377ac497bdeb20e13ea84ca1eab709946535b77d4231007a7646509386a4af33

Analysis

max time kernel
93s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 11:49

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

MBSetup.exe
Size

2.5MB
MD5

7ce024e6e2248ee891248469894d8a9c
SHA1

13db96c5e8d67b7f1141d22567741cd45d659c1a
SHA256

377ac497bdeb20e13ea84ca1eab709946535b77d4231007a7646509386a4af33
SHA512

ce5b6e7b7da5d3d00ad1df64006c24c291e24cb63e855855375e52e7a18ea7b3d283fababb79046a59533bcd80d8c18f604d9ace64af7e712f18020e5b351eff
SSDEEP

49152:YXrcUh6gxrxD0Xc3StQyfvE0Z3R0nxiIq2ddIAuSF:4rNRxrxA6KtQRq2SSF

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Malwarebytes\Anti-Malware\Qt\labs\settings\qmldir	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\GroupBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\ColumnMenuContent.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\StackViewDelegate.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\SliderStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\MenuContentItem.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\GroupBoxStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\button.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\spinner_small.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Qt5XmlPatterns.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qmldir	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\check.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\SpinBoxStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbamelam.inf	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-time-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\FocusFrameStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\spinner_medium.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\MenuBarStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\ProgressBarStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\SPControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Qt5QmlModels.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-console-l1-2-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\ApplicationWindow.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\TextSingleton.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\StackViewTransition.qml	MBAMInstallerService.exe
File opened for modification	C:\Program Files\Malwarebytes\Anti-Malware\mbuns.exe	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_ja.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_pt_BR.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\sentrynativesdk.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-process-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\Control.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\RadioButtonStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\MenuItemSubControls.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\TreeViewItemDelegateLoader.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\needle.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbae64.sys	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Slider.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\arrow-right.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_hr.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\arwlib.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\CircularButtonStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files (x86)\mbamtestfile.dat	MBSetup.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\AEControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbae64.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\StackView.js	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_da.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-convert-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-math-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-string-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\CalendarStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_ko.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\TabBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\progress-indeterminate.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\slider-handle.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_es.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-profile-l1-1-0.dll	MBAMInstallerService.exe

Executes dropped EXE 1 IoCs

pid	Process
4964	MBAMInstallerService.exe

Loads dropped DLL 2 IoCs

pid	Process
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3176	MBSetup.exe
3176	MBSetup.exe
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe
4964	MBAMInstallerService.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3176	MBSetup.exe

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:3176

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4964
- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
  2⤵
  PID:800

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
1⤵
PID:2284
- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
  2⤵
  PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8631746f8,0x7ff863174708,0x7ff863174718
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,2988961125145547277,10413063471522618865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
"C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"
1⤵
PID:5900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x2c0
1⤵
PID:5200

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa395e055 /state1:0x41c64e6d
1⤵
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll

Filesize
224KB

MD5
aa63273baf5f115ff7fc04f72c116335

SHA1
28aa15f67054b9f6fe3771b82a6b6373a95bbebf

SHA256
32c1e6d81c612d114dd49130294936b909f15af924ebec044b82c43bd80adfc8

SHA512
acd96db831092bb665a1204b88b7db259ff278d44a3dd5ae064483e5f4133b80a5b77f7598b9281836b60e9570079eea867c63654c05ccd4c6927e3e632d17d8

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll

Filesize
401KB

MD5
576235b759f3f88e38a5520777d8aefe

SHA1
8501c4efcfa696456b274561207a3e2d44d9d0a1

SHA256
bf8563fac476c49fc5e9931510d3ee8907845bdd30d1f77a67ad2ecc456c0344

SHA512
3420c1786fea6ed859c8c1d9d10177a56f0f3b35a929af911ae0dd720464d1124936a390e4da43dd1a0e45ccefdce044a781c9722b530f228a9a13f58729f1d0

