:\Windows\security\logs\scecomp.log	MBAMService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	MBAMService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	MBAMService.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000"	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	MBAMService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000"	MBAMService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	MBAMInstallerService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000"	MBAMInstallerService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MBAMService.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	MBAMInstallerService.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	certutil.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	certutil.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	certutil.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common	MBAMInstallerService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	MBAMService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\System32\SessEnv.dll,-101 = "Remote Desktop"	certutil.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security	MBAMInstallerService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MBAMService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	MBAMService.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MBAMService.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Malwarebytes\FirstRun = "false"	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Malwarebytes\FirstRun = "false"	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false"	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\MY	MBAMService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\System32\CertCA.dll,-304 = "Endorsement Key Trusted Root Certification Authorities"	certutil.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MBAMService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%systemroot%\system32\wsdapi.dll,-200 = "Trusted Devices"	certutil.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\System32\CertCA.dll,-305 = "Endorsement Key Intermediate Certification Authorities"	certutil.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	MBAMService.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E1AC7139-D1FF-4DE9-84A4-92E2B47F5D2A}\TypeLib	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{08932AD2-C415-4DE8-821D-5AF7A5658483}\ProxyStubClsid32	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{63A6AB57-4679-4529-B78D-143547B22799}\ProxyStubClsid32	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{19E8B60E-50A1-4E29-9138-A13421D2BF7D}\ = "IMWACControllerEventsV8"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{638A43D2-5475-424B-87B8-042109D7768F}\ProxyStubClsid32	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}\1.0\HELPDIR	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B5186B66-AE3D-4EC4-B9F5-67EC478625BE}\TypeLib	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1A173904-D20F-4872-93D5-CBC1336AE0D6}\ProxyStubClsid32	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D2D1C2BC-3427-478E-A903-ADFBCF5711CD}\TypeLib	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{698A4513-65F0-46A3-9633-220A6E4D1D07}	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31BF2366-C6DB-49F1-96A5-8026B9DF4152}	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{02143C0F-1656-4B2E-95E7-EA8178A29E2E}	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A0EB1521-C843-47D5-88D2-5449A2F5F40B}\ = "_IArwControllerEventsV4"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A34647B-D9A8-40D9-B563-F9461E98030E}	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{473BC184-760C-4255-A118-E8064C4EC595}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController.1\CLSID\ = "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB30855D-36DF-41BD-9EEE-03BA7E8E70B7}\ = "IMBAMServiceControllerEvents"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4A0A45F1-CFB6-49A7-BBC4-8776F94857A8}\TypeLib	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{90A62FAD-6FA9-4454-8CEE-7EDF67437226}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D8258E71-3A7A-4D9D-85BB-C7999F95B7E4}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0C4652FC-FA35-4394-A133-F68409776465}	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F81B1882-A388-42E5-9351-05C858E52DDC}	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C7BCC13C-47B9-4DC0-8FC6-B2A489EF60EF}\ = "IScanControllerV4"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B38EDC4F-A2CD-4F76-8607-F123FE4031D5}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F3968E6D-3FD5-4707-A5A8-4E8C3C042062}\TypeLib\Version = "1.0"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D57ACF19-30E3-4B7E-BCDD-6EEB8E57AF27}\ = "ILicenseControllerV4"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3BD2053F-99D1-4C2B-8B45-635183A8F0BF}\ProxyStubClsid32	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C9669A3D-81E8-46F6-A51E-815A0863D612}\TypeLib\Version = "1.0"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FC60FEE4-E373-4962-B548-BA2E06119D54}\TypeLib\ = "{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F12E228B-821D-4093-B2E0-7F3E169A925A}\TypeLib\ = "{A82129F1-32E1-4D79-A39F-EBFEE53A70BF}"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9704115C-F54E-4D64-8554-0CAF8BF33B1B}\ProxyStubClsid32	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E230930A-6CC2-4B9D-8CE1-03F86A8EDA05}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A82D6A8-59F8-4B47-BBD0-8F5E5DBB3C7D}\TypeLib	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D8891F9E-90C4-4B3D-B87B-92DEA9221EBB}\ProxyStubClsid32	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D5599B6B-FA0C-45B5-8309-853B003EA412}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DE35F2CA-6335-49BA-8E86-F6E246CFCEA6}\TypeLib\ = "{C731375E-3199-4C88-8326-9F81D3224DAD}"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5709DEEB-F05E-4D5C-8DC4-3B0D924EE08F}\1.0\0	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E777BB2-8526-437A-BBE2-42647DE2EC86}\TypeLib\Version = "1.0"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{239C7555-993F-4071-9081-D2AE0B590D63}\ = "IScanControllerEventsV6"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EF7DFB76-BA49-4191-8B62-0AC3571C56D7}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A30501F-26D0-4C5F-818A-9F7DFC5F8ABC}\ProxyStubClsid32	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F927AD37-BA5F-4B86-AE22-FE2371B12955}\TypeLib\ = "{C731375E-3199-4C88-8326-9F81D3224DAD}"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{81541635-736E-4460-81AA-86118F313CD5}\TypeLib	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4163399F-AB08-4E5E-BE28-6B9440393AD3}\TypeLib\Version = "1.0"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6ED2B0A1-984E-4A35-9B04-E0EBAFB2842A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4A9108FB-A377-47EC-96E3-3CB8B1FB7272}\ = "IExploitRecord"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{18C5830A-FF78-4172-9DFB-E4016D1C1F31}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EAB53395-8218-47FF-91B7-144994C0AD83}\TypeLib\Version = "1.0"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{566DC5CA-A3C4-4959-AB92-37606E12AAFF}\TypeLib	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{239C7555-993F-4071-9081-D2AE0B590D63}\ = "IScanControllerEventsV6"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{94E6A9DF-4AAB-48E7-8A94-65CA2481D1F6}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EE77988C-B530-4686-8294-F7AB429DFD0C}\ = "ICloudControllerV5"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{81701AB9-0B9C-49FE-9C79-C3C4DCA91E7B}\ProxyStubClsid32	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D81C2A20-D03D-40D4-A371-A499633A2AD3}\ = "_ICleanControllerEventsV3"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{24F9231B-265E-4C66-B10B-D438EF1EB510}	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{17A7CC72-3288-442A-ABE8-F8E049B3BE83}\ = "IUpdateControllerV6"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B9442AA1-AEB8-4FB4-B998-BFBC37BA8A99}\ = "ISPControllerEvents"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BADF77CD-ECCE-4B36-88FF-6A2804FFE307}	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{59E42E77-5F19-4602-A559-3FFA9EE51202}	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00A73BC0-754E-44E1-B190-D59E187A5EA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{81701AB9-0B9C-49FE-9C79-C3C4DCA91E7B}\TypeLib\Version = "1.0"	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{014D0CF7-ACC9-4004-B999-7BDBAAD274B7}\TypeLib	browser_broker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{09F245DA-55E7-451E-BDF3-4EE44637DFF1}	browser_broker.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{929A5C6C-42D7-4248-9533-03C32165691F}\ = "ISPControllerEventsV3"	browser_broker.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe
4280	MBAMInstallerService.exe

Suspicious behavior: LoadsDriver 3 IoCs

pid	Process
636	Process not Found
636	Process not Found
636	Process not Found

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	4944	MBAMService.exe
Token: SeIncBasePriorityPrivilege	4944	MBAMService.exe
Token: 33	4488	MBAMService.exe
Token: SeIncBasePriorityPrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeTakeOwnershipPrivilege	4488	MBAMService.exe
Token: SeTcbPrivilege	4488	MBAMService.exe
Token: SeTcbPrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe
Token: SeRestorePrivilege	4488	MBAMService.exe
Token: SeBackupPrivilege	4488	MBAMService.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 4280 wrote to memory of 4664	4280	MBAMInstallerService.exe	68
PID 4280 wrote to memory of 4664	4280	MBAMInstallerService.exe	68
PID 4280 wrote to memory of 4676	4280	MBAMInstallerService.exe	70
PID 4280 wrote to memory of 4676	4280	MBAMInstallerService.exe	70
PID 4280 wrote to memory of 2024	4280	MBAMInstallerService.exe	72
PID 4280 wrote to memory of 2024	4280	MBAMInstallerService.exe	72
PID 4280 wrote to memory of 4976	4280	MBAMInstallerService.exe	74
PID 4280 wrote to memory of 4976	4280	MBAMInstallerService.exe	74
PID 4280 wrote to memory of 4944	4280	MBAMInstallerService.exe	76
PID 4280 wrote to memory of 4944	4280	MBAMInstallerService.exe	76

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
PID:2248

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4280
- C:\Windows\system32\certutil.exe
  "C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\starfieldrootcag2_new.crt"
  2⤵
  - Modifies data under HKEY_USERS
  PID:4664
- C:\Windows\system32\certutil.exe
  "C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\msrootca2020.crt"
  2⤵
  PID:4676
- C:\Windows\system32\certutil.exe
  "C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\SectigoRootCA.crt"
  2⤵
  - Modifies data under HKEY_USERS
  PID:2024
- C:\Windows\system32\certutil.exe
  "C:\Windows\system32\certutil.exe" -f -addstore root "C:\Windows\TEMP\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\starfieldClass2CA.crt"
  2⤵
  - Modifies data under HKEY_USERS
  PID:4976
- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Registers COM server for autorun
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:4944

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
1⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4488
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
  ig.exe reseed
  2⤵
  PID:4712
- C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe
  ig.exe reseed
  2⤵
  PID:4228
- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
  2⤵
  PID:3744

