7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c

Analysis

max time kernel
70s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2023 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MBSetup.exe
Size

2.5MB
MD5

1e885823577394ea61ea89438ffe2954
SHA1

e53e96f7374790bdad8a614949b398b055c3a27b
SHA256

7c0b9bceed390f7f28135431c09ac51469ee8e2b8095fb36a37315d811d9ba9c
SHA512

73f600833dad0047b6444110d722dc95237b38bb486abc7fc8e4f59b69e2154c885fb46d65f488d5139a0b6e76ebde33ea72711c7f58436650ef992fb8995627
SSDEEP

49152:Lw3ye9SPQ1sjDAVj+JeRanStQyfvE0Z3R0nxiIq2ddAsuysSiSF:4yeoCVj+c6KtQRq2ADSiSF

Score

8^/10

discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Drivers directory 4 IoCs

Processes:

MBAMService.exeMBSetup.exeMBAMInstallerService.exe

description	ioc	process
File created	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe
File opened for modification	C:\Windows\system32\DRIVERS\MbamElam.sys	MBAMService.exe
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe
File created	C:\Windows\system32\drivers\mbae64.sys	MBAMInstallerService.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MBSetup.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe

Drops file in System32 directory 1 IoCs

Processes:

MBAMService.exe

description ioc process

File opened for modification C:\Windows\System32\CatRoot2\dberr.txt MBAMService.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

description	ioc	process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	MBAMService.exe

Drops file in Program Files directory 64 IoCs

Processes:

MBAMInstallerService.exeMBSetup.exe

description	ioc	process
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\DelayButton.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\BusyIndicator.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\ScrollIndicator.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\ToolButton.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\RTPControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\SystemPaletteSingleton.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\ToolButtonStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\CheckBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\MenuBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\ToolBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\VerticalHeaderView.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Page.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\CheckDelegate.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\qml\IconGlyph.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQml\plugins.qmltypes	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\ContentItem.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\SpinBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\button.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\XmlListModel\qmlxmllistmodelplugin.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQml\qmldir	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\Style.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\slider-groove.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\TreeViewStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\b9ea84ae-bf98-4b1e-aa27-fc97ab0d8a83	MBSetup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-console-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-multibyte-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\images\sunken_frame.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\WidgetFileDialog.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\TableViewColumn.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\RoundButton.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\SwipeView.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\MenuItem.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListLink.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\BusyIndicatorStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\TextArea.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\GroupBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\SliderGroove.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-synch-l1-2-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\CircularTickmarkLabelStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\TableViewStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\plugins.qmltypes	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\qmldir	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\SliderHandle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\TabBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\EditMenu.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\TumblerStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Slider.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\arrow-right.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Frame.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\MenuItem.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\plugins.qmltypes	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\version.dat	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-memory-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtCharts\qtchartsqml2.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\MenuItemSubControls.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\RadioIndicator.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\Frame.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Universal\StackView.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-errorhandling-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\BasicTableView.qml	MBAMInstallerService.exe

Executes dropped EXE 2 IoCs

Processes:

MBAMInstallerService.exeMBAMService.exe

pid process

3968 MBAMInstallerService.exe
2688 MBAMService.exe
Loads dropped DLL 2 IoCs

Processes:

MBAMInstallerService.exe

pid process

3968 MBAMInstallerService.exe
3968 MBAMInstallerService.exe

pid	process
3968	MBAMInstallerService.exe
2688	MBAMService.exe

pid	process
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe

Registers COM server for autorun 1 TTPs 21 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

ig-39.exeMBAMService.exeig-1.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\LocalServer32	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\LocalServer32	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32	ig-39.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

MBAMInstallerService.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	MBAMInstallerService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbam.exe = "11000"	MBAMInstallerService.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\mbamtray.exe = "11000"	MBAMInstallerService.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

MBAMInstallerService.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Malwarebytes	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes\FirstRun = "false"	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes\FirstRun = "false"	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Malwarebytes	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\ROOT	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Malwarebytes	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\Software	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\Software	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications\malwarebytes:\	MBAMInstallerService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes\FirstRun = "false"	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\Office\16.0\Common\Security	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MBAMInstallerService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-20\SOFTWARE\Policies\Microsoft\Office\16.0\Common\Security\Trusted Protocols\All Applications	MBAMInstallerService.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Policies\Microsoft\Office\15.0\Common\Security\Trusted Protocols	MBAMInstallerService.exe

Modifies registry class 64 IoCs

Processes:

ig-39.exeMBAMInstallerService.exeMBAMService.exeig-1.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\Version\ = "1.0"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell\open	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController\CurVer	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\VersionIndependentProgID\ = "MB.MBAMServiceController"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\VersionIndependentProgID	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.ArwController\CurVer	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\Version	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\LocalServer32\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe\""	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController.1\CLSID\ = "{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\TypeLib\ = "{332AFEBA-9341-4CEC-8EA6-DB155A99DF63}"	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\malwarebytes\shell\open\command\ = "\"C:\\Program Files\\Malwarebytes\\Anti-Malware\\assistant.exe\" -uri \"%1\""	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController.1	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\ProgID\ = "MB.AEController.1"	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}"	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\VersionIndependentProgID	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\ProgID	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.AEController.1\CLSID\ = "{F415899A-1576-4C8B-BC9F-4854781F8A20}"	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\VersionIndependentProgID\ = "MB.CloudController"	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\Version\ = "1.0"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.AEController.1	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\VersionIndependentProgID\ = "MB.AEController"	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\TypeLib\ = "{F5BCAC7E-75E7-4971-B3F3-B197A510F495}"	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\Version	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController\CurVer\ = "MB.MBAMServiceController.1"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\AppID = "{1F7896AD-8886-42CD-8ABD-7A1315A3A5F2}"	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.AEController\CurVer\ = "MB.AEController.1"	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.CloudController.1\CLSID	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{580243BF-3CEE-4131-A599-C6FED66BEB1B}\Version	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\Version\ = "1.0"	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.CloudController	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.CloudController\CurVer	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\ = "CloudController Class"	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32\ServerExecutable = "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\VersionIndependentProgID	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\ProgID\ = "MB.ArwController.1"	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.LicenseController	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.LogController.1\ = "LogController Class"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.LogController	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\LocalServer32	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\Version	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.CloudController.1\CLSID\ = "{BF474111-9116-45C6-AF53-209E64F1BB53}"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BF474111-9116-45C6-AF53-209E64F1BB53}\ProgID	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.LicenseController\CurVer	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.MWACController.1	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.AEController\CurVer	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\LocalServer32	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.ArwController.1	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{11D1E5E8-14E1-4B5B-AE1A-2678CB91E8E5}\VersionIndependentProgID\ = "MB.CleanController"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\TypeLib	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\TypeLib\ = "{C731375E-3199-4C88-8326-9F81D3224DAD}"	ig-39.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\Version	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.ArwController.1\ = "ArwController Class"	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController.1\CLSID	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.MBAMServiceController	MBAMService.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F36AD0D0-B5F0-4C69-AF08-603D177FEF0E}\Version\ = "1.0"	MBAMService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MB.AEController.1\CLSID	ig-1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\ = "AEController Class"	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{F415899A-1576-4C8B-BC9F-4854781F8A20}\Programmable	ig-1.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{251AD013-20AD-4C3F-8FE2-F66A429B4819}\ProgID	ig-39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{278637DA-FDFB-45C7-8CD8-F2D8A9199AB0}\VersionIndependentProgID\ = "MB.ArwController"	ig-1.exe

Modifies system certificate store 2 TTPs 18 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