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ActionsShim.dll

Filesize
211KB

MD5
3c0ddf4ba6aa534c04f3ff24eef2ed21

SHA1
f6a513ea34361c891b0aa2c8915ac78ecb1537b0

SHA256
e94d5e9e3a3f6a0106abdb214922a3a133c802d7c37ec4c5b2d86e6e772c8930

SHA512
1297a20be068e423c7387ecae4ddd53e8acf28caa4151c6868b53f895e6cc1946f845fe32623ef86c32599174ef91cba82a129431d7526e26df37bf23c8da480

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll

Filesize
206KB

MD5
06816e94c5af40a6a32b5f9ba25ad3e8

SHA1
ebb008d280df83f67fda5288af0ed6bbf95cf077

SHA256
98449b63c71bcf0e66c7066381c103d666bb8a96ea41af1c9966e7d5a3abd756

SHA512
bc472b310d15d4c11e8572b799521226a50824d5194b9744d18592f415ed73026a197c68428db7ec8018bb53c9d9dfbd5e2d802be10321c3e4914a225e5b0af9

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll

Filesize
206KB

MD5
f848a8913a248e02f7b829f36c241d5a

SHA1
025902b3acfb6a17070674eb978a534c71001315

SHA256
2b10a25606edd453fa6a6e8d9e2c7737da816dfe7a713695f38788b67b27210d

SHA512
804c541d197126cec7bb41b8190bd6218e1836feb02c6e50c0bc4ca7d2662dfe6c54c6a835e1f0f07504adb2116b8e8e3d67bd2f5c034914563576d1b61a90b7

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll

Filesize
89KB

MD5
a055c50b300672e3a367b3ddd0cb8545

SHA1
1dff7be34587524468f89f12757c04ff9f0a4d17

SHA256
26a6b1910613d85123f87bb6b7930494fd365e4b0b93751f93ab841ace96baf6

SHA512
349929d1787b0fd99ecbc5b4af7be0e7a00167de3aadb165df69e67b5ef42494ac0f58f9f078aee0556d97e451a1559c9ac9485913e4187fe58c0e50cac0dde2

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll

Filesize
286KB

MD5
33ddc0639ffb2cacabeda8936cd38da2

SHA1
52cf8984b8059fd77e31d59c8304afaace2636f9

SHA256
f65d7b3f7d8202ba0abd4cf4cb3d6e0f5e87fa439d24dce0948feaec70f8fcac

SHA512
c2c752ff69d680ddcf09b2892a76edbd914d0d817fc0b656d5c2069536490355f3bb5b8fd3c8c49afc820b314489933b742b382ea0df8bb585804fcd902b3b68

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll

Filesize
326KB

MD5
0f91806d08717af69ac93f57b379d266

SHA1
c9548d72488a3791fde270c2651b4131d68adf0b

SHA256
9edd5942dc1ee104b2c2d9e97304065195d4ff30ec3b226369c926f75dbe64a8

SHA512
d7de4899f3fb93075d7fe61ed77f17c1fac9da5a2e51e66ac44df5ef1c55988e5c6829763a39b2af3ac0f1fe729df27e6bbe9f1cc7e77d936aaab9bdf3a4cc6d

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMShim.dll

Filesize
217KB

MD5
b031014f17f2b849a294b9406b041d42

SHA1
40b54d72993b1105db5d91d24ebd15abc5a1fbfe

SHA256
a0f4c25d6a482f7e5d4d7afcd164590e06998b619ef9a080c8432c3301fc8698

SHA512
f5e6eaac7a32bbb75dfb5d0fd2b1ddbf7e72c86406f85ec05ec623dccb8e3295b758cd75642f8437deb0afc48a67e3603c4b1530381c82ec68d5d6d0cd63a4d1