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5032

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:4944

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3724

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2140

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:704

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Remote Desktop Protocol

T1076

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll

Filesize
1.7MB

MD5
461faf68ccc02b0223fd273b630f21fe

SHA1
363b8beaa74f0f454c2d544ace9e71a84bc2b4cf

SHA256
cb07f3f461e9c267831b1ab93af6dfda1bb51d72e42d73d00d26594f09326be1

SHA512
4b671f48e45fdedf50c7f7bb6c8d82a3b98f7502006eb002aaf8ff31f25f9ff1257c7bcc12caf622e43d4ec665b19d978ae3e3762f76def0bc71485ebdb8426f

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll

Filesize
5.0MB

MD5
1eff53d95ecaf6bbfffe80d866d8e1dd

SHA1
d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f

SHA256
6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac

SHA512
c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ActionsShim.dll

Filesize
2.5MB

MD5
e7a4bb8fa34bc5ae8b84bf15442da99c

SHA1
26e6d20876f01faa32a7a846c12dd35c695d55b6

SHA256
9ed946c62c7801779822a83d9126257f6426af381a42ce29d5a3c49c774fc141

SHA512
10b007f132cdaa7ea2e75281cd7767b59fd61335d28bc55b778e05479ac993e3578ba1370fe1ce6bf35d271ca970346d5f8cd13637f59fb1fa01c8a6345727b1

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll

Filesize
5.8MB

MD5
1ed53171d00f440f29a12f9beb84dac4

SHA1
4d9a1e3579b0999f1ab2fa818b588411e9ee920c

SHA256
e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e

SHA512
17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll

Filesize
6.9MB

MD5
ef3e4c2c617164e495bbc0ec13890ca9

SHA1
f384c1892e00720ccb97a921d556654d730f1d3e

SHA256
7fa7d2d0618f46d50d36401f76d0314c72096ebd003d365d8df2b488bf02103b

SHA512
54f56aedaccf3bade0ec4601a86d23b8110702562be0a2fe2ce18aed09793eb0e7290215b3267e3e2c57dac850f446b10fd3a5e3c81e11508f1a70224366a51f

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll

Filesize
4.8MB

MD5
3cad89a85ae704b4e264a03dcbf1de8f

SHA1
aacc5111236b95b9044f3228c961345ead3ee5c2

SHA256
1f56f70c09fb6b6c92795dedbcfa0626ec29383d53166ef0f179e86a46b33b56

SHA512
4efbb0b81392378cd143e1526d94b39434306e7354dbd6326bceb37cc3919f2b84d4ec08b378a35b44a2f93b660623f9112a36f4fb745f34327f9fda8f0e84d2

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll

Filesize
4.4MB

MD5
b7a9a7b44b82e954c1b77e7b7f71ee66

SHA1
02f3eabef778d5641eea89d318268e79949da7c6

SHA256
ba97bf9a2a0c454dbd965ef7b6c12f582d49391d5297fe2ef4a94bb13d2d472e

SHA512
524dee007193cc13ee81e9734564e8a121715f7ecb27d113eb7d8265b7562ab60237aa64c556a819239ee9b4abdc8523a57ca666bdd48de82eca79efba771bc5

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll

Filesize
6.3MB

MD5
888b794737cd78e918486cd2a4116c65

SHA1
335aa063439ee8c2242591dd4cfe6c9bc28531fe

SHA256
2194ea4af98e6ba23e14ac60860a6c727f4694a9d904025288997ad05f0859bc

SHA512
f6a15dc86a89adcbf9ea6b96eb7d5671a2077696ef4cacf88c36d7c73c5f28d96f4a257ae8672981a24907e0583bb15c01dfe09ee1ac5837ffa693d5668dbbeb

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMShim.dll

Filesize
3.0MB

MD5
f44b6c80c46c4cf3071b5f5b916e1271

SHA1
839f2238ecbbfa80ebf9c1f77eafc78204b58761

SHA256
732523df43358729d5e85cceb557d69016dcdd3e2238d903c33c5327c3131fae

SHA512
99be164ae96bc4f93dc896d5df445ad1c2f023f10605a8c9857d7ebedfc5b070f50cd33b401d61003e601a06b8446e6c0b5dbddda4927a2e1352407d3b266942

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

Filesize
4.1MB

MD5
c447ffc8af4633daf687e0a943061a60

SHA1
2f0a1854d75a82929dcff5308befe3b83439259b

SHA256
c01804c902c5532517fa0ceadc91beed01d5ac67adf062b7ce7eaba8272c40bc

SHA512
e0d650c35a46063d0e3870e1888d95827050e7792391b8c6ba4b5cd0cf2501cf0eb3aeb1c4a9f524467b6efcc4cb44c8816ba91aa09858c3594d8334a3eb2edf

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll

Filesize
5.7MB

MD5
a340fa4ce6b8a5e22dfe5348752138c8

SHA1
4cd995cce3194b43a5e2f12f032eb5cad88fc3c5

SHA256
250f17aad7e80a1b33b79b1e95cdae26d6be6f1c27dc9aaba1b6d8f346393b8a

SHA512
bc72a19624042b1a3f6f873ec193c890a12fbb85111b60399e5b3c9584a752c9c38b637fc37b5a7a968dcedaf804b299ee2156726aa7462bc940154d3654feff

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SwissarmyShim.dll

Filesize
2.6MB

MD5
89a38afcfa758e3298609c6c51929593

SHA1
2df1ee30adc92bd995526e41fd9c823354de30b4

SHA256
4795576483af0c136a71dcee87a0ffb54f0869cae6395ac2ff8312bf555e7161

SHA512
cceaed0b9a7517aebd739a377c7bd8987b9ac357be2bf987dbae31d59f2121c5bb9a9bfa2c70a9a54ad65546ef23903176dd6328d93408cb5c991257d59e2717

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll

Filesize
5.3MB

MD5
a6b7865089133607d9fe66617abcebea

SHA1
e7d887a75fd48945d3f56b5635bae822ad5c7a1c

SHA256
f1f1958fbd3ecc0b61f1be129025dfc59112c09b146299caca61bd6f552c0355

SHA512
3c0638229b90fd4d4ecfbdac89a467d514824e57f1d40f68c5009051a48cc53a0f2f5712aeb530ed6aa9b855272590563c95738abf768f46bdc332806e6d7792

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll

Filesize
4.4MB

MD5
d0b204fb32962798ebd9ab0ad336a83c

SHA1
f281b35553afa236a214b910c537ecad0e3bacea

SHA256
627db74adff5407a074e94997cb724434478801607c972ff2afdf10d4928bb98

SHA512
5d3aa0851b7479d3c6d092052fa8271cb335f54ccac526a01c64745c222f906b6a5ece2fb6637e6dee878cf76af3ad89e0eb7e7686a7061c134a9e8e6d0d3eac

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

Filesize
1.8MB

MD5
f4bcae29120428ab0d1b72acc375d7fe

SHA1
0970f103d74c634a91afd69388ab692f2df4819a

SHA256
f6e63c104b5a3714a035d2272e4663b0d9599c405bb31e7f9e7e108205707d4a

SHA512
078c4a5a15882ad74eaae3539bb787f28a5b3bb18e8b3a33bf44cfaf98d7dae05bf73245193ad2d3075686b6405c25a6cecdad3d6bb36ffa8b3da5812ae675b0

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat

Filesize
75B

MD5
3dbc849096376d7e21fce2799aefcdb0

SHA1
f37319de3bfbd2cd2a3610ceb4f988a55fe30f78

SHA256
aa345d1586d8f0723f230c1b85bbdceb930d3fab54e2e41010a24e27944c0e08

SHA512
3587d7093e5dcdedd806527d8b84a3cea523965fb8502c6be8d30ae5c5d71d217c00a21f937c6168e945172aab951ddebaff51d3d9e7436446fad9c8c20752e0

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sample.dll

Filesize
528KB

MD5
f712ebc5aa4cc78b7f1a0c8810ce7db4

SHA1
48899721fbcd93b7d5440ce269b7777a62582eab

SHA256
46d6f6dad272240bcdcfc0d5c42f88a2784a5ebf31bb284555cf260b21e8a4d1

SHA512
20ea70c3b4e3cdd3727207b9b13e54332bee15ca18cde5228c7f93982310d77e5f6ebccd1a8251ad4d8cbf9ac6646bf7f5856f1c82d3b3ef2390fa779ec06017

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\version.dat

Filesize
47B

MD5
082aec627690f2b7c3250079986161cb

SHA1
f2067a2cdafd2f4ca4510948a1ff01d10bce4013

SHA256
0fa31ea8118e8bb6a7511ae22b851bd182cbe0accb89babf08102f3af6688a8e

SHA512
787c179833d1118c47f909a39386713a7b32cf6cc920fcf459bd9074cf0291365060cf28fcfad4bdd00e33598a888e615f763a349fe8c6dbda60bb459a5d6cc0

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nm

Filesize
316KB

MD5
0419253ecf2d3f747230052346b8068e

SHA1
40f8ad3991864f5f9674d1917962f5e61259c0e9

SHA256
52fe40890d961776aa67b53b806cc475d406d3f7aaf694283592b9f7416b896a

SHA512
ea1aa639fee0b63014473819878a0c276de2c2c52c911e889a63825e852722ee2f1e1a2a8dabd73ace070355a68c84ad52cf630778f8d0a9e6c7894b23954742

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr

Filesize
24.9MB

MD5
fa198354309db986ef4ffcf14ffa6b68

SHA1
ffcbe260333a33797a9d95e5a769fa6fb5395486

SHA256
a685128aa6f554b2904dc0c4f96ff2f347f6166af74606b519a5db437a719937

SHA512
0455a64dd0aec6059da1c20d32c19b15e18fa11722f12bb3d39983bfabfdc6c0836cb5cdb4c4dc606ccf69ebf091e499b45e53aaa75f8b314dd6c286b8abde18