MBAMInstallerService.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2\Blob = 030000000100000014000000f40042e2e5f7e8ef8189fed15519aece42c3bfa22000000001000000d0050000308205cc308203b4a00302010202105498d2d1d45b1995481379c811c08799300d06092a864886f70d01010c05003077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f726974792032303230301e170d3230303431363138333631365a170d3435303431363138343434305a3077310b3009060355040613025553311e301c060355040a13154d6963726f736f667420436f72706f726174696f6e314830460603550403133f4d6963726f736f6674204964656e7469747920566572696669636174696f6e20526f6f7420436572746966696361746520417574686f72697479203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100b3912a07830667fd9e9de0c7c0b7a4e642047f0fa6db5ffbd55ad745a0fb770bf080f3a66d5a4d7953d8a08684574520c7a254fbc7a2bf8ac76e35f3a215c42f4ee34a8596490dffbe99d814f6bc2707ee429b2bf50b9206e4fd691365a89172f29884eb833d0ee4d771124821cb0dedf64749b79bf9c9c717b6844fffb8ac9ad773674985e386bd3740d02586d4deb5c26d626ad5a978bc2d6f49f9e56c1414fd14c7d3651637decb6ebc5e298dfd629b152cd605e6b9893233a362c7d7d6526708c42ef4562b9e0b87cceca7b4a6aaeb05cd1957a53a0b04271c91679e2d622d2f1ebedac020cb0419ca33fb89be98e272a07235be79e19c836fe46d176f90f33d008675388ed0e0499abbdbd3f830cad55788684d72d3bf6d7f71d8fdbd0dae926448b75b6f7926b5cd9b952184d1ef0f323d7b578cf345074c7ce05e180e35768b6d9ecb3674ab05f8e0735d3256946797250ac6353d9497e7c1448b80fdc1f8f47419e530f606fb21573e061c8b6b158627497b8293ca59e87547e83f38f4c75379a0b6b4e25c51efbd5f38c113e6780c955a2ec5405928cc0f24c0ecba0977239938a6b61cdac7ba20b6d737d87f37af08e33b71db6e731b7d9972b0e486335974b516007b506dc68613dafdc439823d24009a60daba94c005512c34ac50991387bbb30580b24d30025cb826835db46373efae23954f6028be37d55ba50203010001a3543052300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414c87ed26a852a1bca1998040727cf50104f68a8a2301006092b06010401823715010403020100300d06092a864886f70d01010c05000382020100af6adde619e72d9443194ecbe9509564a50391028be236803b15a252c21619b66a5a5d744330f49bff607409b1211e90166dc5248f5c668863f44fcc7df2124c40108b019fdaa9c8aef2951bcf9d05eb493e74a0685be5562c651c827e53da56d94617799245c4103608522917cb2fa6f27ed469248a1e8fb0730dcc1c4aabb2aaeda79163016422a832b87e3228b367732d91b4dc31010bf7470aa6f1d74aed5660c42c08a37b40b0bc74275287d6be88dd378a896e67881df5c95da0feb6ab3a80d71a973c173622411eac4dd583e63c38bd4f30e954a9d3b604c3327661bbb018c52b18b3c080d5b795b05e514d22fcec58aae8d894b4a52eed92dee7187c2157dd5563f7bf6dcd1fd2a6772870c7e25b3a5b08d25b4ec80096b3e18336af860a655c74f6eaec7a6a74a0f04beeef94a3ac50f287edd73a3083c9fb7d57bee5e3f841cae564aeb3a3ec58ec859accefb9eaf35618b95c739aafc577178359db371a187254a541d2b62375a3439ae5777c9679b7418dbfecdc80a09fd17775585f3513e0251a670b7dce25fa070ae46121d8d41ce507c63699f496d0c615fe4ecdd7ae8b9ddb16fd04c692bdd488e6a9a3aabbf764383b5fcc0cd035be741903a6c5aa4ca26136823e1df32bbc975ddb4b783b2df53bef6023e8f5ec0b233695af9866bf53d37bb8694a2a966669c494c6f45f6eac98788880065ca2b2eda2	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16\Blob = 0300000001000000140000008da7f965ec5efc37910f1c6e59fdc1cc6a6ede162000000001000000450300003082034130820229a0030201020213066c9fcf99bf8c0a39e2f0788a43e696365bca300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3135303532363030303030305a170d3338303131373030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203130820122300d06092a864886f70d01010105000382010f003082010a0282010100b2788071ca78d5e371af478050747d6ed8d78876f49968f7582160f97484012fac022d86d3a0437a4eb2a4d036ba01be8ddb48c80717364cf4ee8823c73eeb37f5b519f84968b0ded7b976381d619ea4fe8236a5e54a56e445e1f9fdb416fa74da9c9b35392ffab02050066c7ad080b2a6f9afec47198f503807dca2873958f8bad5a9f948673096ee94785e6f89a351c0308666a14566ba54eba3c391f948dcffd1e8302d7d2d747035d78824f79ec4596ebb738717f2324628b843fab71daacab4f29f240e2d4bf7715c5e69ffea9502cb388aae50386fdbfb2d621bc5c71e54e177e067c80f9c8723d63f40207f2080c4804c3e3b24268e04ae6c9ac8aa0d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e041604148418cc8534ecbc0c94942e08599cc7b2104e0a08300d06092a864886f70d01010b0500038201010098f2375a4190a11ac57651282036230eaee628bbaaf894ae48a4307f1bfc248d4bb4c8a197f6b6f17a70c85393cc0828e39825cf23a4f9de21d37c8509ad4e9a753ac20b6a897876444718656c8d418e3b7f9acbf4b5a750d7052c37e8034bade961a0026ef5f2f0c5b2ed5bb7dcfa945c779e13a57f52ad95f2f8933bde8b5c5bca5a525b60af14f74befa3fb9f40956d3154fc42d3c7461f23add90f48709ad9757871d1724334756e5759c2025c266029cf2319168e8843a5d4e4cb08fb231143e843297262a1a95d5e08d490aeb8d8ce14c2d055f286f6c49343776661c0b9e841d7977860036e4a72aea5d17dba109e866c1b8ab95933f8ebc490bef1b9	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E\Blob = 030000000100000014000000b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e2000000001000000e1030000308203dd308202c5a003020102020100300d06092a864886f70d01010b050030818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3039303930313030303030305a170d3337313233313233353935395a30818f310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c6531253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e3132303006035504031329537461726669656c6420526f6f7420436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100bdedc103fcf68ffc02b16f5b9f48d99d79e2a2b703615618c347b6d7ca3d352e8943f7a1699bde8a1afd13209cb44977322956fdb9ec8cdd22fa72dc276197eef65a84ec6e19b9892cdc845bd574fb6b5fc589a51052894655f4b8751ce67fe454ae4bf85572570219f8177159eb1e280774c59d48be6cb4f4a4b0f364377992c0ec465e7fe16d534c62afcd1f0b63bb3a9dfbfc7900986174cf26824063f3b2726a190d99cad40e75cc37fb8b89c159f1627f5fb35f6530f8a7b74d765a1e765e34c0e89656998ab3f07fa4cdbddc32317c91cfe05f11f86baa495cd19994d1a2e3635b0976b55662e14b741d96d426d4080459d0980e0ee6defcc3ec1f90f10203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147c0c321fa7d9307fc47d68a362a8a1ceab075b27300d06092a864886f70d01010b050003820101001159fa254f036f94993b9a1f828539d47605945ee128936d625d09c2a0a8d4b07538f1346a9de49f8a862651e62cd1c62d6e95204a9201ecb88a677b31e2672e8c9503262e439d4a31f60eb50cbbb7e2377f22ba00a30e7b52fb6bbb3bc4d379514ecd90f4670719c83c467a0d017dc558e76de68530179a24c410e004f7e0f27fd4aa0aff421d37ed94e5645912207738d3323e3881759673fa688fb1cbce1fc5ecfa9c7ecf7eb1f1072db6fcbfcaa4bfd097054abcea18280290bd5478092171d3d17d1dd916b0a9613dd00a0022fcc77bcb0964450b3b4081f77d7c32f598ca588e7d2aee90597364f936745e25a1f566052e7f3915a92afb508b8e8569f4	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F40042E2E5F7E8EF8189FED15519AECE42C3BFA2	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F6108407D6F8BB67980CC2E244C2EBAE1CEF63BE\Blob = 030000000100000014000000f6108407d6f8bb67980cc2e244c2ebae1cef63be2000000001000000f6010000308201f230820178a0030201020213066c9fd7c1bb104c2943e5717b7b2cc81ac10e300a06082a8648ce3d0403033039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412034301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120343076301006072a8648ce3d020106052b8104002203620004d2ab8a374fa3530dfec18a7b4ba87b464b63b062f62d1bdb087121d200e863bd9a27fbf0396e5dea3da5c981aaa35b2098455d16dbfde8106de39ce0e3bd5f8462f3706433a0cb242f70ba88a12aa075f881ae6206c481db396e29b01efa2e5ca3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414d3ecc73a656ecce1da769a56fb9cf3866d57e581300a06082a8648ce3d040303036800306502303a8b21f1bd7e11add0ef58962fd6eb9d7e908d2bcf6655c32ce328a9700a470ef0375912ff2d9994284e2a4f354d335a023100ea75004e3bc43a941291c958469d211372a7889c8ae44c4adb96d4ac8b6b6b49125333add7e4be24fcb50a76d4a5bc10	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD\Blob = 0300000001000000140000001c58a3a8518e8759bf075b76b750d4f2df264fcd2000000001000000c2040000308204be308203a6a003020102021006d8d904d5584346f68a2fa754227ec4300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3231303431343030303030305a170d3331303431333233353935395a304f310b300906035504061302555331153013060355040a130c446967694365727420496e633129302706035504031320446967694365727420544c53205253412053484132353620323032302043413130820122300d06092a864886f70d01010105000382010f003082010a0282010100c14bb3654770bcdd4f58dbec9cedc366e51f311354ad4a66461f2c0aec6407e52edcdcb90a20eddfe3c4d09e9aa97a1d8288e51156db1e9f58c251e72c340d2ed292e156cbf1795fb3bb87ca25037b9a52416610604f571349f0e8376783dfe7d34b674c2251a6df0e9910ed57517426e27dc7ca622e131b7f238825536fc13458008b84fff8bea75849227b96ada2889b15bca07cdfe951a8d5b0ed37e236b4824b62b5499aecc767d6e33ef5e3d6125e44f1bf71427d58840380b18101faf9ca32bbb48e278727c52b74d4a8d697dec364f9cace53a256bc78178e490329aefb494fa415b9cef25c19576d6b79a72ba2272013b5d03d40d321300793ea99f50203010001a38201823082017e30120603551d130101ff040830060101ff020100301d0603551d0e04160414b76ba2eaa8aa848c79eab4da0f98b2c59576b9f4301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304006082b060105050730028634687474703a2f2f636163657274732e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63727430420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7443412e63726c303d0603551d2004363034300b06096086480186fd6c02013007060567810c01013008060667810c0102013008060667810c0102023008060667810c010203300d06092a864886f70d01010b050003820101008032ce5e0bdd6e5a0d0aafe1d684cbc08efa8570edda5db30cf72b7540fe850afaf33178b7704b1a8958ba80bdf36b1de97ecf0bba589c59d490d3fd6cfdd0986db771825bcf6d0b5a09d07bdec443d82aa4de9e41265fbb8f99cbddaee1a86f9f87fe74b71f1b20abb14fc6f5675d5d9b3ce9ff69f7616cd6d9f3fd36c6ab038876d24b2e7586e3fcd8557d26c21177df3e02b67cf3ab7b7a86366fb8f7d89371cf86df7330fa7babed2a59c842843b11171a52f3c90e147da25b7267ba71ed574766c5b8024a65345e8bd02a3c209c51994ce7529ef76b112b0d927e1de88aeb36164387ea2a63bf753febdec403bb0a3cf730efebaf4cfc8b3610733ef3a4	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\B51C067CEE2B0C3DF855AB2D92F4FE39D4E70F0E	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5A8CEF45D7A69859767A8C8B4496B578CF474B1A\Blob = 0300000001000000140000005a8cef45d7a69859767a8c8b4496b578cf474b1a2000000001000000450500003082054130820329a0030201020213066c9fd29635869f0a0fe58678f85b26bb8a37300d06092a864886f70d01010c05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412032301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f74204341203230820222300d06092a864886f70d01010105000382020f003082020a0282020100ad969f2d9c4a4c4a81795199ec8acb6b605113bc4d6d06fcb0088ddd19106ac7260c35d8c06f2084e994b19b8503c35bdb4ae8c8f89076d95b4fe34ce806364dcc9aac3d0c902b92d4061960ac374479858182ad5a37e00dcc9da64c5276ea439db704d150f655e0d5d2a64985e937e9ca7eae5c954d489a3fae205a6d8895d934b8521a4390b0bf6c05b9b678b7ead0e43a3c125362ff4af27bbe3505a91234e3f36474622c3d00495a28fe3244bb87dd652702713bda4af71fdacdf72155904f0fecae82e19f6bd945d3bbf05f87ed3c2c3986da3fdeec7255eb79a3addbdd7cb0ba1ccefcde4f3576cf0ff8781f6a36514627615be99ecff0a2557d7c258a6f2fb4c5cf842e2bfd0d51106cfb5f1bbc1b7ec5ae3b98013192ff0b57f49ab2b957e9abef0d76d1f0eef4ce86a7e06ee9b469a1df69f633c6692e97139ea587b057108137c953b3bb7ff692d19cd018f4926eda834fa663994ca5fb5eef21647a205f6c648515cb37e9620c0b2a16dc012e32da3e4bf59e3af6174094ef9e910886fabe63a85a33eccb744395f96c695236c7296ffc55035c1ffb9fbd47ebe74947950b4e89220949e0f5611ef1bf2e8a726e8059ff573af97532a34e5feced2862d94d73f2cc811760edcdebdcdba7cac57e02bdf2540854fdb42d092c17544a98d154e1516708d2ed6e7e6f3fd22d81592966cb903995111e7427feddebaf0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414b00cf04c30f405580248fd33e552af4b84e36652300d06092a864886f70d01010c05000382020100aaa8808f0e78a3e0a2d4cde6f5987a3bea0003b0970e93bc5aa8f62c8c7287a9b1fc7f73fd637178a58759cf30e10d10b2135a6d82f56ae6809fa0050b68e4476bc76adfb6fd773272e518fa09f4a0932c5dd28c75857665900c0379b7312363ad788309866884cafff9cf269a9279e7cd4bc5e761a717cbf3a91293936ba7e82f5392c46058b0cc0251185b858d625963b6adb4de9afb26f70027c05d55377499c9507fe3592e44e32c25eeec4c3277b49f1ae94b5d20c5dafd1c8716c643e8d4bb269a45705ea90b3753e2467b27fde046f289b7cc42b6cb28266ed9a5c93ac8411360f7508c15aeb26d1a151a5778e6922ad96590823f6c02afae123a27963604d71da28063a99bf1e5bab47c14b04ec9b11f745f38f651ea9bfa2ca211d4a92d271a45b1afb24e710dc05846d66906cb53cbb3fe6b41cd417e7d4c0f7c72797a59cd5e4a0eac9ba99873797cb4f4ccb9b8070cb2745cb8c76f88a190a7f4aaf9bf673af41a15621eb79fbe3db129af67a112f25810195303301bb81a89f69cbd97038ea309f31d8b21f1b4dfe41cd19f650206ea5cd613b384efa2a55c8c7729a768c06bae40d2a8b4eacdf08d4b389c199a1b2854b88990efca75813e1ef26424c718af4eff479e07f63565a4d30a56fff517646cefa822254993b6df0017da587e5deec51bb0d1d15f2110c7f9f3ba020a2707c5f1d6c7d3e0fb09606c	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\1C58A3A8518E8759BF075B76B750D4F2DF264FCD	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	MBAMInstallerService.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8DA7F965EC5EFC37910F1C6E59FDC1CC6A6EDE16	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\0D44DD8C3C8C1A1A58756481E90F2E2AFFB3D26E\Blob = 0300000001000000140000000d44dd8c3c8c1a1a58756481e90f2e2affb3d26e2000000001000000ba010000308201b63082015ba0030201020213066c9fd5749736663f3b0b9ad9e89e7603f24a300a06082a8648ce3d0403023039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412033301e170d3135303532363030303030305a170d3430303532363030303030305a3039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f7420434120333059301306072a8648ce3d020106082a8648ce3d030107034200042997a7c6417fc00d9be8011b56c6f252a5ba2db212e8d22ed7fac9c5d8aa6d1f73813b3b986b397c33a5c54e868e8017686245577d44581db337e56708eb66dea3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414abb6dbd7069e37ac3086079170c79cc419b178c0300a06082a8648ce3d0403020349003046022100e08592a317b78df92b06a593ac1a98686172fae1a1d0fb1c7860a64399c5b8c40221009c02eff1949cb396f9ebc62af8b62cfe3a901416d78c6324481cdf307dd5683b	MBAMInstallerService.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\2AD974A775F73CBDBBD8F5AC3A49255FA8FB1F8C\Blob = 0300000001000000140000002ad974a775f73cbdbbd8f5ac3a49255fa8fb1f8c2000000001000000620400003082045e30820346a0030201020213077312380b9d6688a33b1ed9bf9ccda68e0e0f300d06092a864886f70d01010b05003039310b3009060355040613025553310f300d060355040a1306416d617a6f6e3119301706035504031310416d617a6f6e20526f6f742043412031301e170d3232303832333232323132385a170d3330303832333232323132385a303c310b3009060355040613025553310f300d060355040a1306416d617a6f6e311c301a06035504031313416d617a6f6e205253412032303438204d303130820122300d06092a864886f70d01010105000382010f003082010a0282010100eb712ca9cb1f8828923230af8a570f78b73725955587ac675c97d322c8daa214676b7cf067dae2032ab356125dc6b547f96708a7937a9592180fb4f9f910369a7f2f80b64fba134ec75d531ee0dd96330720d396bc12e4745042a1051373b54f9b4424fe2d7fedbc2285ec362133977506ce271882dce3d9c582078d5e26012626671fd93f13cf32ba6bad7864fcaaff0e023c07df9c0578728cfdea75b7032884dae86e078cd05085ef8154b2716eec6d62ef8f94c35ee9c4a4d091c02e249198caeeba258ed4f671b6fb5b6b38064837478d86dcf2ea06fb76377d9eff424e4d588293cfe271c278b17aab4b5b94378881e4d9af24aef872c565fb4bb451e70203010001a382015a3082015630120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d0e0416041481b80e638a891218e5fa3b3b50959fe6e5901385301f0603551d230418301680148418cc8534ecbc0c94942e08599cc7b2104e0a08307b06082b06010505070101046f306d302f06082b060105050730018623687474703a2f2f6f6373702e726f6f746361312e616d617a6f6e74727573742e636f6d303a06082b06010505073002862e687474703a2f2f6372742e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e636572303f0603551d1f043830363034a032a030862e687474703a2f2f63726c2e726f6f746361312e616d617a6f6e74727573742e636f6d2f726f6f746361312e63726c30130603551d20040c300a3008060667810c010201300d06092a864886f70d01010b05000382010100ad00de0205232e063262b46bb19416e41140de2bfa59c135efe0aa8f2b41b9d1f38739001df23db5a7470c0606c691f3075702d4edbd17c1909abf4875a2074f30dd4a6a42b50d3d15c00ffe845bc63c99cc5752b1d86e12d59692934b94e507e88982086a7a34d49e64e13d876a92909a63a14bf88fb6ea34d305be20c2de06e28c9f738b9f4d3985cace19369d85c99ec9f8503fb67e88a1efca84068b50b40a5ca61c44f1fdc8614060f26125aa07f4c7c27375e40c0b428d04e55f4448995b7b898196a7889d4b0d62e804c4d7feb4e8b26dcaecc01cbc385b1ddf85ce5b7ae3494b6cb9a7ddf405b249ade1c5146bc2ccebcd7fd65869bac3207e7fb0b8	MBAMInstallerService.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