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

Filesize
467KB

MD5
541c730d3a4e133ecaa1a9f55369d601

SHA1
7d6fb7db4add55a6bb6bf06faa013efa8bd59b40

SHA256
2a20abf59cedcab65bd809aafa27f5a0416cdb9d8f597d2b7fc90a4d86d9363f

SHA512
5edf90129775fb48f29a88578feb2fc437e4fceb15ed83d2a6904a6b75fdf7aa811497c8fe6e9aee471807091fa616cedacbab6813bda4b00f09d0248cd73735

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll

Filesize
169KB

MD5
58131b98e717fbb8a11e27738a548969

SHA1
0c5db549e28f34af25d1533bd6374e666ca38740

SHA256
7b37666d562ee14465a00b9d7039fe3d06435ba680c5b0d3793b10d8c5ace091

SHA512
53e14cf80c49aae58b8b008ee873a460c11173155e5a3f26aade8238f384ada43abd9281ddf395f61e7d9946560fc67343cd440d28a741dcf554e35c2f5965f4

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Swissarmy.dll

Filesize
122KB

MD5
d1bacd8fc388ed110d15040110636543

SHA1
50b32f6cc05032e65ec78a339b85189c3caa4a0d

SHA256
4db0190fb8b8f0375445a2e4a78750bc4233690d75a8e2075e96e8dadfa2621e

SHA512
73e88d52385d35906dd638b6ec98afa756a44bf7c1b7631e60f8affc31cdc00a4d47d370cc421f88bef4508604549d6540a3532642c7593bd164c92bdb9113fe

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SwissarmyShim.dll

Filesize
143KB

MD5
10c95ff936876ae734cc3e26996f151b

SHA1
899c749853f2b1b9145d0cbf5021d4b7315875da

SHA256
d2d79659aec8ecc848299718a8aaa61a631a53b898f5b81970d1288a345906b5

SHA512
4b2613cb7f50311c84846ef3008df400ff9df403860324a5bd6a94195c16d240018cf54371ad812b53a4c8b6c2c6c0477c8e6688a6bf00a10a8b4cf799b96d44

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll

Filesize
177KB

MD5
9ad9401b6d439acb43903e0cf831c874

SHA1
58222e486dc8e1f5b660828e200fef8b7b22b1cb

SHA256
d231faa6b7c611782b5b2daf3c285efd9355349f290acc5bef6acaabc7bd37f2

SHA512
4fb641322eb5ede7077810e33ce2f63f92574d57b957c5ce77455763b1d256904aa8cb9783fd3880da47672bc77409ba12eadae3afa845793cb1a3b5f18d0a34

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll

Filesize
162KB

MD5
b3749a15205c586386a77373707f3e92

SHA1
da01683c14b0919c7bc39d6241806351b7d20eb9

SHA256
6bcdbeecdc1ad2c998dfc42020a0f94abbd59bff7887a5f05cab0d5c2cf2298d

SHA512
7e1b4434825420c144b6c95e700790cb631fef9823f9d1df9bec359af660cbc932b379ffe51960d4384d980d0c55db6e0468c67e5a555eb637ec3695ebb33faf

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe

Filesize
132KB

MD5
ed1fd8ef32585dd5e2e50d9e99608786

SHA1
16eaea92f0b760d149860db542f6a49612f6d9fe

SHA256
fe4efbf5026d37b574749cbc1c2c55efba61343289215337e5bc24dd92b48fe6

SHA512
b7d50aa0bbad638eafc1320d09ac4393de498b3cd33c76dc9e3f7dee9c77a9c46eab905aafa27e2dc15491eedb4ba04f2d411277f38e08cf129eec910dcbab82

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\sample.dll

Filesize
200KB

MD5
ffb5fe68b2c099c869f97675e597603e

SHA1
b9e2031db040dd15852bc0c6f4df8827c5590a54

SHA256
a9d72a123c3a775528a6048aebf60bb3789d32664c16b61be3275600be1fabfc

SHA512
bcd9fe3082d558bd78b9c03608dacd6946b49bb653571a0ec3d752c9739258542e2c73b552654adcbe853a9272583527ab0f521a62b3d9cb701a2aca244a430d