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.bin

Filesize
639B

MD5
544a36063346eeb1e751030008a9f7e3

SHA1
b5c44a037d16bfd5cfe0e6ba9cb770111b3aac82

SHA256
33a822063dc53b5a693b5920f6a14bf4c9c1905c08b3257b7621c9f0c41d39d6

SHA512
fb86ef1c271d10da364654b244253a4492b8331d69e2a71479671a44f613b88a72822b5a849159b63b7b28c7cbe0c6b7ed35f82cf749a598b23676fae70f279c

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb

Filesize
10KB

MD5
b08f5c57848e38686fc3ea0214124e8c

SHA1
13b1fb16ac11decdaa6aadf702c29bb176076fe8

SHA256
9f526f72efc6115306277c70bb16f86112c35187e22291c2f23e0cebffc4e9a0

SHA512
b24ebcd09028995bf56ea9f1f8223fc3c4a8b26cb2d49c624b20373cdd439243d5b8663a058780f5a553274b5ecaacc0b817bf3b2b2bc156bb925e2062425597

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat

Filesize
924B

MD5
6d63788598b6799f43f2481b11378a7f

SHA1
71172286e24c52f9c8404fe4361805c1cb6d7f96

SHA256
01ee194e4fc136e29de7163ca0a0d284438cd17f4242309d66573974ba021f35

SHA512
e2c98f9d1d00850370116e9c8f81a41d68eb62b2827314ca5640a5df0b6a84cf159c064162f812236a6111d72f933437a1023544ed3997046cd17781b367dc6b

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat

Filesize
39KB

MD5
10f23e7c8c791b91c86cd966d67b7bc7

SHA1
3f596093b2bc33f7a2554818f8e41adbbd101961

SHA256
008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

SHA512
2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt

Filesize
23KB

MD5
aef4eca7ee01bb1a146751c4d0510d2d

SHA1
5cf2273da41147126e5e1eabd3182f19304eea25

SHA256
9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

SHA512
d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat

Filesize
514B

MD5
657f15737037bd6c03931005448a380e

SHA1
8dd75e2f418c03e99767c901ae1cef7eb95abd39

SHA256
490c29b25466d69b6941d97bad13e9f416ffd5b7ba707e64c2a15bace47b83e5

SHA512
657fe672f77ff3f58beda233fc48e255b3c6e645c521559d194033778a53cf4b4fe52d4165fc2ab38d3c8cfefc1e1c321c2777fb96976c0ef56ea8c2eea6a7f2

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb

Filesize
24B

MD5
546d9e30eadad8b22f5b3ffa875144bf

SHA1
3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

SHA256
6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

SHA512
3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb

Filesize
24B

MD5
2f7423ca7c6a0f1339980f3c8c7de9f8

SHA1
102c77faa28885354cfe6725d987bc23bc7108ba

SHA256
850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

SHA512
e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb

Filesize
21.7MB

MD5
417b58d7fc33727e30fe1156ba67bf21

SHA1
7f4fe846b104cf00df954154400f6f366f2fc886

SHA256
34f7a7eaa432371223b636e1cc03d15529803311452eaeea83d09d59b797f1c4

SHA512
5cca5f7a644ebb504dd5953a2d3ecf73ce388ec2b0ecbf39a6fad94d0f52c6ddf2afaa19dad5eecd328b874d395ef8df5dd1e9f65cd3a2136840e0fb942cd189

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb

Filesize
1.4MB

MD5
3e2599322e6c4b24689ad33a1ea0875e

SHA1
0cf990c744b3a401961113da95782bce39be53cd

SHA256
bb7a496a689ecde10e537dc5eb1c8f374b52287a763bcc0cb5388adc05085f38

SHA512
573bb53e673d7e403d63f30afd181690be3f47adc77fa882e372a50ec9bbc7c365251f4f5092aacbbc350a195713020ed435ffbf8d8436028e9e8e230345a81d

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb

Filesize
233KB

MD5
471541d2750183c22b806f20c78b3b4c

SHA1
879698ec92809b1846955ac46bb40bdbd705a091

SHA256
8d8339a1e58886e580c28c516a697f526efd5ec0b92c588f1638112d9c5b119d

SHA512
11933a0ef1fbbb0c4d6b0ffdb84c652bf96ef5079941d51a0736f7055ff5b608f1101c57147f3b9662aec7391b183a77a2499254a2d7826631c49bcf7bda3f85

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb

Filesize
38.9MB

MD5
1975b90ff88c50d691d8b05022bd4a7a

SHA1
f69e501709d4080d4e4eaa938ffe79e0edb339ec

SHA256
c06fd7b69c6c0081b338b4a59d6e5a4a43658ba43d29bb610cc5873de39811a8

SHA512
13ac443c2f3e8f5ffde59d275ed9f86142e3ef41f7daccfb241b68722f54712f56d2e7db510a57ab41ce54e3b1a53cbba24471baea0803ce271f3fc06d3f1b09

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Filesize
8.7MB

MD5
3c7b30585f27d8b078be165406bb651e

SHA1
26918e1e29b380ad833198658f939b057e33db7d

SHA256
1c340f49c4449d5eda5c425b893368f21f7d85901053c1d1b61f791020502ecb

SHA512
8825e70dabb6d99d11a1727ec831d428a509bdfaf0283367cd29cd6c560021bf65dd8cb9b54eb71e9bca22d8681fb155adde443e272646bdc28994b7990db07c

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Filesize
8.7MB

MD5
3c7b30585f27d8b078be165406bb651e

SHA1
26918e1e29b380ad833198658f939b057e33db7d

SHA256
1c340f49c4449d5eda5c425b893368f21f7d85901053c1d1b61f791020502ecb

SHA512
8825e70dabb6d99d11a1727ec831d428a509bdfaf0283367cd29cd6c560021bf65dd8cb9b54eb71e9bca22d8681fb155adde443e272646bdc28994b7990db07c

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Filesize
8.7MB

MD5
acd4e9792488adc9627075238bcf3843

SHA1
54f49eba565197460b564af8ddfacad91df960ff

SHA256
84864e2ce732b2007492cdba8fd83d25f2a6314414e97f67e7bab9cb66ce3833

SHA512
8a0d680d532621da8e174ddc6142a89cf81b5af7d8a4325cffbcd61f473d3006dd419d0f740454610be818c53858ea7a30c22102465522130b5ba9b15c7a13a0

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Filesize
8.7MB

MD5
acd4e9792488adc9627075238bcf3843

SHA1
54f49eba565197460b564af8ddfacad91df960ff

SHA256
84864e2ce732b2007492cdba8fd83d25f2a6314414e97f67e7bab9cb66ce3833

SHA512
8a0d680d532621da8e174ddc6142a89cf81b5af7d8a4325cffbcd61f473d3006dd419d0f740454610be818c53858ea7a30c22102465522130b5ba9b15c7a13a0

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Filesize
8.7MB

MD5
acd4e9792488adc9627075238bcf3843

SHA1
54f49eba565197460b564af8ddfacad91df960ff

SHA256
84864e2ce732b2007492cdba8fd83d25f2a6314414e97f67e7bab9cb66ce3833

SHA512
8a0d680d532621da8e174ddc6142a89cf81b5af7d8a4325cffbcd61f473d3006dd419d0f740454610be818c53858ea7a30c22102465522130b5ba9b15c7a13a0

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.cat

Filesize
10KB

MD5
60608328775d6acf03eaab38407e5b7c

SHA1
9f63644893517286753f63ad6d01bc8bfacf79b1

SHA256
3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

SHA512
9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.inf

Filesize
2KB

MD5
c481ad4dd1d91860335787aa61177932

SHA1
81633414c5bf5832a8584fb0740bc09596b9b66d

SHA256
793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

SHA512
d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.sys

Filesize
20KB

MD5
9e77c51e14fa9a323ee1635dc74ecc07

SHA1
a78bde0bd73260ce7af9cdc441af9db54d1637c2

SHA256
b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

SHA512
a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
593B

MD5
db9dc700be0f4c693141d235c0e86953

SHA1
e7bed17f2c0b547f05a394f71719db21664b5c4e

SHA256
201769eb4e856f5477b2f97925c47fbfe4e7aca626a55140bef692d62bfb6189

SHA512
f7823c76007d060edd27b43a38a9b3f0c3a999a5e8ac9833993c4caf9c5e2729a7806e8613536295782b903220013f790abb0f4cdb83e8f1d1e57505eab5919e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
593B

MD5
db9dc700be0f4c693141d235c0e86953

SHA1
e7bed17f2c0b547f05a394f71719db21664b5c4e

SHA256
201769eb4e856f5477b2f97925c47fbfe4e7aca626a55140bef692d62bfb6189

SHA512
f7823c76007d060edd27b43a38a9b3f0c3a999a5e8ac9833993c4caf9c5e2729a7806e8613536295782b903220013f790abb0f4cdb83e8f1d1e57505eab5919e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
655B

MD5
8be06c5ed56aa17dcc9c925ecdfabaa6

SHA1
4e1a51a095a7f203ac2f9f62eb11ede9b71c242f

SHA256
6ad20a535c8dacdb7b7bde5b76c04466f3adfcc70449014368884c2534d84f65

SHA512
9d576c3fdedb0166fd6ac2dfd21b1516d3a056ea5441e0ab2bb61a67a71a4493bda92dbdac3c8080702b2567d45b069f66d31cc61ed8f98c7ceb47123aee86a9