MBSetup.exeMBAMInstallerService.exe

pid	process
4660	MBSetup.exe
4660	MBSetup.exe
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe
3968	MBAMInstallerService.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

MBAMService.exe

description pid process

Token: 33 2688 MBAMService.exe
Token: SeIncBasePriorityPrivilege 2688 MBAMService.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

MBSetup.exe

pid process

4660 MBSetup.exe

description	pid	process
Token: 33	2688	MBAMService.exe
Token: SeIncBasePriorityPrivilege	2688	MBAMService.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

MBAMInstallerService.exe

description	pid	process	target process
PID 3968 wrote to memory of 2688	3968	MBAMInstallerService.exe	MBAMService.exe
PID 3968 wrote to memory of 2688	3968	MBAMInstallerService.exe	MBAMService.exe

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4660

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
1⤵
- Drops file in Drivers directory
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3968

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
2⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2688

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
1⤵
PID:4668

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
ig.exe reseed
2⤵
PID:3052

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-0.exe
ig.exe reseed
2⤵
PID:4956

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-1.exe
ig.exe reseed
2⤵
- Registers COM server for autorun
- Modifies registry class
PID:2688

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-2.exe
ig.exe reseed
2⤵
PID:4632

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-3.exe
ig.exe reseed
2⤵
PID:1548

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-4.exe
ig.exe reseed
2⤵
PID:1328

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-5.exe
ig.exe reseed
2⤵
PID:4904

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-6.exe
ig.exe reseed
2⤵
PID:3348

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-7.exe
ig.exe reseed
2⤵
PID:3244

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-8.exe
ig.exe reseed
2⤵
PID:1248

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-9.exe
ig.exe reseed
2⤵
PID:4392

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-10.exe
ig.exe reseed
2⤵
PID:5080

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-11.exe
ig.exe reseed
2⤵
PID:2376

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-12.exe
ig.exe reseed
2⤵
PID:2896

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-13.exe
ig.exe reseed
2⤵
PID:3996

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-14.exe
ig.exe reseed
2⤵
PID:3956

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-15.exe
ig.exe reseed
2⤵
PID:2116

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-16.exe
ig.exe reseed
2⤵
PID:4292

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-17.exe
ig.exe reseed
2⤵
PID:1300

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-18.exe
ig.exe reseed
2⤵
PID:1652

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-19.exe
ig.exe reseed
2⤵
PID:3856

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-20.exe
ig.exe reseed
2⤵
PID:1420

C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
2⤵
PID:1020

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-21.exe
ig.exe reseed
2⤵
PID:2844

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-22.exe
ig.exe reseed
2⤵
PID:1712

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-23.exe
ig.exe reseed
2⤵
PID:1624

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-24.exe
ig.exe reseed
2⤵
PID:1368

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-25.exe
ig.exe reseed
2⤵
PID:4808

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-26.exe
ig.exe reseed
2⤵
PID:4868

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-27.exe
ig.exe reseed
2⤵
PID:4484

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-28.exe
ig.exe reseed
2⤵
PID:3388

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-29.exe
ig.exe reseed
2⤵
PID:4524

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-30.exe
ig.exe reseed
2⤵
PID:3572

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-31.exe
ig.exe reseed
2⤵
PID:3136

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-32.exe
ig.exe reseed
2⤵
PID:4536

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-33.exe
ig.exe reseed
2⤵
PID:2080

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-34.exe
ig.exe reseed
2⤵
PID:4812

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-35.exe
ig.exe reseed
2⤵
PID:4764

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-36.exe
ig.exe reseed
2⤵
PID:4832

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-37.exe
ig.exe reseed
2⤵
PID:3784

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-38.exe
ig.exe reseed
2⤵
PID:180

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-39.exe
ig.exe reseed
2⤵
- Registers COM server for autorun
- Modifies registry class
PID:2688

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-40.exe
ig.exe reseed
2⤵
PID:1192

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-41.exe
ig.exe reseed
2⤵
PID:1932

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-42.exe
ig.exe reseed
2⤵
PID:3768

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-43.exe
ig.exe reseed
2⤵
PID:4680

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-44.exe
ig.exe reseed
2⤵
PID:4380

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-45.exe
ig.exe reseed
2⤵
PID:4752

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-46.exe
ig.exe reseed
2⤵
PID:952

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-47.exe
ig.exe reseed
2⤵
PID:4464

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-48.exe
ig.exe reseed
2⤵
PID:1120

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig-49.exe
ig.exe reseed
2⤵
PID:4472

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
1⤵
PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll
Filesize
1.7MB

MD5
461faf68ccc02b0223fd273b630f21fe

SHA1
363b8beaa74f0f454c2d544ace9e71a84bc2b4cf

SHA256
cb07f3f461e9c267831b1ab93af6dfda1bb51d72e42d73d00d26594f09326be1

SHA512
4b671f48e45fdedf50c7f7bb6c8d82a3b98f7502006eb002aaf8ff31f25f9ff1257c7bcc12caf622e43d4ec665b19d978ae3e3762f76def0bc71485ebdb8426f

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll
Filesize
5.0MB

MD5
1eff53d95ecaf6bbfffe80d866d8e1dd

SHA1
d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f

SHA256
6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac

SHA512
c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ActionsShim.dll
Filesize
2.5MB

MD5
58149edf4990067b4c1ffe1c32a51a01

SHA1
80c0c8b8def45420159659d2eaad181eb0b05c40

SHA256
67af73f9b49ce113d02d7f2824e45d48044273772c94e6e8c300cf86bf83cb55

SHA512
fe69f4eccaa35b132b7dfc77fae50733398cfa5ab7377f502a50e1bb83be6b81fad26a0a24f6dfbc99dca6e118784f3452edc4a30c11ac161fc0db62b039cb4e

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll
Filesize
5.8MB

MD5
1ed53171d00f440f29a12f9beb84dac4

SHA1
4d9a1e3579b0999f1ab2fa818b588411e9ee920c

SHA256
e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e

SHA512
17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLLShim.dll
Filesize
2.5MB

MD5
2e8ad6f405eb7744908f635dc089438a

SHA1
f2ca3f55ce4395dfe39a0ba099a39f8c30e263cb

SHA256
4824ad6b30b42a9166bfd3db41f11e3cb67e7aab96058b7f946797d7dadba891

SHA512
3eacea19caf3f04cddb35091102c5d627b82acc8c73be1bfa4d72932c78cba7821c99c616bbd8d422ce588b865700db560ba441f8a5da6a9629af844f6ad28c5

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Filesize
6.9MB

MD5
73a08c403bf08e39bd560ffc74ae9b8f

SHA1
888c6d11e6788875f8fca748b6f92a19b6126dc6

SHA256
09d687c0164a9f108c4f9e107bfc0cb671ebe643ac9aae968cb8df0e5adda960

SHA512
8b65c0549c319e9c42b30071b1342e8ba4239d9dc4a124e19abd2160339c03235f0ec534a997ec367f2b474797d33efa496e641c7a63904bf8e0af43a32f1535

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll
Filesize
4.8MB

MD5
a22f4dd3f75413faba618de10315540d

SHA1
450a9abff68ffb922abaa0ba193ea4ffc983e92b

SHA256
31d628b6c6c58d76dbd8071e155c9bfef575444d3ce7fa83c2a0c3a16e67e7ea

SHA512
b34bec558e556dc8602717fc8b2601f18d02217551bcb1b3d7df7f9574f7ddf46a29dcfe043119f353e1e258fdc1e9a6db6d38ce8e5f3eda9fdb92216a31ccd6

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll
Filesize
4.4MB

MD5
49a840f316fe0e63dbbf8789eac84557

SHA1
aa8eeb9f12b345f42eb04353201b53543cc7b952

SHA256
56b3c7e59854dc2f7a33b88f42b98d164686cc92335cf5b77e8fd60cbb84c64c

SHA512
ba1b9ce3910b94764f755f5ee2ae0ef6f2dee4cbea97dc261b0ebb7f510f8bcf40b6fecedd3115e35255268bddaea1eddea1952bdaff227eae2f50b40977bd71

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll
Filesize
6.4MB

MD5
b2216df400c3ef59f9406831ba7956b5

SHA1
1e26588190fc8a608e773239d498ceb79a92fca3

SHA256
1e429ee1da8a0fe6569673b7052c5f49c193aaa8f3152451f645539a431b792d

SHA512
3aa3c9ed3bcaa0f2b7c4de36f7a83e35e8abf63c972c8e5377915bed41a803ae516cf8ef14e9c455043dd1ae46e4aec1820fa3572e65d0c87a99eac1d43d1f40

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMShim.dll
Filesize
3.0MB

MD5
f44b6c80c46c4cf3071b5f5b916e1271

SHA1
839f2238ecbbfa80ebf9c1f77eafc78204b58761

SHA256
732523df43358729d5e85cceb557d69016dcdd3e2238d903c33c5327c3131fae

SHA512
99be164ae96bc4f93dc896d5df445ad1c2f023f10605a8c9857d7ebedfc5b070f50cd33b401d61003e601a06b8446e6c0b5dbddda4927a2e1352407d3b266942

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
Filesize
4.0MB

MD5
efe6216931bca54ccf05a0bcb9f83fb9

SHA1
007d0a3c4d850cd9b2886b24daf91c988d702bdd

SHA256
eaf71519b965b9530e84be08bd3649fdb8feeeabb8dd2455be95755a336a44d6

SHA512
7c59071b6ae8d0a2d6eedcb58f6a1337aa340275bf30baa121f515241aba822f6f7bbbc53b626f5f44c424af70aef3afc582a1a8a34d0b0adef115d0e8f684f4