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nm

Filesize
337KB

MD5
167ff4b01aac26873b56aca7dfdafb4b

SHA1
83656008cc433a165b9a324a5835e9100ee21124

SHA256
d3c53b3af96eb83f7f9ab6efcb8217b613b1c4b7a8b9d208d6375ad63400900b

SHA512
9991087e4af0b424cb1e4d2e42dea59dbde4f30feb17b44d180662ceda614af351ba4a13265b916d795f84ed66c786602eda27ae9d7425472215a20487efbc9a

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr

Filesize
351KB

MD5
85d7f131726c7af92fa781b37912b585

SHA1
c13c6517eb934391929fb89dcec19ee220616cad

SHA256
434937a0c010ffcae00c1db099bcb8fbd9d540ebd42c1a8b7f0cc7b4d5d671c4

SHA512
58318e3970db89d87b06bdce9c96f1e82b3c4d4bfea7d67dffe2dcf47ae2cd32f3aadfcb472c5fb215bc8809ff38b67d974f9026a8b581b9906206ee1b74987e

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.bin

Filesize
1KB

MD5
86e218784196fe0b6472cd0f20a85069

SHA1
8a5404e5b49624a5a6c289b299f98c4b72720968

SHA256
9aa9ffbaf7126a0b23ddacfaf7f576c85b5a3c3a7d57eac636e73af8842c0902

SHA512
1db35f7d6414fb6ceb486c0361ad394dd4f75d73925b17ffedb07d20b2cc264da33a1e9ff2306dc87ddba81099d5dd2c06b0e399de912d6bfa464c62c9ad777f

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb

Filesize
10KB

MD5
c4345a646c330b8e6326267f02500a87

SHA1
ea2a0828c8dac07375273691a9607095f9347d68

SHA256
2138c41c28fe7148a6fae16c821e77998c5b6a31a33b2708b3b2085cbda4b710

SHA512
fb66c762302f0c9bdcae4e3d7f2b13385593bcde1c6b462c2c236a3efafdde3e3d804de222aea816b2d9b7f0fca6534cb4e552a45f922f8a2eb353d7ef4a10f6

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat

Filesize
39KB

MD5
10f23e7c8c791b91c86cd966d67b7bc7

SHA1
3f596093b2bc33f7a2554818f8e41adbbd101961

SHA256
008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

SHA512
2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat

Filesize
514B

MD5
5b8cac16d7ece6665f534745946a6c3a

SHA1
f68e6f1194a2e469db69f60bc19b538736de935e

SHA256
d0536c3681a1604b1234e71bea5036fc8c6dac9e2cc501d1006571b8c20c3800

SHA512
ef55a4e90a61407f6b0394a534d7baf456b0c1a2f101c1cb2dab4ca7741fa8f535f05ce08a461d92f6f4eff8342e12e24568a12791c15163124d89e13d5d59ba

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb

Filesize
24B

MD5
546d9e30eadad8b22f5b3ffa875144bf

SHA1
3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

SHA256
6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

SHA512
3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb

Filesize
24B

MD5
2f7423ca7c6a0f1339980f3c8c7de9f8

SHA1
102c77faa28885354cfe6725d987bc23bc7108ba

SHA256
850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

SHA512
e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb

Filesize
484KB

MD5
312f2be3f7c66b25797cdbbe60748324

SHA1
c8e6f24ed0e89758419455f1ae066d5b04a37193

SHA256
565b127473f40d5132a4926df8c60165e62afaf36f808e665ffea1bda7fd2c80

SHA512
29161988ddc68f4f2c199ea2a4482534667f26f03ff3060e58ba77141693c7f7b4fa41853c77530b5d68d7506fc69935fd488964cab3ffbcf1fe8fbfe6d05184