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak

Filesize
593B

MD5
db9dc700be0f4c693141d235c0e86953

SHA1
e7bed17f2c0b547f05a394f71719db21664b5c4e

SHA256
201769eb4e856f5477b2f97925c47fbfe4e7aca626a55140bef692d62bfb6189

SHA512
f7823c76007d060edd27b43a38a9b3f0c3a999a5e8ac9833993c4caf9c5e2729a7806e8613536295782b903220013f790abb0f4cdb83e8f1d1e57505eab5919e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

Filesize
8B

MD5
c72425e92fb1804d6f0dec0a59ef783b

SHA1
294f71997179899cb5dae2ab7cbf62d435e2826e

SHA256
808e8f5cdcbe8b277c027aa029c25131809202230b579b716ba17c8d6778df55

SHA512
e1125b1c6314de927c6a1b8211c968f5eacce52f4cd4f93730bc7b05fd0c3daeb4016168e4b54063305cc26d9c02ae06b0cc1bdb6269b1f631d221e1346d5885

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe

Filesize
3.8MB

MD5
b9d4462ef148f15b28f87040d294b6ac

SHA1
a11426b9b2054562973bab331cf3de32d4965fde

SHA256
c7d2a91dc0230c4b2f7833490e9299e3d1ec8a80379dcc6f90582f51415f96b3

SHA512
67064c8b60d050126053ec3ec108b270dc2e673aededd720a4c18463f7c185195d39db113dd8097543b7f259c8c23832f4d5780bd56c1bd94c266e7357c4ba51

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

Filesize
22.1MB

MD5
f55ee10564dfde096fed148b36fa87e8

SHA1
d3e9b68880ec9d7d74f4ee5dd7445c16ae712bc1

SHA256
8ca62ef10d6cb40defa4a379b1202351e1034b9451d7c53b554d5c24315f4efc

SHA512
3f961ce85818f75fd9cef3223801b35a85e6b414d0f649e24edba26229887d2523e760f59f0a6f164156104cc416b087906afe4d3ada4c0c4b6570e6451e1270

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

Filesize
2.7MB

MD5
b7e5071b317550d93258f7e1e13e7b6f

SHA1
2d08d78a5c29cf724bc523530d1a9014642bbc60

SHA256
467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

SHA512
9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

Filesize
114KB

MD5
16663d125398773a90d0a53333b7cf5e

SHA1
f92928ae3c9292588547ceaca1cb1d372bfd7936

SHA256
38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc

SHA512
091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys

Filesize
233KB

MD5
1dc6d344ee9b6b024ba23278891db9a5

SHA1
519b792d11daa2bf9d127f69cdd603a236576e04

SHA256
823e1c7321e177b006c1f3fd1ec8b99607a12d2c3c321f3a6cbbcf7030b6c240

SHA512
fb96c4ede03c3aa729d2ea5a72c5f14029f6d69a79b6e0d5449e371bf3acdbbd1cb2079e8bbac3a3140a257c71018bc7a2a31a45ad5c8b65382e67cc3431ab6a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

Filesize
193KB

MD5
b97e91c67832f1ff52fea79bae37372f

SHA1
6b7d1151878730cbfd15bccf19026df88ef84b2f

SHA256
85dd0da0b7340652038c46237c14309bc8c34107353050facf552805f7d7853f

SHA512
d1c012bb4dbb368cd149a49fa52aa5f9ae546956f86901e4990ef46af4b658680830ce3a0b3a52af5dca2deb86d2a5567eb79e968e84e5588dcc8a81b8f452cc

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

Filesize
217KB

MD5
6a21162e1c8a9f65787b14bc439eb077

SHA1
1bf68b253edd6cae098144e24e09b4e22178784f

SHA256
8b7990e1c676f53918e41f6b18b20179d77e598352d9243b05e2ea22b2d9e4fe

SHA512
a0dafe66479b9e68ebf04a7e2fa7c7cc352fb075356b7eccebee7af527393711e3cb36c7ff6466a5e28b17d1d003c1c49ef176b448f5de36a7c8177c9c8808c4

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.sys

Filesize
177KB

MD5
1e12dfd5396809da1c6cc5bcffbea079

SHA1
db1aed7c81a618af1053e8c20a8f06facfc0835c

SHA256
5afffafc7392d7e587228b50862cbf2c435e45e596148fa05ac3c2d0af7721da

SHA512
cbf33ba1c0af4ebe85764a969a8b60fe3e65162f6f8f4eb91790d8aee4c09a7d4e8ee6a438116103fbd966ba2c377ce538801140402711543c402e3a7a375462

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

Filesize
10B

MD5
998cdb4aaab329f32b7f47e12e39f3ea

SHA1
120b5294f287c1012209dd530e3779531b037b6c

SHA256
79a1be670d35f1bcd3e21d744943b594100648a1dada89f134ba16e3a76f6981

SHA512
a095900684807d8bc770fb4f93f6ef1d7c96fccf038726429e416c749147c53bd0e195bd2655ab83298a6f2a0e6d6baa0c1d9580123d93cba10c576e06f54333

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.dat

Filesize
6B

MD5
9e94f26e0bdd478d4c04984bbee7af09

SHA1
2faa997e896c76833739c181ac8a9d43a06d490d

SHA256
98bfb5c401b5ddc4bd6b666ffec4037e780478a8ace9afad84567a4d6530b787

SHA512
185082a8b6b3868afe36593bfd5eaae910efc9acbe2bbf214da08f58debd6c536184b67def9062e337fcd6133c1c62c2999b16b76c6a9c232d5e751d0813fd6f

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\version.dat

Filesize
47B

MD5
082aec627690f2b7c3250079986161cb

SHA1
f2067a2cdafd2f4ca4510948a1ff01d10bce4013

SHA256
0fa31ea8118e8bb6a7511ae22b851bd182cbe0accb89babf08102f3af6688a8e

SHA512
787c179833d1118c47f909a39386713a7b32cf6cc920fcf459bd9074cf0291365060cf28fcfad4bdd00e33598a888e615f763a349fe8c6dbda60bb459a5d6cc0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
47KB

MD5
7d4a0a46e15b956a7efc3158290f445c

SHA1
76cf76daacd3024491f83b5218627f59c61ef600

SHA256
ff4fa75ab69f34a004a70a6a10c03690060560db15504f11362956337af3f694

SHA512
60b5da811a489ae16bb51ae2c0c5a9c94316abfa6cf82faea3ced024f381e38dc1be8aa87e272ced65c47c64f867e0dd6de2ffbb40ae1703fffbb24aa0411416

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
64KB

MD5
ead0d61fc889fec9a71d995a30ed5eb1

SHA1
5c144fe8970ed4eea0a7cfb40be156f65ccb4481

SHA256
be68774524e6ccbe35e0f76e1cc88ec34e443dd8c32588fd352e4ee24c9c7087

SHA512
8661316166c7c0129b3b4c70acf302ecbc382db6120ae2cefb15c9519350559fc049f238e8bb4128f031abada23e544ebf0742d9135586e46fe2b3196313c1e7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
64KB

MD5
782e41d63cbb95c4fcbb43384e24d634

SHA1
028075f90a3460d42530af2dde5596c4f65e978a

SHA256
e1c4382277a96f1374cf785a3f62625e2321dfbcac845a6bca8f1d9a0f479e08

SHA512
dfc4568fb10a2f34d9202117782fa10b16db8f0e5e537c85e2307c9cce1b133a4e8da3b81334ef15734aa37531e407783c39859babf742f028efb9d79a8bab3e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
86KB

MD5
6e01daa318bfd658f941b3067e73715c

SHA1
2d34b1b70ce099640488836bd460000233f5c69f

SHA256
cd8decf97f38168237f792844a5c0b87a046979975c699b7a4011557244619e8

SHA512
526bd01ee9fb476148a445b4d96cd6e44ff916509550ca264cba8d77762af9b13c9ddb8e02eee8dfd4c9df0bd2c5d6918a91c5a73f9d530e8a88c09c2e058d20

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

Filesize
607B

MD5
6d0fb80d79f703a1dae8b8fc63dad3b4

SHA1
553e108e5728f972feb781acc31cec04b69b6a83

SHA256
ede4e5719444ef9716f10d4e82d3315632feed4e7c03de236c18ba0171247f43

SHA512
1a3442ad8b0b89fe98bcc9e6a20a7a2ab33733b99b5bda44bf1dd0b6cf59976a746144c39d7c11aa1b6ec2b3a649da4cb4afd6249a86bc2d8f7c379160563c1c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

Filesize
808B

MD5
0cca2e9c81566997b618d89f2713ff23

SHA1
fde65f79954db82507a1036a8704216eb535462b

SHA256
c6b8fade8df9a417d9bc9ba974a5f6b0079f298f6fac24b6b6bfddf5a660be9f

SHA512
31370dc11554b458cfd0e2243711cde53c2710be8318ed65185520847643ec6c18edbf506c735ae7d2bde6c9927d97dec548506b271c210aacd7804f60eaa4bc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
543B

MD5
dd49aa252e12eba08ac57b41c1613093

SHA1
044777e78ad3df43edc5ee079a37b08299d864e0

SHA256
18402b96921ad3d52d6615514d88dbcd7aa01e1738452a68efc458e97cb02c23

SHA512
07a61809868b12773a4b51ab5d94a6989fd3c03a49882b5bddd4d518a129db61ac5dfc5efdaf23b4c1d835f44a62ff0055669f2d5e47203d8a84b6c3ec488ef5