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
Filesize
5.7MB

MD5
1ff50d44fcb92f99dd7af478171e8b18

SHA1
a4d3b41df2173d8363ef99d2cea92cff8ff60338

SHA256
118841f1c274e8dfd94fc6a31f4f2c10df38a71d0fa96c1f3f6453339e20bf02

SHA512
f7df13e47f88cf77797a153cab5aea17d03bd9a9aebd2fa64d49175d3fc820604ba7ce9d43081624dd660fca5bf42eda2ff1309c018bc4ff7e4fd982e14650b1

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Swissarmy.dll
Filesize
4.0MB

MD5
3486801ce1e8ffc1bbc6d4f097b0f369

SHA1
08f2a85cd07cf1c0d6f27f0d5e7179c2a5cb8600

SHA256
26720d0b669898089a4ab5a6c53203918ec399d227331273ba11169bbe273678

SHA512
81974a79bf4e4086549874ef778e7716713a0107ccce212e9564f3355a26670943845aaba744691d2b68224e06e2f9d9a263e29f4ca7e46e1bfdb507a24656d5

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SwissarmyShim.dll
Filesize
2.6MB

MD5
89a38afcfa758e3298609c6c51929593

SHA1
2df1ee30adc92bd995526e41fd9c823354de30b4

SHA256
4795576483af0c136a71dcee87a0ffb54f0869cae6395ac2ff8312bf555e7161

SHA512
cceaed0b9a7517aebd739a377c7bd8987b9ac357be2bf987dbae31d59f2121c5bb9a9bfa2c70a9a54ad65546ef23903176dd6328d93408cb5c991257d59e2717

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll
Filesize
5.3MB

MD5
1692937ebb8172814cfd1b2d20dac8c6

SHA1
3ad3b0dce9958ce66d89c280645ae827d3b89f16

SHA256
f1cee1b89fff12181d828623b3aba0f0b8c0aed4aab8b0c017ea4d4731c16e32

SHA512
a36462731990635f57f80c070cb01a8c4fe6fa445aad63f077197d473d0d625e23bcadaf5bf92c9504919ee69d12239a7733febf27d6016aa20c03f631b7e3e8

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
Filesize
4.4MB

MD5
7cf80cf9c1b9eced61792c17af5db7a8

SHA1
38ccd9e00badc2f3efc904e55a654be3c8f683bf

SHA256
8c838fcd980d39c61a3e1b7dd93565a05041fbeea2ac3c759f10dbe82bf2a973

SHA512
ca7c774b2dab671959f81056982b7e228e4c371a78afaa4e92dbebf2b519227e36e25ec60b4633383dd2d47dc9490ff9ac6740b80687cd8cd69a29a0e3d0ffcb

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
Filesize
1.8MB

MD5
14cd82fe89752e3723a9b42aaa68763a

SHA1
ea407d8d7064581406eb1b14e0f01cee61afb252

SHA256
60e6029bdf3a2d88772bd4ec3aea6b688505e7dfcb76ce371d6942e9de95ce04

SHA512
16114ff38a2e2cc59a9bbf420304fda8e558022f385748a5f48c02f037cbe815221a1cb4f0ac1deeb408ebf66ee3e25c059b157c7cc5cb169dbac75a73694fdc

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat
Filesize
74B

MD5
7be9c4a50f23f5afd28d79fec01d2a65

SHA1
c0e9a5ba6d3d4247698a52620b4a5dec153ec85f

SHA256
f3416af43ba01f9aa866d9ff3e57b9378c2b9bd81092629574036d9fa846f2b7

SHA512
43148604384b12d47a522f46f027111956584b4b4ca26896d4ca20a7bc65359d2bae668f72bc8b8fdeea689969edb5a9309f69d6af9b5111e18baa70e0c770e1

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sample.dll
Filesize
528KB

MD5
936021397e23fc913c55992ce9468913

SHA1
d65af889a379f2982b1ebf29d83d2783b9aa0ded

SHA256
ce7bdd309701942d97bd8cd3c2455a8d37d93b4d9ce4c14986703daf46fab7fb

SHA512
4fb968bee32b5f2b5a5d1629ec2855dc0150ec6b753e83a457ec704350b1f219b5e1349a75ec41f94757d1ef2de9a020933f8e42566bf6123543b7709ecc3d74

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\version.dat
Filesize
47B

MD5
cdd99896312ca793cc74a02dab96676e

SHA1
ded2675918c909ade027d4836db9e4a967039ce6

SHA256
2b33bc235984443ceaa0351bb91205fe53888c3e4fac62a967a9adc13752bbf3

SHA512
f616c432987201753fcad827d94f8785f08117c7afaf341da77e1885fe5715a13059a94bf327e1f760fb11425b2a89ecc67d6fb606f4fbadafe3664e8825412f

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nm
Filesize
336KB

MD5
3cf3a9023dc31e3da3dae34efac0ac88

SHA1
a89d98e099d297c15c9ef3cc4c2ceb37868d0685

SHA256
ee2f69575ed0072655b6bccf28aca08037c6c5941a4a394eb06ffcba9b18d5ba

SHA512
640d9569012e26761c36d37c7e27a57b6591c8fdf548d00fd360b9e0cef7ed2893640166a468559727c4c0c2794e695c9d6fffc4beb9bc66f7ae7ab968c4a54a

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr
Filesize
16.2MB

MD5
3aada088e8fadf82f0b250e0a17d3f92

SHA1
fb88813e4b25f416a1c1eba710f77c4d87f2acc3

SHA256
7df71448fb8a64c713daf6882b547b18edb80c7393c91cc3521cdf2bcadf42d6

SHA512
136d7075d3fe559e976ce1e1eee90878818c2b9fb68c7584d75f5dc8a124507292436318dfa372546fa23f1451cdeb34b6d48574ca77ecb877d0737d291296cc

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.bin
Filesize
661B

MD5
8fd13803b1e5f14b4d241facc601a170

SHA1
7321eec794bc766d84d75bd0370a9f2e4d7abdf6

SHA256
925d771b2643715b62ef720801dfa96047fff1ee70eabb244bed802234673717

SHA512
f5b3514258487f8576fe32a795eefcffef049c7d002a6abdca17383bba838c7a218be23ec6803dcefed615f40afc2ba4b15bf65c9a74c4f6bb891d15d02bfc22

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb
Filesize
10KB

MD5
1d731bebc4e45b25b7f1172f8102e101

SHA1
4f3e09221e00e30502721fe0bf1041ff4287a18e

SHA256
d46568f6978f0fdc6fc519c9a0f941e2a221abafe53e018eb4ebbf31764f9fcb

SHA512
dc4e489043451817cf948961351a9f5ddbed4a14ee55cbfa8820d62b7c3c58bbcf4d1af302270033631f095a5e7aaf66c45e9d6f507b202a5cc87b5153979603

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat
Filesize
924B

MD5
0efa0afb2a39c093afb5362dc239ae8d

SHA1
ffe7de2c04ca1c25feb8c9ccedd72f036eb4d1f2

SHA256
e811f391c0261af29be08d2030d8ae78327ba35f513a826df546f480615d84c0

SHA512
b3ccb98605ef2e66a6567c0326006d35a6e2f74a2a46752cc9c1b9a97b615ea756a27938ed5075401b1f8719b7080bca52c166dd3df3e30940e8120662f6eebb

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat
Filesize
39KB

MD5
10f23e7c8c791b91c86cd966d67b7bc7

SHA1
3f596093b2bc33f7a2554818f8e41adbbd101961

SHA256
008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

SHA512
2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt
Filesize
23KB

MD5
aef4eca7ee01bb1a146751c4d0510d2d

SHA1
5cf2273da41147126e5e1eabd3182f19304eea25

SHA256
9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

SHA512
d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat
Filesize
514B

MD5
f2d8a5b1dcea5faad59fdd6dac1cc4c1

SHA1
9a76f9bb3b08d4c42679a702f7dd902e16404045

SHA256
bf8f73c5c5408531a7f589e2fb0b21a6ff8f92864c16d8d737dd60e0c871a316

SHA512
079a3b467ece04742310cdfaa38fe16732142c933de4c551f954605ec94d360ee1db055bf7e1d2d4fa6c15027197a0315ba2a2d7357936d656de3eab82b5e454

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb
Filesize
24B

MD5
546d9e30eadad8b22f5b3ffa875144bf

SHA1
3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

SHA256
6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

SHA512
3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb
Filesize
24B

MD5
2f7423ca7c6a0f1339980f3c8c7de9f8

SHA1
102c77faa28885354cfe6725d987bc23bc7108ba

SHA256
850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

SHA512
e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb
Filesize
8.6MB

MD5
7202a21a9bb1fe04c4fca779a810c691

SHA1
0bb0e6806da9a6bba0357ef4f452836755fb6e0e

SHA256
bcc5e18d0629c01a67ce705c49bc57d4badee5465a794f412a5a11216a2b0274

SHA512
7b693cbaaf28ff40630cf93fda3aa8b780b5c9d8f32862f979471459ece81d8243d0d25b59770d8dc3e729194f92adecc21704059d1bedce43b0c39241f4aa75

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb
Filesize
1.0MB

MD5
7c758ad0857195fe6e82ca5cef79b0bb

SHA1
0041422ad4647e7dab8a7c4e7079c254a5258b83

SHA256
7bd342bf5182f4521285f2ba3153a9079a5a2db1e169202919be979c2ddc7397

SHA512
db114fed4cd9716c4f3bf9bf676b6464c0cea302dfff6f10f413f03fdcd0bd65a75169331542aa5a2bf8566cf899934c69a058552e9524e96e7b28755e5ab5d4

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb
Filesize
176KB

MD5
228df3af6d9d62c6dc36915582a7adf1

SHA1
5aea12e0d29077549ab6c4f01203c4740dea751a

SHA256
6bdb820df7e4da7a3401360ea482120c6e8219ed8163bf0209f5b49389e20c6a

SHA512
3c7df80008b3b8af0e1327d437b3356e32d77ae6005ad3b680b121427b2a0373c8e3da3ca0012c44b5732238bf8428ac374e82b45473d8d962d220b59541c7b4

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb
Filesize
17.1MB

MD5
9f4a517807b67c1a76dc7497edc48351

SHA1
8580528f0998d681205309693df3935eb36788e8

SHA256
b28c32b7efdfa05cabf462ca88a3fee96d3984e26b8f8502035a525d70fe8938

SHA512
be3591ee1f3b6f819b43ea8626e1874abd9fa2c6049cda63e293f7b1b7cd7f8ec53bc436a9b89f343f60580e5c31b2c214a9520e515c525f8c8285389c804a99

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\7z.dll
Filesize
1.7MB

MD5
461faf68ccc02b0223fd273b630f21fe

SHA1
363b8beaa74f0f454c2d544ace9e71a84bc2b4cf

SHA256
cb07f3f461e9c267831b1ab93af6dfda1bb51d72e42d73d00d26594f09326be1

SHA512
4b671f48e45fdedf50c7f7bb6c8d82a3b98f7502006eb002aaf8ff31f25f9ff1257c7bcc12caf622e43d4ec665b19d978ae3e3762f76def0bc71485ebdb8426f

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\Actions.dll
Filesize
5.0MB

MD5
1eff53d95ecaf6bbfffe80d866d8e1dd

SHA1
d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f

SHA256
6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac

SHA512
c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll
Filesize
2.5MB

MD5
58149edf4990067b4c1ffe1c32a51a01

SHA1
80c0c8b8def45420159659d2eaad181eb0b05c40

SHA256
67af73f9b49ce113d02d7f2824e45d48044273772c94e6e8c300cf86bf83cb55

SHA512
fe69f4eccaa35b132b7dfc77fae50733398cfa5ab7377f502a50e1bb83be6b81fad26a0a24f6dfbc99dca6e118784f3452edc4a30c11ac161fc0db62b039cb4e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll
Filesize
6.9MB

MD5
73a08c403bf08e39bd560ffc74ae9b8f

SHA1
888c6d11e6788875f8fca748b6f92a19b6126dc6

SHA256
09d687c0164a9f108c4f9e107bfc0cb671ebe643ac9aae968cb8df0e5adda960

SHA512
8b65c0549c319e9c42b30071b1342e8ba4239d9dc4a124e19abd2160339c03235f0ec534a997ec367f2b474797d33efa496e641c7a63904bf8e0af43a32f1535