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb

Filesize
769KB

MD5
b1637ef44ea650b538deb0b544f74e7b

SHA1
5514783f09c71154213dd29c9943596b26bcffb3

SHA256
58a7176c9d6cec57a7fd12484bc9e13c4dee181b66b52cc37951d8df97883018

SHA512
2ee955271605bae2730e6d5cb02a9dd1cc56da921a5055a4263ae63f7aa1cc1cd603622abd44ff247d922d0e5bc149e49cd3dfdda3de7debf6b8d7004d2d6eb3

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb

Filesize
177KB

MD5
5446db545897a806bcdae315f949e4e5

SHA1
da775c0e8d06f31f2f268b16a4599aea7f872413

SHA256
049121fb1ff3193fdb3d7f480537080e4ab196edea0790f1d6bff550f96c33a4

SHA512
21139718563c8c0a28bc78343afdf1d39a928dcece52742c00ce5e3e55727e9493ff4e99f8f292fe2294c57dcbdd8d5e62a04aa6d8b86be5df727ea0ab94f336

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb

Filesize
388KB

MD5
03d683395ea0e07ff00db33aa4b8aff6

SHA1
3bf570d5e7975a7c21872624a79d2032d4dfd47d

SHA256
01c9eea375c5bbed0d83b36822a7df631d0323e57241de99a33f8dc99fd4e806

SHA512
0ca9a540be51fb1dcde3e8e09316f53b1620d184ba414fdbeac842cadeed2f275b3e76c4ad56c304d0cd99c65400e6e0ebe5178185f1b6e810cefc371a82770a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\7z.dll

Filesize
64KB

MD5
4c05cc566f045354663dcb17b2808f86

SHA1
f1ad3615b91e3e877d13cfe3fd2179206e38fc09

SHA256
4f5be4817b92dda8efe215e32b202687c7e826fbabd7e82df164a502130cf85e

SHA512
24024a74ae1c5259b7d5bdafbc6197d78bf898c178deb78007c30e743ac8dd19710f5326178e64380debc136cd7479c728df8a52085ea0305c6a0593c74c964e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll

Filesize
134KB

MD5
6f0217b61c97ccb63214da88a9df5a99

SHA1
2f52e839cd3252a366b4bd7e8cc2bdcfabac4ed0

SHA256
50d4b003eaff06f2759038f202745490ec06dc3e6e1860bad7cfafb118b7c7cd

SHA512
74791d5d98ebbcd7212bc5566d1c57e443cbae3486efc760b7f7c258b3c3ac4f26bb9c093d6635ccfa0a82e3745a15a23bf3c468588721ebe7b5cc091cfb6840

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\CleanControllerImpl.dll

Filesize
26KB

MD5
11363552a859111e5324f257b7018d91

SHA1
1df66c74540eb547d735625abb8b7d9114168f09

SHA256
6289c809e5923da780b522306e545b089c70e5c117c3b30bce5c52cfdc077081

SHA512
3caaea22be7358fa12ec50445712256387c94d42a408413d7f1251a6b7973c60cc8eae918fa382f06e102a25aa648264016aa63d6fe6aa25e59dfafa19d13f66

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\CloudControllerImpl.dll

Filesize
149KB

MD5
f053af8b3c2ec95e344be293687e351e

SHA1
21a6be083f6a3d989040dc72dd65f9ace4a87dfc

SHA256
00823173ad3a88e0d6d16f09c6ff1002c868cc108643845583ba934ead982f78

SHA512
74cda81bb573821f937b28047bfbbe97a399482afe046ad319dc3b88fbcaedd07a58c98c1701af148cb8d34d85ffcc640105b251a50b80440a7120fd8e1d774e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll

Filesize
122KB

MD5
2ee7341e370a354872ec820167fe5a21

SHA1
c3de7da8eccd4cd653660c2685807112f5a2ecef

SHA256
01378237fbf4c668e1f0556d99e2765b418b6df129eb9b9e4c7fb8a3ab4ac08d

SHA512
1c139c9d68f95070dc600efa8111e1776567d42772536f578aa91b53f6f798511907bd11c3ddcbc1c8bf59a69ebcc46ec44ab4c94ac070342e55a17454a5f251