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
9KB

MD5
da84301ebc4c3c6fd26828a20f7a4ecf

SHA1
0684f36d4d13663273374b92a3f7060bf9edabf6

SHA256
be5b0798c20c1641d0a9dcee8f265dceb0765752e0146ce6650e3d392eb7fc1a

SHA512
9a0cb802288f705b0efa00dc44f6a9953567341daa529db6c33d348accd763d855bfd04bdba46715a69efede5c743084819a4cec439e7c407d27ed94e3d3791d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
10KB

MD5
ada350127e8e684c11999c252c4ddd71

SHA1
cd9f1732d8e6831a933b55c2965ae66b483b8e06

SHA256
ae1bee770ac6b794824920bd4e60431df83d3a998d2bb1efb67d8fb415af8ff4

SHA512
bdf047161115b3fb3742673508c5e35e3f9f49e0f707cdd5d787244a62c918ac79a4e09f0b64f776df82e9d6e3263662e06afd19e09e94710cb74762bd19970e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
10KB

MD5
fca37126047e83689727276970afbc23

SHA1
a3ba2f4552e9b6184a10f0b2a356f36b7aa25179

SHA256
113f9c944777ecc23a0e13ddea33b38252fd973b2d68f92e4acb86f30e7f901f

SHA512
76dd5c9444050021baa8f200959bae2daff38e1b096d285e5e62eccc153c0ac4d164c357de875ebaf059c229fced3ddb1e03bc509ad9fd4b263f83d912fc7086

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
10KB

MD5
415cc1e66ffece36ad4e4ee233c1d17c

SHA1
7dda5547d408127580890a4d154865af24298ea0

SHA256
aa2deda70497314743dac54c01659f06d83c6327f2c8bef429c8539cd91f7ea0

SHA512
aa67f84274bae1d8c4a054b2bf66d103e5fba1d71ab15267a0699a0b5fac86d9077764f777f7399cacddf570d7fe6767b68c62f2d043192bb304ad5e520aa19a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
10KB

MD5
a9ffafe970ea8173abb680aea57e7a59

SHA1
cfb815e77d3f3dd6c02ae264aa27715f30493e5f

SHA256
212c2eed99d931e85576f8f7a8e80a50c81fed1847ff862e5f34d4485bca594a

SHA512
774bac1739cbfa5b367c942055bbb14fabe71c298321d2eff29eadada009e00b08c51a1385b71bee1701bc02d36fe2e381a4245112cedb2f1cc33de945f3484e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

Filesize
1KB

MD5
cab5f2b47d3e814b4e1f764146397af7

SHA1
5bcb91c77866096525bc0ebd7ecabde952d953d6

SHA256
e7fba8ec1908c72adcfb89c31d4ea2c48fb2039401d0e5bfbaa14e8c7f209a57

SHA512
e86ff45bd9c4f4a2bba7546c062723b119393dbf44fa4fd7d2c57e8c5bd0359863ea7761ddeab5cc5c1e66da6f849583d04950e8f6ace1be7ae882c80dd9d269

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
1KB

MD5
a332e73a6015a04a672a51fbeca3e690

SHA1
746500f815665e3c023d02344f8d74d84d764da4

SHA256
2aa8438eb731ea5a323618f008cd00196ea3004bd8bc878fcbe06f6d7fc6366a

SHA512
25daf2c2b6624d60f864dffe513566bd50d9ac8f838f7629ca92df4be7ec671e4852a0e389f8325d69024b2f781abe139781b1008c8dc46e0459256454362cbb

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
2KB

MD5
bd041837fe341ab59b246dde04ae1d7d

SHA1
0324625d963272fc6505b1d4f0fd365afbafd786

SHA256
fe40293ea3194f51b42fadc574e75ff0edff669e0633e564f265519b8bf71090

SHA512
99ffc78286e6db650d3fcba5b2017ad0374e530d4767ecf28159aa2680f8be8792206af72c10224900246feaaa35464eb9a92886ce00b2bc8101c74fc7247a29

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
811B

MD5
befa3e18283e82534a78c22cd5781670

SHA1
0963a7e10f5f70c4922334f84c605eb7a8bfc883

SHA256
265edbb2810c309bb2fdceec323aab17bd243fe9261f0ec0b7024f3b7ddcbe2f

SHA512
1e700fb27e854be428597b01f9123ebf87e0b2ba6077eb93a02b9fa227ef9d68b69553551e3147e60f82ce2e15ad1dabd3b5b13817b2441156fbd448c8b1047c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
811B

MD5
3ad09623aca3bc40413d0699f15d11e4

SHA1
275fbe8bd930a101607fa56d32e25078c89fe62d

SHA256
8c75d5d4a2c2c5fbc95232ca25cec219e2302e065864013f9c1ea554deadf6cd

SHA512
5a63c1a79d783248f34851f5824f2cedcf8f08c429ff2d70033af2d185141fcd32061c19c4117c9392aa0a93f16e0e54ca9e9b869f07223e403b5c9e69b9c693

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
3c78bbe79a82fcc3ed4ac7a13ffa0a95

SHA1
bf0d3b504921574a64ca5eb0c60e5c380ff3e9e4

SHA256
4480946ad27ffc6f84e3574a8fb2009b25e574ace068761ccc4759b6110f8910

SHA512
8cd1d47ea395e653609891d7dd30f9e8f878d52a968fecc3a165cc8222ce806362362747faf088a2282aa28107840a3242250698ac2ae083454d96b3bf63198c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
3185c0207575018dc834f386516eb814

SHA1
3954156a8a9a6c25f7fbcc113ed0b56e8fd700c1

SHA256
6e5620b42afdf840fa843bec214544399b9e2fcf4ca8b1ab5aa9270be3c92e98

SHA512
fff533d24df6ee122e5dac486b362dbed5fd488bcc515aa1af76d4d3fb49e1070399bd7fac11fb5ae40155d3c9abd5fc027443c3128f2ca12843fa9b0040085e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
2KB

MD5
1678630317be5b2d73235aa0031e613b

SHA1
70a81a261a978210a0597be97bc589f7e70b38dc

SHA256
22f7fb53753e8d7726c5b612d689549bfc90f5915b87115bd1a20d9a761901df

SHA512
64f3407e508c7876c00bc17ccc2191da0bb43b4156ba3b50fa28ba907bcbe8ebaf0cef34147f4cb60e892c287f7e267d3a131ab00c7e24c17e9bf8283ea7fbf9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
0434d7aa0139b743ef10aa09de97b1c9

SHA1
9f0b31d7ef5b79b177b2cf12257e9b43eacd1d65

SHA256
61c4bccc589906e7f619329e460b61b286936643b4ee71728d88779db1e8fae0

SHA512
3e023cb30ea1aa803abd983d18e40ad617dfad801350361a0fb2c92f77abb10fbb0a45cc3f08a3aa18f8e7f2ef77284e1cc6b55c667a8fa594b3091910d8d2be

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
7KB

MD5
02a72b5b8458b2f12c9b857049dda7f8

SHA1
e928772d71c6f49c12eaf6d8f2f5976fea9597ce

SHA256
2688eac7e1c1dd2706ec771857da341322f44f7905edfe42e1934d91754088cb

SHA512
2ad6c2fd74d5538ea6656c4cd5ecb1ce17b7c3c3bfe08428b741770c61d5efdef768e3af030413bcbf79bd931cc699948a97667486cd3368edb47ef561b7a8c3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

Filesize
10KB

MD5
f541ea0f34e7cc003a1fd55eb0a63f5c

SHA1
5eac80ab4671f883aa55a4f5926c49d3069b5c99

SHA256
a66be7f7aca6811871f162a58e1a058fabc7119494cab2615854b1636819d6ac

SHA512
647196f6d9518a66161f25eff43dc9d9c7526d7b8b5609ac5fb4b456048e82258130bd2ee1a4afe51dacdff17642de7d205ce0ab8b3a8fbc288922434152111c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
dfb0294e6abf1fd8b7d2d1e4610b92d6

SHA1
c573f327ae471b8823f309617c645fc50fd31aa0

SHA256
58d35d08265a10f944bb7dab2ac49d9197d32e5122c19db4487f28fb51d3bc61

SHA512
82758940c56aced17695b81369e512740b4a1ec67e02412c5fffcc8174ea81bff4210e4a7f55b4f83afbfe641bf101806ae8df24009f90b8dc8314c6d863eeda

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
440bd20f8d71a8e66efb862b021ad554

SHA1
52f59332935e1f56696188eed5138ae686753454

SHA256
67fe3970c85a6b5f4adc88cbad3ad933c09727aede6048ddebf817a6aef33c47

SHA512
ed9e037eb0855e9bda52e955b13ef4f3fd4cb3ca992089914f5c5ee6e84f4f3a929bbd321a872d572e969ef4ad8aff3f589a294f4bbde9991662e7a557c003bc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
483f259b5ca28ce02b586ddde081a387

SHA1
1450293acf81ca960cd47fe689ceb888ffad2ab7

SHA256
32a384575db8e30c6b4b8a451d9464f122a3625f54a13c7f8d324573329d49e8

SHA512
dd6f91317e2d204a90ddd7b63c45ae724394e272e0d7e88d46fb1e385bb70f40c46bac31f6919c0cfe6a8fd61f7507d983a021bf5290b0ae898442218ec25ac8

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
5fe665e9d80d7bee54629c9707d4dca7

SHA1
601b4b613b4a5f6af998b9de8fce389ae255eb82

SHA256
23a30722e7d4fed6d451648c7694ee5657731b6c3b1580146a6cdcda2ad3007a

SHA512
ef9de23443e2f823fcb30dee1764d45fd9a8150b7237b0e6e054376ff89b7bea73793fb75ccea8a897139327f9b597b280792066ec3922781b26661292b3e736