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll
Filesize
4.8MB

MD5
a22f4dd3f75413faba618de10315540d

SHA1
450a9abff68ffb922abaa0ba193ea4ffc983e92b

SHA256
31d628b6c6c58d76dbd8071e155c9bfef575444d3ce7fa83c2a0c3a16e67e7ea

SHA512
b34bec558e556dc8602717fc8b2601f18d02217551bcb1b3d7df7f9574f7ddf46a29dcfe043119f353e1e258fdc1e9a6db6d38ce8e5f3eda9fdb92216a31ccd6

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll
Filesize
4.4MB

MD5
49a840f316fe0e63dbbf8789eac84557

SHA1
aa8eeb9f12b345f42eb04353201b53543cc7b952

SHA256
56b3c7e59854dc2f7a33b88f42b98d164686cc92335cf5b77e8fd60cbb84c64c

SHA512
ba1b9ce3910b94764f755f5ee2ae0ef6f2dee4cbea97dc261b0ebb7f510f8bcf40b6fecedd3115e35255268bddaea1eddea1952bdaff227eae2f50b40977bd71

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
Filesize
8.7MB

MD5
8bef3a6b497bbcf342ecab2c77de8eca

SHA1
539e60105055106614821e7e073f777d07805e68

SHA256
273c0ccc5bca9382b62c8478f56a8f33e83a745dda8a9553b4a560171b3772dd

SHA512
2cc83be7bb01ad1fcd49db5fc69b6a51e8c486f45da5f7ba0bf322134a8a3d0fa3402a7c05b0e866da27f7234f7574be7cb46dca559aa4e3899879d501b2d046

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
Filesize
8.7MB

MD5
8bef3a6b497bbcf342ecab2c77de8eca

SHA1
539e60105055106614821e7e073f777d07805e68

SHA256
273c0ccc5bca9382b62c8478f56a8f33e83a745dda8a9553b4a560171b3772dd

SHA512
2cc83be7bb01ad1fcd49db5fc69b6a51e8c486f45da5f7ba0bf322134a8a3d0fa3402a7c05b0e866da27f7234f7574be7cb46dca559aa4e3899879d501b2d046

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Filesize
8.9MB

MD5
2d5f7e54f0678f45e8d07b4ab1f32a2e

SHA1
8db3e26e974b1098f8c9a7c7be8a770394d243cb

SHA256
43676ff9573b8d29fb3f46c0e4381009eba37dec0ecb053aaec424e60a4eef29

SHA512
ef7009d8269a29e1ce5e542ef9305dbe702b9778b13ba483b0efea01b19b013c899d3528154047f4fa13b2393972b0c091d2eab02eea0b252fc80d152d1d608c

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Filesize
8.9MB

MD5
2d5f7e54f0678f45e8d07b4ab1f32a2e

SHA1
8db3e26e974b1098f8c9a7c7be8a770394d243cb

SHA256
43676ff9573b8d29fb3f46c0e4381009eba37dec0ecb053aaec424e60a4eef29

SHA512
ef7009d8269a29e1ce5e542ef9305dbe702b9778b13ba483b0efea01b19b013c899d3528154047f4fa13b2393972b0c091d2eab02eea0b252fc80d152d1d608c

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Filesize
8.9MB

MD5
2d5f7e54f0678f45e8d07b4ab1f32a2e

SHA1
8db3e26e974b1098f8c9a7c7be8a770394d243cb

SHA256
43676ff9573b8d29fb3f46c0e4381009eba37dec0ecb053aaec424e60a4eef29

SHA512
ef7009d8269a29e1ce5e542ef9305dbe702b9778b13ba483b0efea01b19b013c899d3528154047f4fa13b2393972b0c091d2eab02eea0b252fc80d152d1d608c

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll
Filesize
3.0MB

MD5
f44b6c80c46c4cf3071b5f5b916e1271

SHA1
839f2238ecbbfa80ebf9c1f77eafc78204b58761

SHA256
732523df43358729d5e85cceb557d69016dcdd3e2238d903c33c5327c3131fae

SHA512
99be164ae96bc4f93dc896d5df445ad1c2f023f10605a8c9857d7ebedfc5b070f50cd33b401d61003e601a06b8446e6c0b5dbddda4927a2e1352407d3b266942

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.cat
Filesize
10KB

MD5
60608328775d6acf03eaab38407e5b7c

SHA1
9f63644893517286753f63ad6d01bc8bfacf79b1

SHA256
3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

SHA512
9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.inf
Filesize
2KB

MD5
c481ad4dd1d91860335787aa61177932

SHA1
81633414c5bf5832a8584fb0740bc09596b9b66d

SHA256
793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

SHA512
d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MbamElam.sys
Filesize
20KB

MD5
9e77c51e14fa9a323ee1635dc74ecc07

SHA1
a78bde0bd73260ce7af9cdc441af9db54d1637c2

SHA256
b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

SHA512
a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll
Filesize
4.0MB

MD5
efe6216931bca54ccf05a0bcb9f83fb9

SHA1
007d0a3c4d850cd9b2886b24daf91c988d702bdd

SHA256
eaf71519b965b9530e84be08bd3649fdb8feeeabb8dd2455be95755a336a44d6

SHA512
7c59071b6ae8d0a2d6eedcb58f6a1337aa340275bf30baa121f515241aba822f6f7bbbc53b626f5f44c424af70aef3afc582a1a8a34d0b0adef115d0e8f684f4

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll
Filesize
5.7MB

MD5
1ff50d44fcb92f99dd7af478171e8b18

SHA1
a4d3b41df2173d8363ef99d2cea92cff8ff60338

SHA256
118841f1c274e8dfd94fc6a31f4f2c10df38a71d0fa96c1f3f6453339e20bf02

SHA512
f7df13e47f88cf77797a153cab5aea17d03bd9a9aebd2fa64d49175d3fc820604ba7ce9d43081624dd660fca5bf42eda2ff1309c018bc4ff7e4fd982e14650b1

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
Filesize
592B

MD5
484d0206a4cf67b648438a897f37dd70

SHA1
7f2c33d34a9456c9b0e0d3cf6143a71a01f0fffa

SHA256
3577d6b0bf3bb6c9557cefbcd2b5c0240ca4c323b10eb729d5a802468209793f

SHA512
2ab1f6a8af3dbdb744fe1281af5891f7dac5a0f9dd46e16cec51ca644f702ee5ec1f9c9c5537efe3e55efc7e8b135e57bd3fbc7dcd6ae63776048be00d6db9d5

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
Filesize
592B

MD5
484d0206a4cf67b648438a897f37dd70

SHA1
7f2c33d34a9456c9b0e0d3cf6143a71a01f0fffa

SHA256
3577d6b0bf3bb6c9557cefbcd2b5c0240ca4c323b10eb729d5a802468209793f

SHA512
2ab1f6a8af3dbdb744fe1281af5891f7dac5a0f9dd46e16cec51ca644f702ee5ec1f9c9c5537efe3e55efc7e8b135e57bd3fbc7dcd6ae63776048be00d6db9d5

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
Filesize
654B

MD5
cdd1c83e70f455b0a3a5498f41a32933

SHA1
84aae7fb2ddab72c966bb7e49e3a732ac621fe69

SHA256
ff1d2d18e95b0188468a0951823301b1e193c4104b1ba1267d62f745ecab1dd3

SHA512
52c909c5089c680b876438d3cd7953affacd41f4248a097125b575f2a22b7e7b9bd24c739f457738c57d9c363ce52803b8baadb6316500d1f4901ae0ce7986d1

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json.bak
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\Swissarmy.dll
Filesize
4.0MB

MD5
3486801ce1e8ffc1bbc6d4f097b0f369

SHA1
08f2a85cd07cf1c0d6f27f0d5e7179c2a5cb8600

SHA256
26720d0b669898089a4ab5a6c53203918ec399d227331273ba11169bbe273678

SHA512
81974a79bf4e4086549874ef778e7716713a0107ccce212e9564f3355a26670943845aaba744691d2b68224e06e2f9d9a263e29f4ca7e46e1bfdb507a24656d5

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll
Filesize
2.6MB

MD5
89a38afcfa758e3298609c6c51929593

SHA1
2df1ee30adc92bd995526e41fd9c823354de30b4

SHA256
4795576483af0c136a71dcee87a0ffb54f0869cae6395ac2ff8312bf555e7161

SHA512
cceaed0b9a7517aebd739a377c7bd8987b9ac357be2bf987dbae31d59f2121c5bb9a9bfa2c70a9a54ad65546ef23903176dd6328d93408cb5c991257d59e2717

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll
Filesize
5.3MB

MD5
1692937ebb8172814cfd1b2d20dac8c6

SHA1
3ad3b0dce9958ce66d89c280645ae827d3b89f16

SHA256
f1cee1b89fff12181d828623b3aba0f0b8c0aed4aab8b0c017ea4d4731c16e32

SHA512
a36462731990635f57f80c070cb01a8c4fe6fa445aad63f077197d473d0d625e23bcadaf5bf92c9504919ee69d12239a7733febf27d6016aa20c03f631b7e3e8

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll
Filesize
4.4MB

MD5
7cf80cf9c1b9eced61792c17af5db7a8

SHA1
38ccd9e00badc2f3efc904e55a654be3c8f683bf

SHA256
8c838fcd980d39c61a3e1b7dd93565a05041fbeea2ac3c759f10dbe82bf2a973

SHA512
ca7c774b2dab671959f81056982b7e228e4c371a78afaa4e92dbebf2b519227e36e25ec60b4633383dd2d47dc9490ff9ac6740b80687cd8cd69a29a0e3d0ffcb

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
Filesize
8B

MD5
744835d3f789503e0e56814f21c47f34

SHA1
220c0f8e94d6002f754febdcd19c96e9b3fea3ef

SHA256
fbfe76f223c948958377a707aa41126a449639e43b0de63ba787d2f8912bf5fb

SHA512
748822599275931f5394fe2db05ca7e51f9220fc7f104ea372198a6370469b680ef273adef7e09bb04be458e80f440e8c57067cee7afb62ccdd1f54576354f01

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe
Filesize
3.8MB

MD5
63d54fe94ae4e44835d726056fb83f43

SHA1
f2284e079ae50d7a5362876d7c16192d6cecdfac

SHA256
8f2c2bf8c3b33876fb028be01f8215c9cb07e59abb4d20f5cdb21f380fcea406

SHA512
58f8f28c3e861e3aa235128a2b7d9f4e2faf5d87f510906b4e192a3ac5762aedb35b23141a53f4f01e2b5316c61b00e4cd46433eee5badd29f70f029eea52b09

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
Filesize
10.8MB

MD5
352e54e25bf9ef9a4e3d1404d0850a27

SHA1
51369d212e5653182f462647b13d4a3bcd943599

SHA256
8c163eaa315e9f685c55466086b8c12ff3df00c59422d5dce8b88b3257090fcb

SHA512
6d3907b7e1bc2c73786a3f1f684c038d191d39f8c8fca4b6d87bf579ab19ec3026c2aa144078137a1f35d561676a68fd5dfa8e796102354b6c1db3cbe2b1fc29

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
Filesize
2.7MB

MD5
b7e5071b317550d93258f7e1e13e7b6f

SHA1
2d08d78a5c29cf724bc523530d1a9014642bbc60

SHA256
467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

SHA512
9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
Filesize
2.7MB

MD5
b7e5071b317550d93258f7e1e13e7b6f

SHA1
2d08d78a5c29cf724bc523530d1a9014642bbc60

SHA256
467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

SHA512
9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
Filesize
114KB

MD5
16663d125398773a90d0a53333b7cf5e

SHA1
f92928ae3c9292588547ceaca1cb1d372bfd7936

SHA256
38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc

SHA512
091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
Filesize
114KB

MD5
16663d125398773a90d0a53333b7cf5e

SHA1
f92928ae3c9292588547ceaca1cb1d372bfd7936

SHA256
38e6811b47262101759aa51a631263d9e3eee5d211164318a751e078afec4cbc

SHA512
091764b8ad80aa31eea0bbd91ee505ebdea2654bc8aeaa3081a061d0d37ab13d27dd203075fd0de10c6687591aa0e36139a38af846c4e34e6aa67ab81dc277df

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
Filesize
10KB

MD5
83c630f8c1f291b522f2b83fdd2acdc4

SHA1
a56949b27a80a6a205c0aa7945fcb879feadeb2d

SHA256
6dabd76a6688902db5bd63342c1a88dfbd8fee71855ce556b5d26df7420fb20d

SHA512
be56c4da3889f8600f2f7f73fc6ea6a3277195b8ddf626699c4eaeae9f399bbe6d86ce0d9b6fbb5963ac4bdac3acef8e7427f027d9c87aec5750527842d59e3e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
Filesize
2KB

MD5
0ff3f3ba83e1dc78aa42e205e1a01867

SHA1
0a557f31af77bfccccd9530227d593efb4809fd2

SHA256
9c5dad17bd0878115a88a4c94405fbd9048294462eea474f265ddddedc90771e

SHA512
80543530d28722b926d3aeda4a0c61fc5bea1812e38a3a1b7b84a5a1803c078bc54c32eff23b96766fd5e27301818f105d86235cdddbaa0dc51ac347ed3d7dfd

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
Filesize
233KB

MD5
1dc6d344ee9b6b024ba23278891db9a5

SHA1
519b792d11daa2bf9d127f69cdd603a236576e04

SHA256
823e1c7321e177b006c1f3fd1ec8b99607a12d2c3c321f3a6cbbcf7030b6c240

SHA512
fb96c4ede03c3aa729d2ea5a72c5f14029f6d69a79b6e0d5449e371bf3acdbbd1cb2079e8bbac3a3140a257c71018bc7a2a31a45ad5c8b65382e67cc3431ab6a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys
Filesize
195KB

MD5
d738a028dcfb7d1cf97e9fb11e306db7

SHA1
77f4d6a79e1f2754a2e93095158d0edfb9a6a5eb

SHA256
8f38d2a0a8e306de910bb621cab4276520aed84645de942538d0a9c792dd0074

SHA512
c753a13767c8460823851a144a2a9162168a1099664ba601d0a929d539ee15d78123ffd86cb6225f0d7e6f52f40b2c444705da8bcc1292bb6c9757732b82ad94

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat
Filesize
11KB

MD5
3be83dc1528c749dd2649ef1c5e5ee14

SHA1
5dac1b7fd1abd193c3f32dbe567d0448f8a3a2e7

SHA256
09ee49b623f120d09e3ee825fb13633af9f915f6b6c33b9d6dae75fb93e4f98e

SHA512
01bcc8aafe7fb618b9dae83ae477a31dfa07fd62c6c876037ed8ecaabce9fcd5b0cc27e5f938374031752f82021d1020158f6184645eb7624c7a730b8c92dd5c

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf
Filesize
3KB

MD5
e5bb98e4d7adf79cf7355aeb4a12d3c4

SHA1
c2996909b98b95863d54c6a2f7843e5c05015596

SHA256
1f2ec66c3947802dd97abead84d71bacebf84e4a2e871852cf5291958d45a189

SHA512
f65ec684a21481c66f4571fec4f5cd17fb629fbc4b5fda88bfe00ada30573f3c74313311f5e8a164709824b8033a60fa2ae0f1643d0ee3ba8ae4fd558709aa7f

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys
Filesize
217KB

MD5
e7431acb551d8271bd63387f05d2a8a3

SHA1
baeec0e03df81dcb32bf0cdae0f0cc8aae237047

SHA256
6f8e1892f8b94d56208d3b0947ae26ec1485b0aa02908ece75b38d04818fc905

SHA512
8ef8f795309be7f9a2a9377a99e90620de2e377bdf631e3174cbe6f61489d0380dbf0e4a1dcef08026142628cb6ead37fcaabe25a39b8eb730e01fac89e21aca

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\sdk\mwac.sys
Filesize
177KB

MD5
2152a9aba3407e2cfcaa84e4c20423a2

SHA1
825e79fe98922ac978aee92e243aec0ab44ddd91

SHA256
a7d456c7679717500c4a8968a9ea205107dd6e72c81ba1435777af2bd3bd95d3

SHA512
32c1d5f1ba553848213353a2f39b9971c7ac6818390b1a00d6b23335be8f542665d4ed60202e7ca04a1976141881515833665782cdfa8f69fcb3ef0abfd4f37a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
Filesize
9B

MD5
b2ebbf312e51e94c1f2e1db0e1d94a66

SHA1
73cabdd280d671cb23dc8ee8eadfaec235d1390f

SHA256
4805dab34c1460283a5a87e3b0d504ab758c10875b261ac1ffdf46d6d1062f1a

SHA512
8e7c2de734eab1c690164da2d110b033db6330bfb6b3464d17c291c9058571817059debff01c716a2d3358a11f82efbe10236cd34e33316296c002de0c1c1a01

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.dat
Filesize
6B

MD5
74c6677020fc6b6c867aab117078bf5f

SHA1
8c46db37dc0b39eb963d4144539c8b591e122400

SHA256
cdbb9bc874d71e154c71b68b1fe959913d286036dac11e226e5620c919ba9708

SHA512
3f9db8d9bb25322f8d8e750750bf92dbe6ac63d686eced65cddfcd61178cf0e947118a491058414d4d2cbb4892e39815565669aee0dfdda23aece72d278292d0

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\version.dat
Filesize
47B

MD5
cdd99896312ca793cc74a02dab96676e

SHA1
ded2675918c909ade027d4836db9e4a967039ce6

SHA256
2b33bc235984443ceaa0351bb91205fe53888c3e4fac62a967a9adc13752bbf3

SHA512
f616c432987201753fcad827d94f8785f08117c7afaf341da77e1885fe5715a13059a94bf327e1f760fb11425b2a89ecc67d6fb606f4fbadafe3664e8825412f

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
Filesize
47KB

MD5
6e033323e3d38ed7e2a0729f1632298e

SHA1
adef344427a2bf184c530b40db34c16544cee053

SHA256
186fa5504d2da00718e09f98380d9a91183f1c3b08e3309918a81a59761d3ad7

SHA512
8ed9ec19e8a0a5334b0454fc4b113f0ad75db89bdc506e04e06e7c803bed52716523fdacf33c011fab818cde934b27cc4c60565ab603e0c85e3776dbd80969c9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
Filesize
64KB

MD5
91f033cfe84582fb0872654d602a571a

SHA1
a762d709389ccc3860a6d6ee421942772233eb25

SHA256
cecaa901d8551644c01769ddabf37ffd6b0c5c367856b165f788c0932c048720

SHA512
0f02b39605707a2073fb418fa759b502f61c61911634ad95b1770924cb6b8a99ad6f85ae3a930f2b359ca4e303d57aebf301fe8addd5d061e3e6516f472bcba3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
Filesize
64KB

MD5
3c86b542b4e858816a76ea029131c693

SHA1
9f644b634022912c4964c1880d0a5454ff548ce0

SHA256
ac8a8a0d9c9bc1cc1c7a89594623e51dd39e5278802fb8070a346360e2417787

SHA512
affe2bcccae411546ca163e2b0a0410ed90f9deeb1d108bd41b2fc8f3720b047923217186029927a554111aef1f625ef157c2237559e418787388f35aa0d938a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
Filesize
87KB

MD5
cd4aed78e00e78bf05384762d433128e

SHA1
e037a3e7b79bdb7eaec71ddacebf4a7959a70112

SHA256
e0824df702988205e20cb00c846b6d7bc7aea8b22134c3fda0ecab574cc305b3

SHA512
a3e775f10b944857dc604f3785779ed4d36b1412c592ee07ea52d30eb2d4ae5867508e3c8ee5af98c20de0cfb54cb826ba3c87a723bc93e735368584f5ac1a18

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
Filesize
607B

MD5
bbda1f91a7494cff26955737a4ff795c

SHA1
0e30a52fc9f25418bff77936cae15e5d26a38118

SHA256
9ffe5aca0442b4fd873029981c452f0e490de79fd2ac4105510e7c2660de0eff

SHA512
42d075168197c0653cd5dcefddde8934393173b8d618a946f94b2dcb49adbd7cc53d685fe9609448b01218b9c5adea3daa3a9065c0d473df883e9ffa4cc348e9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
Filesize
608B

MD5
f8d06947e1537566422283a63a1af36f

SHA1
f220dbf894630fcb78a4c6efcfd06606ff2fd31d

SHA256
d2369083de00dd6fcc95fb3b0817aedf2276792b0c0c73b471ddd28bb7a45c5a

SHA512
fdb623f2dafc14242e9b2d895d1c9b3945df51e5f4ce9c976c87e8698c830f378ce88f4070e0856fc38a4671ca3cb0d6d7fd18bdf375cd135e0798a920f4c9be

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
Filesize
847B

MD5
4a90ac908f36d5d52a93abe504879c8a

SHA1
b78ad68f6cb1304efe9654dede75a7ec502d0173

SHA256
eca4a659a812b37ad9734c0eefb59c71060b419eaffdf2f4c8641f3900b6ede3

SHA512
813f4214ab09153fcaa3fe12dd0c8db742f998566fc9a01dda9d5842344c4c4b69c0f0a84b74b287882829f3b65bcefbf97477655f161177a2f16b002d8ae972

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
Filesize
791B

MD5
be22ccf894121348754b48cab6f22b0a

SHA1
4b8a3ae67838c19355e0b771adf0e7d8ab3d8a87

SHA256
0ad42cb2017c401e37a5158ecf6e6b489a365a015169532ec8aae5b66db64312

SHA512
74a894824d972dc6ff919944820893b5dca5f0a7199b793ef8dfb8929df7af8cbc8c90414c55bea3449389273d7dda727807f58e668f53b23cd3dac37c6edaf3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
Filesize
14KB

MD5
6942ddf1911a2a1a8673cec487feb161

SHA1
4621f7c4cd610726c5d25bb07a3dd7768737045b

SHA256
8f6584d71aa6762d34b434944698dd61c1fdf908d6a7064afeabd340e0a97074

SHA512
6e29154dafd30cafbb0b208892563d809efc7fcd693649e60dcf1f128152a99e76768072ee8b87e2ef2c4a639d6422668b43eb3eb3b35699b639d33d6a0ecfa8

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
Filesize
14KB

MD5
ff706ad66c78a69685135332b0668490

SHA1
c55fd3119daa4ff798529d3f24123075ac139bb0

SHA256
e4a9fe909ea441a3a4d653e467bc0d8ae67e6ebb8b1e106d6f72113c74b268a4

SHA512
bd1d9d0c53b46aa1bb00bf266f1b9831d35d91baff045c25ea90db2f03755dcad49387d4d5d99f0279a2211839a2b1f5877c11f63341ba5bdd930e59fc066a18

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
Filesize
14KB

MD5
6f69fb8affe5e1e69f11553bfa7a6417

SHA1
1dbaa85576fea9ba56f80b7cc472872f56b93964

SHA256
0f6517fa4fd2781674d10fd4f1ce8587439ffc71561ab20a6c27360fcd619096

SHA512
ddddb351b610a892bcf1ce4c3b1800c097bc0b2cc3b3a90023093ca15062563cb1a49b0c48fa1f48726f3589e954a345c45f7216c9bc21b5686b6d8b0b91fa51

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
Filesize
14KB

MD5
6b7143b29480e129bcd32756fbf6aa04

SHA1
0976e39a5a370d686914255ec6aa8a951710b026

SHA256
d67c21e3cf234384aaf8cee645c6d5bde4863732c0044a09e37f6580aa92073b

SHA512
9a3d6d250442cfa87d565e6f0ebb8d3bbc0db3477eb1ad730eba73506dfab00556d147744674d6f4ff794edeaf19ce84d2775f2641d5bbbdc030d040a4b78f83

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json
Filesize
1KB

MD5
7552bbebc6b18eda8e0bf9e2c724a67a

SHA1
7ea6cab9198346f5c1800e1fc285983786909484

SHA256
79f4e282bf47c88df742a0cf19988a1c3a352a1421697cfa349433ec9fae8453

SHA512
aadb31b408bfed4ced15e1398abfd0f7e5f4bbef7f34efeb962ec5ba877c575ac2ea69b617420781be2b53af53cff54d9d2c51477f7ecb3488ad8c0566b4f81a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
Filesize
1KB

MD5
76946ded3336b8487eec595e3f9497c6

SHA1
00f31e7947810d710dac06e2633f6c85564301a7

SHA256
701a69803b6ec5005f37d6d559af7f3db6bd9bc586b5b311266d4e8e5e59cbb1

SHA512
884b6b5d72d57267b099674640a203ecd17fdd6b3da58a2502f1f13e5fcf4d72448aaee5b45ad7566fd8e881c7b5ed66759f519ae35b9e09dfca3bfecfe407cc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
Filesize
2KB