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
a0a4a972703945a0e66e27a44f70f4bc

SHA1
3af5a7bc9350ae9160eb1182019a13f5a4e4ec3a

SHA256
ac40c185b25ad395b4d00b35a3f41755311b34f4d38d1e7685025f4b6a8107b2

SHA512
b7dc25fc05d3c3e5d25a772a80f21ed9951b9a8baca31d67d3a41094991ff6bf64c1f94c48bc868e66b3c65e08a0947967dc0981dd8a758f3bd7c3e6e5c80bdd

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
ae653fed7d02fa26da9bea5bc494dba7

SHA1
e5245c68a55663baaf5c2970760ee40b11aa6177

SHA256
790166061a7f0a2b0082f0dbc005b26a3e85aab6c67e885e596dab39dbde204a

SHA512
d7fcc32ace81e2c0c0dea67836c053ea80f3d9a9772d307072d2fd5d420981e1abed62b01589bc2986eec6fc78c689ff2555d255865419456b5f3da59cd73961

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
f5850da631403f610b27d1d60d8aa491

SHA1
948a09c567629ac672d5a415b81a568f22ece991

SHA256
97f319e4f4a5fcf3e155181418599732d4c9682e1c5b88b5f4a02fdfbc2ced39

SHA512
758497d3263e6fde96dcabb73137f0f8e00f71267516bae9432097ff43c1122a3cb347cd2126a0d86a38d7613bdd792f4b0cac8247bfb784db083bf9b1264dff

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
c5e280c02b7dc20c5b2f7902fb587765

SHA1
e9a56a9898481ba3bd2151e6513560eefbfeb93b

SHA256
53b6d2d49d068cc3f1bcd42743feaa2a97f465adf1ea4db8c84d81c227926615

SHA512
eb8fc2b3a255e85b58c53fb246aaf925192feaa7a5d56a114610a7c174e00dc72ac92d043b7d945ea0e1f2065d64ffd30104721237602ebe14df1eb937a7cc21

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
167c1a761bec39d60d0f314e8b0f907e

SHA1
9cf817ff45713156961cd16b7b1af608c58e9358

SHA256
a6cb9f44d8c89672bdaa4fa1175b91ac58c7a50bd6fd0a13d815e2a73786b6bd

SHA512
4ca4ce389ebf1c9b48242ff3e29628d2f247547058a8e97fde4f002ed68e6cd6800eee344a562095e6ed9783298ff903bc8e9ffb8a35cba7fc88b4e40fad7791

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\telemetry.json

Filesize
387B

MD5
dd63df9fccbff405f31685aa47456d29

SHA1
1e7eb3ed951f9c917e079d4a216b6a517bb8c41f

SHA256
1afbb7c7ce5c9e0a89dc1c7fe689d535be757cc8e31f9e5dccfc7a8cbf75db72

SHA512
3f0bb16081a66e68e707ead74048a232286ce4ec6aa1318104ddb18d5537553a60b0020b793c5f4fc4715ef626ca757173161d77830cceac8447c93c67e03f07

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

Filesize
5.0MB

MD5
1eff53d95ecaf6bbfffe80d866d8e1dd

SHA1
d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f

SHA256
6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac

SHA512
c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

Filesize
5.8MB

MD5
1ed53171d00f440f29a12f9beb84dac4

SHA1
4d9a1e3579b0999f1ab2fa818b588411e9ee920c

SHA256
e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e

SHA512
17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

Filesize
316KB

MD5
0419253ecf2d3f747230052346b8068e

SHA1
40f8ad3991864f5f9674d1917962f5e61259c0e9

SHA256
52fe40890d961776aa67b53b806cc475d406d3f7aaf694283592b9f7416b896a

SHA512
ea1aa639fee0b63014473819878a0c276de2c2c52c911e889a63825e852722ee2f1e1a2a8dabd73ace070355a68c84ad52cf630778f8d0a9e6c7894b23954742

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

Filesize
24.9MB

MD5
fa198354309db986ef4ffcf14ffa6b68

SHA1
ffcbe260333a33797a9d95e5a769fa6fb5395486

SHA256
a685128aa6f554b2904dc0c4f96ff2f347f6166af74606b519a5db437a719937

SHA512
0455a64dd0aec6059da1c20d32c19b15e18fa11722f12bb3d39983bfabfdc6c0836cb5cdb4c4dc606ccf69ebf091e499b45e53aaa75f8b314dd6c286b8abde18

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll

Filesize
6.3MB

MD5
888b794737cd78e918486cd2a4116c65

SHA1
335aa063439ee8c2242591dd4cfe6c9bc28531fe

SHA256
2194ea4af98e6ba23e14ac60860a6c727f4694a9d904025288997ad05f0859bc

SHA512
f6a15dc86a89adcbf9ea6b96eb7d5671a2077696ef4cacf88c36d7c73c5f28d96f4a257ae8672981a24907e0583bb15c01dfe09ee1ac5837ffa693d5668dbbeb

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin

Filesize
639B

MD5
544a36063346eeb1e751030008a9f7e3

SHA1
b5c44a037d16bfd5cfe0e6ba9cb770111b3aac82

SHA256
33a822063dc53b5a693b5920f6a14bf4c9c1905c08b3257b7621c9f0c41d39d6

SHA512
fb86ef1c271d10da364654b244253a4492b8331d69e2a71479671a44f613b88a72822b5a849159b63b7b28c7cbe0c6b7ed35f82cf749a598b23676fae70f279c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb

Filesize
10KB

MD5
b08f5c57848e38686fc3ea0214124e8c

SHA1
13b1fb16ac11decdaa6aadf702c29bb176076fe8

SHA256
9f526f72efc6115306277c70bb16f86112c35187e22291c2f23e0cebffc4e9a0

SHA512
b24ebcd09028995bf56ea9f1f8223fc3c4a8b26cb2d49c624b20373cdd439243d5b8663a058780f5a553274b5ecaacc0b817bf3b2b2bc156bb925e2062425597

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

Filesize
924B

MD5
6d63788598b6799f43f2481b11378a7f

SHA1
71172286e24c52f9c8404fe4361805c1cb6d7f96

SHA256
01ee194e4fc136e29de7163ca0a0d284438cd17f4242309d66573974ba021f35

SHA512
e2c98f9d1d00850370116e9c8f81a41d68eb62b2827314ca5640a5df0b6a84cf159c064162f812236a6111d72f933437a1023544ed3997046cd17781b367dc6b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat

Filesize
39KB

MD5
10f23e7c8c791b91c86cd966d67b7bc7

SHA1
3f596093b2bc33f7a2554818f8e41adbbd101961

SHA256
008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

SHA512
2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

Filesize
23KB

MD5
aef4eca7ee01bb1a146751c4d0510d2d

SHA1
5cf2273da41147126e5e1eabd3182f19304eea25

SHA256
9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

SHA512
d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

Filesize
1.8MB

MD5
f4bcae29120428ab0d1b72acc375d7fe

SHA1
0970f103d74c634a91afd69388ab692f2df4819a

SHA256
f6e63c104b5a3714a035d2272e4663b0d9599c405bb31e7f9e7e108205707d4a

SHA512
078c4a5a15882ad74eaae3539bb787f28a5b3bb18e8b3a33bf44cfaf98d7dae05bf73245193ad2d3075686b6405c25a6cecdad3d6bb36ffa8b3da5812ae675b0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat

Filesize
514B

MD5
657f15737037bd6c03931005448a380e

SHA1
8dd75e2f418c03e99767c901ae1cef7eb95abd39

SHA256
490c29b25466d69b6941d97bad13e9f416ffd5b7ba707e64c2a15bace47b83e5

SHA512
657fe672f77ff3f58beda233fc48e255b3c6e645c521559d194033778a53cf4b4fe52d4165fc2ab38d3c8cfefc1e1c321c2777fb96976c0ef56ea8c2eea6a7f2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb

Filesize
24B

MD5
546d9e30eadad8b22f5b3ffa875144bf

SHA1
3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

SHA256
6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

SHA512
3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb

Filesize
24B

MD5
2f7423ca7c6a0f1339980f3c8c7de9f8

SHA1
102c77faa28885354cfe6725d987bc23bc7108ba

SHA256
850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

SHA512
e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

Filesize
21.7MB

MD5
417b58d7fc33727e30fe1156ba67bf21

SHA1
7f4fe846b104cf00df954154400f6f366f2fc886

SHA256
34f7a7eaa432371223b636e1cc03d15529803311452eaeea83d09d59b797f1c4

SHA512
5cca5f7a644ebb504dd5953a2d3ecf73ce388ec2b0ecbf39a6fad94d0f52c6ddf2afaa19dad5eecd328b874d395ef8df5dd1e9f65cd3a2136840e0fb942cd189

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

Filesize
528KB

MD5
f712ebc5aa4cc78b7f1a0c8810ce7db4

SHA1
48899721fbcd93b7d5440ce269b7777a62582eab

SHA256
46d6f6dad272240bcdcfc0d5c42f88a2784a5ebf31bb284555cf260b21e8a4d1

SHA512
20ea70c3b4e3cdd3727207b9b13e54332bee15ca18cde5228c7f93982310d77e5f6ebccd1a8251ad4d8cbf9ac6646bf7f5856f1c82d3b3ef2390fa779ec06017

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

Filesize
1.4MB

MD5
3e2599322e6c4b24689ad33a1ea0875e

SHA1
0cf990c744b3a401961113da95782bce39be53cd

SHA256
bb7a496a689ecde10e537dc5eb1c8f374b52287a763bcc0cb5388adc05085f38

SHA512
573bb53e673d7e403d63f30afd181690be3f47adc77fa882e372a50ec9bbc7c365251f4f5092aacbbc350a195713020ed435ffbf8d8436028e9e8e230345a81d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb

Filesize
233KB

MD5
471541d2750183c22b806f20c78b3b4c

SHA1
879698ec92809b1846955ac46bb40bdbd705a091

SHA256
8d8339a1e58886e580c28c516a697f526efd5ec0b92c588f1638112d9c5b119d

SHA512
11933a0ef1fbbb0c4d6b0ffdb84c652bf96ef5079941d51a0736f7055ff5b608f1101c57147f3b9662aec7391b183a77a2499254a2d7826631c49bcf7bda3f85

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

Filesize
38.9MB

MD5
1975b90ff88c50d691d8b05022bd4a7a

SHA1
f69e501709d4080d4e4eaa938ffe79e0edb339ec

SHA256
c06fd7b69c6c0081b338b4a59d6e5a4a43658ba43d29bb610cc5873de39811a8

SHA512
13ac443c2f3e8f5ffde59d275ed9f86142e3ef41f7daccfb241b68722f54712f56d2e7db510a57ab41ce54e3b1a53cbba24471baea0803ce271f3fc06d3f1b09

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

Filesize
75B

MD5
3dbc849096376d7e21fce2799aefcdb0

SHA1
f37319de3bfbd2cd2a3610ceb4f988a55fe30f78

SHA256
aa345d1586d8f0723f230c1b85bbdceb930d3fab54e2e41010a24e27944c0e08

SHA512
3587d7093e5dcdedd806527d8b84a3cea523965fb8502c6be8d30ae5c5d71d217c00a21f937c6168e945172aab951ddebaff51d3d9e7436446fad9c8c20752e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\OAJPVCZO\www.malwarebytes[1].xml

Filesize
415B

MD5
16426d8ae3f676007b4198944fde6c1f

SHA1
7428d6b837b3db8135af38ea433ad0157894fd70

SHA256
bb363cde20ec1299a9616944ef63f2ea051fb2bf7f3cc0d5b65137e3cafa812d

SHA512
28d63c1fa3e797d33948bd89e271cee47817316712806c32f9e37cd904e0d6102f8255a9677139302b8bab83b8a9946af1a34bfde4d10f0967a8b2d6393eef0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3JTJFMB2\favicon-196x196[1].png

Filesize
7KB

MD5
e06f9d74dba1451d6cab5edd1581645b

SHA1
0f1352f4122ca56f7c4e93f207dd88c4758fd86a

SHA256
77e0c50614af96211739874ab95a3e7958a7bb4e956fa8bb431c6e6fd653aac9

SHA512
d5f0a7bb3026bb12be4101e4ecf23f954695af4696c63afcedbfb40dee3bc74327c72a632a6ee0e3e21654867a2c2420d60718f6c54af37cb4662e5313e317e6

Download Submit
C:\Windows\System32\catroot2\dberr.txt

Filesize
181KB

MD5
8cf20b5699c12e9bb3417971e90d8bbf

SHA1
f2a7fdb59d5eadf0fe858a2e8f38c19ba7406a7a

SHA256
cd44db42f5733b30c82101ac5d36b17765e7cb5ca328597581466535ab0b47f1

SHA512
2b4a76992e2d71b9adab844a97c6fd4c3c265604e2073b3868d7a0a2c5bfa49be7d1e9056e8f4204b5f1672331c05afc393d78cac61717f994bd09f6fea73ff5

Download Submit
C:\Windows\TEMP\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\SectigoRootCA.crt

Filesize
1KB

MD5
b821ee78c10eda973c40a382fa5ca457

SHA1
f40c413c6d17c4c4195d30a9a1454d186710727c

SHA256
028fd01ccc988386d6718eda921f6131044a61c06e0f84574d4911918e4659f3

SHA512
ea4b9b5e8d7ea4e9c137fc21b36112c01905aad771ad09c408ab94d7eb7d0458a60f3730b5a5af6cbfe8d6167c28132483b68900e7c8db55a4430e7bbd56d61f

Download Submit
C:\Windows\TEMP\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\msrootca2020.crt

Filesize
2KB

MD5
77ac2a1ae404c2e29334c4d0ce29ac0e

SHA1
c8eecd58d3b43a2ddec5054ef9eacdf0c2940e62

SHA256
626727d3f4fb4c4ef816648217966d5eb2a028afe03c801788b1834a456b48e8

SHA512
40bf30c83db166803798fdfbdcbc04d6d01bce7ec569d2f24089bf1b6d81f8694876d43c29ce78359d1101d40386044a0b9f11aedabb3a6348eb1a7da6762fd9

Download Submit
C:\Windows\TEMP\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\starfieldClass2CA.crt

Filesize
1KB

MD5
7fe5fafc33ce6e6f97e73bc5071bc3ce

SHA1
9ea40194cd3610f746f9fadee86d8e57e7905d2e

SHA256
64e8c4bf59964857adcd42001e719c1764a7f060d52b170982504e07bd26246b

SHA512
4578f75aa7bd65e5932c9d851299f1ec71bcc6c3e70361a9df76053532f246e026de1cbfdfdc8ac285bc5c9eb32fcc39cdcd405995734f3d3256c61cfbaeca09

Download Submit
C:\Windows\TEMP\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\starfieldrootcag2_new.crt

Filesize
993B

MD5
d63981c6527e9669fcfcca66ed05f296

SHA1
b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e

SHA256
2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5

SHA512
5fada52ff721f4f7f14f5a70500531fa7b131d1203eabb29b5c85a39d67cf358287d9d5b9104c8517b9757dba58df9527d07dc9a82f704b8961f8473cdd92ae7

Download Submit
C:\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\ctlrpkg\mbae64.sys

Filesize
154KB

MD5
95515708f41a7e283d6725506f56f6f2

SHA1
9afc20a19db3d2a75b6915d8d9af602c5218735e

SHA256
321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

SHA512
d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

Download Submit
C:\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\MBAMService.exe

Filesize
8.7MB

MD5
acd4e9792488adc9627075238bcf3843

SHA1
54f49eba565197460b564af8ddfacad91df960ff

SHA256
84864e2ce732b2007492cdba8fd83d25f2a6314414e97f67e7bab9cb66ce3833

SHA512
8a0d680d532621da8e174ddc6142a89cf81b5af7d8a4325cffbcd61f473d3006dd419d0f740454610be818c53858ea7a30c22102465522130b5ba9b15c7a13a0

Download Submit
C:\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\mbamelam.cat

Filesize
10KB

MD5
60608328775d6acf03eaab38407e5b7c

SHA1
9f63644893517286753f63ad6d01bc8bfacf79b1

SHA256
3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

SHA512
9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

Download Submit
C:\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\mbamelam.inf

Filesize
2KB

MD5
c481ad4dd1d91860335787aa61177932

SHA1
81633414c5bf5832a8584fb0740bc09596b9b66d

SHA256
793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

SHA512
d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

Download Submit
C:\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\mbamelam.sys

Filesize
20KB

MD5
9e77c51e14fa9a323ee1635dc74ecc07

SHA1
a78bde0bd73260ce7af9cdc441af9db54d1637c2

SHA256
b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

SHA512
a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

Download Submit
C:\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\servicepkg\mbshlext.dll

Filesize
2.7MB

MD5
b7e5071b317550d93258f7e1e13e7b6f

SHA1
2d08d78a5c29cf724bc523530d1a9014642bbc60

SHA256
467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

SHA512
9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

Download Submit
C:\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qml

Filesize
1KB

MD5
d8c9674c0e9bddbd8aa59a9d343cf462

SHA1
490aa022ac31ddce86d5b62f913b23fbb0de27c2

SHA256
1ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7

SHA512
0b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82

Download Submit
C:\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml

Filesize
1KB

MD5
829769b2741d92df3c5d837eee64f297

SHA1
f61c91436ca3420c4e9b94833839fd9c14024b69

SHA256
489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0

SHA512
4061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521

Download Submit
\Program Files\Malwarebytes\Anti-Malware\7z.dll

Filesize
1.7MB

MD5
461faf68ccc02b0223fd273b630f21fe

SHA1
363b8beaa74f0f454c2d544ace9e71a84bc2b4cf

SHA256
cb07f3f461e9c267831b1ab93af6dfda1bb51d72e42d73d00d26594f09326be1

SHA512
4b671f48e45fdedf50c7f7bb6c8d82a3b98f7502006eb002aaf8ff31f25f9ff1257c7bcc12caf622e43d4ec665b19d978ae3e3762f76def0bc71485ebdb8426f

Download Submit
\Program Files\Malwarebytes\Anti-Malware\Actions.dll

Filesize
5.0MB

MD5
1eff53d95ecaf6bbfffe80d866d8e1dd

SHA1
d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f

SHA256
6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac

SHA512
c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

Download Submit
\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll

Filesize
2.5MB

MD5
e7a4bb8fa34bc5ae8b84bf15442da99c

SHA1
26e6d20876f01faa32a7a846c12dd35c695d55b6

SHA256
9ed946c62c7801779822a83d9126257f6426af381a42ce29d5a3c49c774fc141

SHA512
10b007f132cdaa7ea2e75281cd7767b59fd61335d28bc55b778e05479ac993e3578ba1370fe1ce6bf35d271ca970346d5f8cd13637f59fb1fa01c8a6345727b1