MD5
0c51fbd065a78ba1f48d2016daf403d1

SHA1
b193a458a1b32d4e88030cb1f2a77c03d9fe41b1

SHA256
05b4fc24ab7f7124419dc52600898d4f2c83b4fd7aed1285c314fa5dfbeb467d

SHA512
2bd02e35d1d2916eeeb9951d3803bc8e533e3baabc8e86487b4d63fe5291b49780c6cb11df0816bc59644f92bb71494518594f939aba5cfa2ebf08409b0a5533

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
Filesize
903B

MD5
964fe27c03ecd05692f8c19e8826da7e

SHA1
ecb0d7e1b4865f9040b5b2ce878f1c8e15165618

SHA256
e8f88c25a8918e9a1304495261ede2a0d92c136f4c11d9a75a98fddcca3cb5d7

SHA512
6679844164a089ef52a5b69aedbfcd9bc2b8aa51492fed45711103de2513b4f41826403aaf2f27f5b562c70acbe2842f0d8de25b166c75e5bbf7250a7081280e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
Filesize
1KB

MD5
7d71d983091a4d8fe70804413f1026de

SHA1
3ad5ec218402d4265f5ae894dbaf61bab7a82849

SHA256
7f4fb67ddf542e5174ceb2fb908bc20fd35200ead472c9dc3d07016dd975b27a

SHA512
79af18e3dacf475f6e066f525df95c1e9d226e70c2d613562e26a9f672a9c45ab1b1026cdfb381719e1dd70c3cfd24a3471cc9a6d2d4df32fb095afc6f683bdc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
Filesize
1KB

MD5
1dd326e99b9010cdf403c39a50a62fb4

SHA1
633e9d953e14a98ea0f1b8e1cb9c19f93bf4a484

SHA256
a0b546c0effbaa36960f81b74ffb070a496d347110393298c6e9922f7c836c7b

SHA512
e0409c1ceb50acabf229e9fe89664f5f9937b7f60cc7377703bf1ea72dbb87e0352852c2e358f8f83e2be97c94f33df3022da60cc30080dc9349762ee79e853b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
Filesize
2KB

MD5
9d0fcb8bcafb3e62a11df8f5a9addf5b

SHA1
b91ee53a4f8f6c7aab6989e8db967184105ec81d

SHA256
6c3ff238ca1aa778eb4b9776096ea8a656cc32de3093e13dbe9e658904b5b6d6

SHA512
a68733655c4c7ce6719e8822e6b708ab7bb9b636925aae8f86d3c5d7fa0b57d1ce6b52dcf2358f023369340e9505befe5bff8ec0161438dd339065bee538ec97

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
Filesize
4KB

MD5
1fb1c3c398ac3ee4faa325b9e88052f6

SHA1
6c1f882ebccc801a2f0bc73145376e07a156a77d

SHA256
e9313f4319d34801bfb0e493a37a4a6e1b506022f9f8f011b808fb828492e67c

SHA512
769090875fffc504366492aaa22b88a25f49ee4649e0f4da293a90faf5fe0d21f445ebfd1ec7c01dc7bc0ba65836bda7ebcab484867fef79f49c0e7989659375

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
Filesize
7KB

MD5
aa128af6fdf8119d7137e2049a4ffbf8

SHA1
a89d603921cd88778f2bbd16f45df61f6565ab98

SHA256
0c613024c95664170bc00e393e9340693f7324df62b25c8ad73ae0b98ee07e12

SHA512
dc3273ed477fc58b2ac428b4598417b19faa64b500f9c7649c9feed579b20e027a3cce8241d479d7e774d631d831fc3c24cfa6d17370a2d927943da7838a3395

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
Filesize
10KB

MD5
d2d87d0a89bbe8a189735d19fb7161ea

SHA1
a70bec1e1f677733ceee0f2e3c3dcfab72cefa80

SHA256
4e2efb214c83097c667ad671f02863fef97ac64ac5ea0b1a7bfe4ed9b0fa57f2

SHA512
13de357b1badfb4e1a95c319c4485398906a345b7f17c2d6915cfa33bac098e2d99dc1fb06b1d17398b27a3c9d3830863c442130d25cb2eae5003971dc3fe461

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
Filesize
10KB

MD5
9bbb3efdd7aa052d47ab9af52789ebe3

SHA1
28d5f0390749914d174143cf5012ce96c4b827f0

SHA256
a58d13e3c9b9632f08a746a0f272dd52a595b299f4e611a2a247baf951f04132

SHA512
3a29785917e166effacb3a41458f0fff373546f15a35390063b5c7760d8e452bd5f3959505fa6bdc05f7abd523cb9e4c7700cacfa884c69cf5b50d57b02fdf37

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
Filesize
1KB

MD5
5e704eb09a9bbdf715ab9dbeaabc5922

SHA1
6f8ed658bb5110679fd1ee7c525b1a69e68b4284

SHA256
e45aa4bbf0d35616aa786c746bf51de1a3e84d7d745a895c20dcd7d634eadfbb

SHA512
235b2592e8916f5ff7adb88e20801f28340c871d3c8e22c9a12578f7f31115d7eddedc9ff714eecdebe1c1e55e4248f526605b116e2f78ead72983683dc201a4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
Filesize
1KB

MD5
4d41eb21b26c49ad492d569076e3b723

SHA1
554b8d7e5869ebaa87b7fccc15a09b1dc9813b56

SHA256
9ba4edd4be29daa56853d9102502ae2e447fb5775fbd850a1c837038aa3e49d8

SHA512
dd52d38aeab97567de3ff2ef38da1eccb6801d28bc24692c15618c66cffb661b1191fd45466f1fa887ec992a9c469ef795a38fa991513783dd171cefa1eb0cc1

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
Filesize
1KB

MD5
6483a735fba578fe76be12bca76b4d55

SHA1
6cec7df751c6c8f755aa4363789a81a6fa2b5d9f

SHA256
64518b0babdc7e77967d5b7b027a5b9f2b0e05a76268c67f5dfde58236ec1cb4

SHA512
38bfed04d6613f4d87bba08210d2a415c363c61620ed7a4ae57215ac5e22fcef39899c93774c3a49d94db0f3cbcd6c05962ac9c48fc45bf27a6132e203496c4e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
Filesize
1KB

MD5
a64dbab8826944ea271a901176600406

SHA1
522332c66e16be428712d4af42eb011c6c24570e

SHA256
54e597e7f18ec3f6ebffee3a39f6365699858575a4e8d353324b5ae9ffb7b453

SHA512
a8663d0559100f71be4218588f099c57057ea2c5555b87051e338bf5821644b6f2a4cbaad22642f8da6aaec290062b9d92e967fd0d1775d3f9706900190e99cc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
Filesize
1KB

MD5
3b9b35dc300dbd0ebb5e7ddb6f900aee

SHA1
c3daf711d6a8576055751308d40ffd5b1552d9af

SHA256
5aafe71433c5499f48d29295f57ac04253fab899d66c116a6868f9eda193c758

SHA512
d21086fe25b7da247ed35bf91061009789e387cccb6c2d8ad7d93f3826ca7b1c013775b1edae410b9906b8f3961c23e62097da95cd6b6a3981be5d3f94ded43e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
Filesize
1KB

MD5
a3a678ed379f9a22d237eb89bee57292

SHA1
5c2163a79f2c599dd2f1d14172393127db85f267

SHA256
5ebba216899746716496dfda30da866327a2729faabe4a42dd63386a70526972

SHA512
bf984d7cf183e0ebe2c4a138777d986f403238a1567ef02d88c1c791753b10307b6cd0e2603474e296d16fc77f22a4bc59fb66bda6f216fd8c3da7fce5c64354

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
Filesize
1KB

MD5
3302b6af54be412abf2229d326d15d39

SHA1
6bee6f015d4909993e5f8d41f15b914113946f64

SHA256
2efadf8bbc7ee4e7911692a3aabd0f4f913433128e4cc50ec58271de6cfa6803

SHA512
b110624d6ffbef30de735e2fdfe76b3b2840e9d1177100c3e5b864cc34aaba535a5dc78d956d4d8450bc3b9aa660ced5c52cfc1125ce1de9f89c6e74183790ce

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
Filesize
1KB

MD5
8dcdbf9accb692018038f784cb092eba

SHA1
e94766c4c7debd8b3c5c865343a28fa92f003066

SHA256
c78978c952ab056750d9dd3ca62d7b44dd8dacd79985c1cfd68aaf0604a356af

SHA512
c2908f0db3e85572352c257d7f479147268f273fe58e9d6ddf992444505a0bf095ef72bead43c04993fabe1426c049497090d637f35d84e5c817ebfdd3b7feda

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
Filesize
1KB

MD5
8dcdbf9accb692018038f784cb092eba

SHA1
e94766c4c7debd8b3c5c865343a28fa92f003066

SHA256
c78978c952ab056750d9dd3ca62d7b44dd8dacd79985c1cfd68aaf0604a356af

SHA512
c2908f0db3e85572352c257d7f479147268f273fe58e9d6ddf992444505a0bf095ef72bead43c04993fabe1426c049497090d637f35d84e5c817ebfdd3b7feda

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
Filesize
1KB

MD5
fd08f2d91138b8fb43ba6a6c2f60b4c0

SHA1
5bcb15bf879e3810e8e459027897ffcf78d439db

SHA256
325e06579d34171580c7e5530b28b857a819a6d8fae1592c9def1665e48d8eac

SHA512
88bcf989bb88b62e9ea4a9ccea6d5aba0bef9b6e4747bc8228db1f7c0048eec8cebf38cd2867e5c8d8b8172603f3dd92f0e6cfcb6798be1458d58a48f5032b5d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
Filesize
1KB

MD5
92226ab8a4df1d68ad9d1a0d63e0fa84

SHA1
6343d1474e40abb585eed056a7e567a08a2cb34e

SHA256
0c8c2bbc431a381ca7fec5602329b3c3cb1d2ff728eced6f6b86b4ba5b967c08

SHA512
4b2e5045dabdb24b0a98ec9b9471859fc2b127d03ca6840884b35b5ccc26f08fa650f2b4b9b1f7e74e5fafd552d1debeb1ca824bc8ce5d73751fce5fdd845089

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
Filesize
1KB

MD5
6716f6e6cde16678412b95442ea7edd2

SHA1
96c3c6514d5404bf6c93cc0deff9ca06dc979103

SHA256
75ee41cce4dc161a85419be8502a2c8f6c0697488c46f0e5eee9b183149ce46d

SHA512
9df7017c40b84114a577ae31f2990f2f7b6d151df24ebc6fccc35f24a23d222270d8cb5a83c8aab36966b6afe31a4fde2c5fe5f05ce41031b6466fe2c4a2a251

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
Filesize
5.0MB

MD5
1eff53d95ecaf6bbfffe80d866d8e1dd

SHA1
d7ef7d7c77fd04b2c0eb8c16bb3cd08057f6742f

SHA256
6dd748f7ca56125cbe158fa3612f08e7312ef58ad5375e6b7ab5532cc16ca0ac

SHA512
c59b8e6f0b238a247e64b9c7bb42213dadac1dada63542830a6292361174c935c0c662b2d1aed3fb6100cc4993297b1eaf25e328f2b4613458c4ffca63b9f02d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
Filesize
5.8MB

MD5
1ed53171d00f440f29a12f9beb84dac4

SHA1
4d9a1e3579b0999f1ab2fa818b588411e9ee920c

SHA256
e659e687a872050f9e65d78992d16bd9b393cf3f8e8c94e0e15fb42b7065327e

SHA512
17161cfc672d1b996b8af4ebac17f9a8a3807f38c9a23e2e5b4dadcd9a21c3a64faec9bf59147022a9df88b80f89300f1b537091289bd7a42806bd206a317e6e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
Filesize
336KB

MD5
3cf3a9023dc31e3da3dae34efac0ac88

SHA1
a89d98e099d297c15c9ef3cc4c2ceb37868d0685

SHA256
ee2f69575ed0072655b6bccf28aca08037c6c5941a4a394eb06ffcba9b18d5ba

SHA512
640d9569012e26761c36d37c7e27a57b6591c8fdf548d00fd360b9e0cef7ed2893640166a468559727c4c0c2794e695c9d6fffc4beb9bc66f7ae7ab968c4a54a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
Filesize
16.0MB

MD5
11d7348c98ec821f99e3ad80f658a450

SHA1
2c7e8e341e9ee0d4ab0074a13d7579491e7319e0

SHA256
ff4e604f76156b67dd68daebd4864d16fea8bed94bc7a3bfd7b676aebf262222

SHA512
f5e79b808b8fad3234a5393c91e5d07d9ef640c9ca6fbfcc0dde742aac2fbe21defc7ab1f1918d2a7207be72f4642c708bda5b41ed8d8014332d7be043830e5e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\MBAMCore.dll
Filesize
6.4MB