Download Submit
\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll

Filesize
6.9MB

MD5
ef3e4c2c617164e495bbc0ec13890ca9

SHA1
f384c1892e00720ccb97a921d556654d730f1d3e

SHA256
7fa7d2d0618f46d50d36401f76d0314c72096ebd003d365d8df2b488bf02103b

SHA512
54f56aedaccf3bade0ec4601a86d23b8110702562be0a2fe2ce18aed09793eb0e7290215b3267e3e2c57dac850f446b10fd3a5e3c81e11508f1a70224366a51f

Download Submit
\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll

Filesize
4.8MB

MD5
3cad89a85ae704b4e264a03dcbf1de8f

SHA1
aacc5111236b95b9044f3228c961345ead3ee5c2

SHA256
1f56f70c09fb6b6c92795dedbcfa0626ec29383d53166ef0f179e86a46b33b56

SHA512
4efbb0b81392378cd143e1526d94b39434306e7354dbd6326bceb37cc3919f2b84d4ec08b378a35b44a2f93b660623f9112a36f4fb745f34327f9fda8f0e84d2

Download Submit
\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll

Filesize
4.4MB

MD5
b7a9a7b44b82e954c1b77e7b7f71ee66

SHA1
02f3eabef778d5641eea89d318268e79949da7c6

SHA256
ba97bf9a2a0c454dbd965ef7b6c12f582d49391d5297fe2ef4a94bb13d2d472e

SHA512
524dee007193cc13ee81e9734564e8a121715f7ecb27d113eb7d8265b7562ab60237aa64c556a819239ee9b4abdc8523a57ca666bdd48de82eca79efba771bc5

Download Submit
\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll

Filesize
3.0MB

MD5
f44b6c80c46c4cf3071b5f5b916e1271

SHA1
839f2238ecbbfa80ebf9c1f77eafc78204b58761

SHA256
732523df43358729d5e85cceb557d69016dcdd3e2238d903c33c5327c3131fae

SHA512
99be164ae96bc4f93dc896d5df445ad1c2f023f10605a8c9857d7ebedfc5b070f50cd33b401d61003e601a06b8446e6c0b5dbddda4927a2e1352407d3b266942

Download Submit
\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll

Filesize
4.1MB

MD5
c447ffc8af4633daf687e0a943061a60

SHA1
2f0a1854d75a82929dcff5308befe3b83439259b

SHA256
c01804c902c5532517fa0ceadc91beed01d5ac67adf062b7ce7eaba8272c40bc

SHA512
e0d650c35a46063d0e3870e1888d95827050e7792391b8c6ba4b5cd0cf2501cf0eb3aeb1c4a9f524467b6efcc4cb44c8816ba91aa09858c3594d8334a3eb2edf

Download Submit
\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll

Filesize
5.7MB

MD5
a340fa4ce6b8a5e22dfe5348752138c8

SHA1
4cd995cce3194b43a5e2f12f032eb5cad88fc3c5

SHA256
250f17aad7e80a1b33b79b1e95cdae26d6be6f1c27dc9aaba1b6d8f346393b8a

SHA512
bc72a19624042b1a3f6f873ec193c890a12fbb85111b60399e5b3c9584a752c9c38b637fc37b5a7a968dcedaf804b299ee2156726aa7462bc940154d3654feff

Download Submit
\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll

Filesize
2.6MB

MD5
89a38afcfa758e3298609c6c51929593

SHA1
2df1ee30adc92bd995526e41fd9c823354de30b4

SHA256
4795576483af0c136a71dcee87a0ffb54f0869cae6395ac2ff8312bf555e7161

SHA512
cceaed0b9a7517aebd739a377c7bd8987b9ac357be2bf987dbae31d59f2121c5bb9a9bfa2c70a9a54ad65546ef23903176dd6328d93408cb5c991257d59e2717

Download Submit
\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll

Filesize
5.3MB

MD5
a6b7865089133607d9fe66617abcebea

SHA1
e7d887a75fd48945d3f56b5635bae822ad5c7a1c

SHA256
f1f1958fbd3ecc0b61f1be129025dfc59112c09b146299caca61bd6f552c0355

SHA512
3c0638229b90fd4d4ecfbdac89a467d514824e57f1d40f68c5009051a48cc53a0f2f5712aeb530ed6aa9b855272590563c95738abf768f46bdc332806e6d7792

Download Submit
\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll

Filesize
4.4MB

MD5
d0b204fb32962798ebd9ab0ad336a83c

SHA1
f281b35553afa236a214b910c537ecad0e3bacea

SHA256
627db74adff5407a074e94997cb724434478801607c972ff2afdf10d4928bb98

SHA512
5d3aa0851b7479d3c6d092052fa8271cb335f54ccac526a01c64745c222f906b6a5ece2fb6637e6dee878cf76af3ad89e0eb7e7686a7061c134a9e8e6d0d3eac

Download Submit
\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

Filesize
2.7MB

MD5
b7e5071b317550d93258f7e1e13e7b6f

SHA1
2d08d78a5c29cf724bc523530d1a9014642bbc60

SHA256
467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

SHA512
9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

Download Submit
\Program Files\Malwarebytes\Anti-Malware\offreg.dll

Filesize
114KB

MD5
16663d125398773a90d0a53333b7cf5e

SHA1
f92928ae3c9292588547ceaca1cb1d372bfd7936

SHA256
38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc

SHA512
091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df

Download Submit
\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\7z.dll

Filesize
1.6MB

MD5
ab8f0c1a37c0df5c8924aab509db42c9

SHA1
53dba959124e6d740829bda2360e851bcb85cce8

SHA256
6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5

SHA512
ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

Download Submit
\Windows\Temp\MBInstallTemp5e3c9b43ca8411eda318ee854b86f7f9\7z.dll

Filesize
1.6MB

MD5
ab8f0c1a37c0df5c8924aab509db42c9

SHA1
53dba959124e6d740829bda2360e851bcb85cce8

SHA256
6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5

SHA512
ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

Download Submit
memory/2140-3899-0x0000026FCF440000-0x0000026FCF442000-memory.dmp

Filesize
8KB

Download
memory/2140-3863-0x0000026FCE660000-0x0000026FCE680000-memory.dmp

Filesize
128KB

Download
memory/2140-3853-0x0000026FCEE90000-0x0000026FCEE92000-memory.dmp

Filesize
8KB

Download
memory/2140-3896-0x0000026FCE940000-0x0000026FCEA40000-memory.dmp

Filesize
1024KB

Download
memory/2140-3743-0x0000026FBD6C0000-0x0000026FBD6C2000-memory.dmp

Filesize
8KB

Download
memory/2140-3740-0x0000026FBD6A0000-0x0000026FBD6A2000-memory.dmp

Filesize
8KB

Download
memory/2140-3735-0x0000026FBD670000-0x0000026FBD672000-memory.dmp

Filesize
8KB

Download
memory/3744-3585-0x0000018F57000000-0x0000018F57200000-memory.dmp

Filesize
2.0MB

Download
memory/3744-3674-0x0000018F565C0000-0x0000018F565C1000-memory.dmp

Filesize
4KB

Download
memory/3744-3667-0x0000018F565B0000-0x0000018F565B1000-memory.dmp

Filesize
4KB

Download
memory/3744-3669-0x0000018F565C0000-0x0000018F565C1000-memory.dmp

Filesize
4KB

Download
memory/3744-3666-0x0000018F565B0000-0x0000018F565B1000-memory.dmp

Filesize
4KB

Download
memory/3744-3665-0x0000018F565B0000-0x0000018F565B1000-memory.dmp

Filesize
4KB

Download
memory/3744-3680-0x0000018F56700000-0x0000018F56702000-memory.dmp

Filesize
8KB

Download
memory/3744-3678-0x0000018F566F0000-0x0000018F566F2000-memory.dmp

Filesize
8KB

Download
memory/3744-3677-0x0000018F566F0000-0x0000018F566F2000-memory.dmp

Filesize
8KB

Download
memory/3744-3676-0x0000018F565C0000-0x0000018F565C1000-memory.dmp

Filesize
4KB

Download
memory/3744-3675-0x0000018F565C0000-0x0000018F565C1000-memory.dmp

Filesize
4KB

Download
memory/3744-3580-0x00007FFECD320000-0x00007FFECD73E000-memory.dmp

Filesize
4.1MB

Download
memory/3744-3671-0x0000018F565C0000-0x0000018F565C1000-memory.dmp

Filesize
4KB

Download
memory/3744-3581-0x00007FFECC500000-0x00007FFECCA6B000-memory.dmp

Filesize
5.4MB

Download
memory/3744-3583-0x0000018F56BC0000-0x0000018F57000000-memory.dmp

Filesize
4.2MB

Download
memory/3744-3582-0x0000018F54680000-0x0000018F54690000-memory.dmp

Filesize
64KB

Download
memory/4488-3445-0x000001DC18630000-0x000001DC189CD000-memory.dmp

Filesize
3.6MB

Download
memory/4488-3640-0x000001DC18630000-0x000001DC189CD000-memory.dmp

Filesize
3.6MB

Download
memory/5032-3634-0x00000244A3670000-0x00000244A3671000-memory.dmp

Filesize
4KB

Download
memory/5032-3615-0x00000244A3400000-0x00000244A3410000-memory.dmp

Filesize
64KB

Download
memory/5032-3597-0x00000244A3020000-0x00000244A3030000-memory.dmp

Filesize
64KB

Download
memory/5032-3636-0x00000244A36F0000-0x00000244A36F2000-memory.dmp

Filesize
8KB

Download
memory/5032-3638-0x00000244A81F0000-0x00000244A81F2000-memory.dmp

Filesize
8KB

Download
memory/5032-3639-0x00000244A7D40000-0x00000244A7D42000-memory.dmp

Filesize
8KB

Download