MD5
b2216df400c3ef59f9406831ba7956b5

SHA1
1e26588190fc8a608e773239d498ceb79a92fca3

SHA256
1e429ee1da8a0fe6569673b7052c5f49c193aaa8f3152451f645539a431b792d

SHA512
3aa3c9ed3bcaa0f2b7c4de36f7a83e35e8abf63c972c8e5377915bed41a803ae516cf8ef14e9c455043dd1ae46e4aec1820fa3572e65d0c87a99eac1d43d1f40

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
Filesize
661B

MD5
8fd13803b1e5f14b4d241facc601a170

SHA1
7321eec794bc766d84d75bd0370a9f2e4d7abdf6

SHA256
925d771b2643715b62ef720801dfa96047fff1ee70eabb244bed802234673717

SHA512
f5b3514258487f8576fe32a795eefcffef049c7d002a6abdca17383bba838c7a218be23ec6803dcefed615f40afc2ba4b15bf65c9a74c4f6bb891d15d02bfc22

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\clean.mbdb
Filesize
10KB

MD5
1d731bebc4e45b25b7f1172f8102e101

SHA1
4f3e09221e00e30502721fe0bf1041ff4287a18e

SHA256
d46568f6978f0fdc6fc519c9a0f941e2a221abafe53e018eb4ebbf31764f9fcb

SHA512
dc4e489043451817cf948961351a9f5ddbed4a14ee55cbfa8820d62b7c3c58bbcf4d1af302270033631f095a5e7aaf66c45e9d6f507b202a5cc87b5153979603

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat
Filesize
924B

MD5
0efa0afb2a39c093afb5362dc239ae8d

SHA1
ffe7de2c04ca1c25feb8c9ccedd72f036eb4d1f2

SHA256
e811f391c0261af29be08d2030d8ae78327ba35f513a826df546f480615d84c0

SHA512
b3ccb98605ef2e66a6567c0326006d35a6e2f74a2a46752cc9c1b9a97b615ea756a27938ed5075401b1f8719b7080bca52c166dd3df3e30940e8120662f6eebb

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
Filesize
39KB

MD5
10f23e7c8c791b91c86cd966d67b7bc7

SHA1
3f596093b2bc33f7a2554818f8e41adbbd101961

SHA256
008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

SHA512
2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
Filesize
23KB

MD5
aef4eca7ee01bb1a146751c4d0510d2d

SHA1
5cf2273da41147126e5e1eabd3182f19304eea25

SHA256
9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

SHA512
d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
Filesize
1.8MB

MD5
14cd82fe89752e3723a9b42aaa68763a

SHA1
ea407d8d7064581406eb1b14e0f01cee61afb252

SHA256
60e6029bdf3a2d88772bd4ec3aea6b688505e7dfcb76ce371d6942e9de95ce04

SHA512
16114ff38a2e2cc59a9bbf420304fda8e558022f385748a5f48c02f037cbe815221a1cb4f0ac1deeb408ebf66ee3e25c059b157c7cc5cb169dbac75a73694fdc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\mbdigsig2.dat
Filesize
514B

MD5
f2d8a5b1dcea5faad59fdd6dac1cc4c1

SHA1
9a76f9bb3b08d4c42679a702f7dd902e16404045

SHA256
bf8f73c5c5408531a7f589e2fb0b21a6ff8f92864c16d8d737dd60e0c871a316

SHA512
079a3b467ece04742310cdfaa38fe16732142c933de4c551f954605ec94d360ee1db055bf7e1d2d4fa6c15027197a0315ba2a2d7357936d656de3eab82b5e454

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\prot.mbdb
Filesize
24B

MD5
546d9e30eadad8b22f5b3ffa875144bf

SHA1
3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

SHA256
6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

SHA512
3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rdefs.mbdb
Filesize
24B

MD5
2f7423ca7c6a0f1339980f3c8c7de9f8

SHA1
102c77faa28885354cfe6725d987bc23bc7108ba

SHA256
850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

SHA512
e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb
Filesize
8.6MB

MD5
7202a21a9bb1fe04c4fca779a810c691

SHA1
0bb0e6806da9a6bba0357ef4f452836755fb6e0e

SHA256
bcc5e18d0629c01a67ce705c49bc57d4badee5465a794f412a5a11216a2b0274

SHA512
7b693cbaaf28ff40630cf93fda3aa8b780b5c9d8f32862f979471459ece81d8243d0d25b59770d8dc3e729194f92adecc21704059d1bedce43b0c39241f4aa75

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
Filesize
528KB

MD5
936021397e23fc913c55992ce9468913

SHA1
d65af889a379f2982b1ebf29d83d2783b9aa0ded

SHA256
ce7bdd309701942d97bd8cd3c2455a8d37d93b4d9ce4c14986703daf46fab7fb

SHA512
4fb968bee32b5f2b5a5d1629ec2855dc0150ec6b753e83a457ec704350b1f219b5e1349a75ec41f94757d1ef2de9a020933f8e42566bf6123543b7709ecc3d74

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb
Filesize
1.0MB

MD5
7c758ad0857195fe6e82ca5cef79b0bb

SHA1
0041422ad4647e7dab8a7c4e7079c254a5258b83

SHA256
7bd342bf5182f4521285f2ba3153a9079a5a2db1e169202919be979c2ddc7397

SHA512
db114fed4cd9716c4f3bf9bf676b6464c0cea302dfff6f10f413f03fdcd0bd65a75169331542aa5a2bf8566cf899934c69a058552e9524e96e7b28755e5ab5d4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
Filesize
176KB

MD5
228df3af6d9d62c6dc36915582a7adf1

SHA1
5aea12e0d29077549ab6c4f01203c4740dea751a

SHA256
6bdb820df7e4da7a3401360ea482120c6e8219ed8163bf0209f5b49389e20c6a

SHA512
3c7df80008b3b8af0e1327d437b3356e32d77ae6005ad3b680b121427b2a0373c8e3da3ca0012c44b5732238bf8428ac374e82b45473d8d962d220b59541c7b4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
Filesize
15.6MB

MD5
5bdab3ee2f74ef5027997a158059f11b

SHA1
c6d07c14a1d7044e134cd0505533f8a4e575874c

SHA256
f23aeb25301a34045d35e20ebfa84d6ecd346880c717d9d62d0fc8f67b601e48

SHA512
b5345e9c817ec027ee35d9b7abb6e2dfb3f970a4119a6cae9f9ac31b4b92968cc229394a7091c5c7dd8815f1799ec2e4ca9339ed4eeb9fdd3bbe37c9e4ce0ff2

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
Filesize
74B

MD5
7be9c4a50f23f5afd28d79fec01d2a65

SHA1
c0e9a5ba6d3d4247698a52620b4a5dec153ec85f

SHA256
f3416af43ba01f9aa866d9ff3e57b9378c2b9bd81092629574036d9fa846f2b7

SHA512
43148604384b12d47a522f46f027111956584b4b4ca26896d4ca20a7bc65359d2bae668f72bc8b8fdeea689969edb5a9309f69d6af9b5111e18baa70e0c770e1

Download Submit
C:\Windows\System32\CatRoot2\dberr.txt
Filesize
146KB

MD5
2a81987ed50233c3ea0cb66e8200fe05

SHA1
04a568bbd93a89890887bd6e3150e672417f1aa9

SHA256
be0dbe857a278f3978ec0ece7bac495617727f59b770f506c8d4a3ed576878e7

SHA512
de7bccf913d88cfb59a127c80277fff8bdb4a6018fce45388f01ff06a737ac0209fce306fd2d8900607cd299fd5831db268ad516b9792f9d38a6110d92e38ddd

Download Submit
C:\Windows\System32\catroot2\dberr.txt
Filesize
147KB

MD5
6bda162434666aa38299c8e9d537acce

SHA1
067059a6cce6da50353b6fdf1e8dfb35c7d36b63

SHA256
8a4dd4ce7d15fc0bcfe1cd3449dd802e061725cc706fe8be7313453dc566d341

SHA512
46828ef8db38f244174c4d2af47650e2e50ed5d972247124528f1d0fd80e1fba6341d40022744da82ee8a63fd52b2d682a89d73254e62e0650aa6e92ecfedfda

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\7z.dll
Filesize
1.6MB

MD5
ab8f0c1a37c0df5c8924aab509db42c9

SHA1
53dba959124e6d740829bda2360e851bcb85cce8

SHA256
6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5

SHA512
ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\7z.dll
Filesize
1.6MB

MD5
ab8f0c1a37c0df5c8924aab509db42c9

SHA1
53dba959124e6d740829bda2360e851bcb85cce8

SHA256
6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5

SHA512
ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\ctlrpkg\mbae64.sys
Filesize
154KB

MD5
95515708f41a7e283d6725506f56f6f2

SHA1
9afc20a19db3d2a75b6915d8d9af602c5218735e

SHA256
321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

SHA512
d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\servicepkg\MBAMService.exe
Filesize
8.9MB

MD5
2d5f7e54f0678f45e8d07b4ab1f32a2e

SHA1
8db3e26e974b1098f8c9a7c7be8a770394d243cb

SHA256
43676ff9573b8d29fb3f46c0e4381009eba37dec0ecb053aaec424e60a4eef29

SHA512
ef7009d8269a29e1ce5e542ef9305dbe702b9778b13ba483b0efea01b19b013c899d3528154047f4fa13b2393972b0c091d2eab02eea0b252fc80d152d1d608c

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\servicepkg\mbamelam.cat
Filesize
10KB

MD5
60608328775d6acf03eaab38407e5b7c

SHA1
9f63644893517286753f63ad6d01bc8bfacf79b1

SHA256
3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

SHA512
9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\servicepkg\mbamelam.inf
Filesize
2KB

MD5
c481ad4dd1d91860335787aa61177932

SHA1
81633414c5bf5832a8584fb0740bc09596b9b66d

SHA256
793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

SHA512
d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\servicepkg\mbamelam.sys
Filesize
20KB

MD5
9e77c51e14fa9a323ee1635dc74ecc07

SHA1
a78bde0bd73260ce7af9cdc441af9db54d1637c2

SHA256
b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

SHA512
a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\servicepkg\mbshlext.dll
Filesize
2.7MB

MD5
b7e5071b317550d93258f7e1e13e7b6f

SHA1
2d08d78a5c29cf724bc523530d1a9014642bbc60

SHA256
467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

SHA512
9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qml
Filesize
1KB

MD5
d8c9674c0e9bddbd8aa59a9d343cf462

SHA1
490aa022ac31ddce86d5b62f913b23fbb0de27c2

SHA256
1ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7

SHA512
0b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82

Download Submit
C:\Windows\Temp\MBInstallTempe8a30a62571f11ee8fb76ea0d22cd884\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml
Filesize
1KB

MD5
829769b2741d92df3c5d837eee64f297

SHA1
f61c91436ca3420c4e9b94833839fd9c14024b69

SHA256
489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0

SHA512
4061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521

Download Submit
memory/1020-4375-0x00000229110F0000-0x0000022911530000-memory.dmp

Filesize
4.2MB

Download
memory/1020-4372-0x000002290EB60000-0x000002290EB70000-memory.dmp

Filesize
64KB

Download
memory/1020-4377-0x0000022911530000-0x0000022911730000-memory.dmp

Filesize
2.0MB

Download
memory/1020-4369-0x00007FFA3AA30000-0x00007FFA3AF9B000-memory.dmp

Filesize
5.4MB

Download
memory/1020-4368-0x00007FFA3B680000-0x00007FFA3BA9E000-memory.dmp

Filesize
4.1MB

Download
memory/4204-4414-0x00007FFA3B680000-0x00007FFA3BA9E000-memory.dmp

Filesize
4.1MB

Download
memory/4204-4415-0x00007FFA3AA30000-0x00007FFA3AF9B000-memory.dmp

Filesize
5.4MB

Download
memory/4204-4413-0x00007FF6DEF90000-0x00007FF6E0631000-memory.dmp

Filesize
22.6MB

Download
memory/4204-4420-0x0000020A599D0000-0x0000020A599E0000-memory.dmp

Filesize
64KB

Download
memory/4668-4423-0x000002A496E60000-0x000002A497194000-memory.dmp

Filesize
3.2MB

Download