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Filesize
3.3MB

MD5
d88ad07657e192cb1c5942fe564efc51

SHA1
2fdbee36ef13d1b4f5435e290bdcba122b6a6c62

SHA256
ff46abca84a7e03b0c0cdb55bab91c3b1d4bcc19c9a1793009de495c215d966f

SHA512
a6abd64501e452ba3970bacf7ba0a83a3a2aaee5e7d6402dcac94abc63ef9dd2614c82e1d29ff0fead1b30cb46f6ed536590211f1c3c4de8636db4374b9eea4b

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Filesize
1.4MB

MD5
3d1944112a3897dcce514e1aba2f8c9b

SHA1
964e3971dbf24f1867e6c9c0463d0194080bbf6f

SHA256
82aedb9a4715bcd526481246142cdbbe0b8d993c4d805c19b690f57d2d74de8f

SHA512
ec13084a2174615ed64570e74424e02c7f111c6804d74f3ae84d57ce9cc6c70a04eb6f9f85178e1e3df9bb26bc061a78fe027ea15caf331e0033b7c77c633b6b

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Filesize
1.4MB

MD5
682635c63af57ecda90c34682546d92a

SHA1
2920f77fd984435662926f472b63b0346c1a03e8

SHA256
7cb282a7da3e695583c44179ab25d9f5f2390e65da217ab2eda5451eb4c61bb2

SHA512
e6396ca9407a7082b5088c4c7bcbe6f61dbc7fe6e9f205de9e2a48a9ddcb22505147e3d211336d04c691b23ae77fc18c0481bf68fbb35247c2819c60c09a610f

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

Filesize
407KB

MD5
e55004ebb4377919e0049c1c4ebc9860

SHA1
7b0e9e4bd0b6dc2dd7d02a0a66596802fe0ca708

SHA256
0c759882bf5566da6f57efcf3ee9a400aed407af183c8e0f2559dea7d3ea6ccd

SHA512
2c05b72f9c10519051a1fa8870597431267d672e0ee9b1e5a4c346692e3a1a997d387f8182ce6f6ddfe976275fbffe5168096f188025ecafe36d4429634e5b69

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMShim.dll

Filesize
40KB

MD5
69c6f00701b33439e8853b1c405c9254

SHA1
6d473bda19732ac53a9af90bada8519b2fac1c55

SHA256
4da978258a13ca35f4d52ce87267bd3fd597c410d5b78435a67dbb362945433d

SHA512
ac7fcd3fb6fd59574c62e96c83772606f07fc7a3ed3e74cf5403b88079bb75593a3a681e77aedcc881a48a8d1366163fbabb854740e24e9fea8f9903d50ffa50

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\PoliciesControllerImpl.dll

Filesize
304KB

MD5
39c215ddef8329db05653894a64057fe

SHA1
39470f378be1f38d807c58c0bc5be65deda41bcc

SHA256
742e3ae23ccc8ea2656695562a7a16e08e50b848254990d54e18a0fec00ed072

SHA512
5b037f2bb4b4df3036451ac1eef097f3b417bc5b99f8a3d431e6342ff5d0e4117fb6de440509ec73b162eced410bda57436daa7e979b0a2fcc4ff004a4ee4ceb

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ScanControllerImpl.dll

Filesize
181KB

MD5
b600235c1c573b11012db1de962af671

SHA1
6b06e9fb44e90fcb90d57c61aee7ec25fe8614f3

SHA256
db3e2e4c93a94c0b3cc5cec964b8df0b10dc583bd5be8f6872e801264484a764

SHA512
66ff6a8023835b475a16d14bb3cf71cc9605137633deec7824c0117ec1473d1b7f525627870da5680f5f6b6d052bbbe052b66bd339dcd8f12edf9f62f6d43de9

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
592B

MD5
a3b71e80fdbeb1435bd10efb6b070fe9

SHA1
ba4a94e187ceb9a535e2e50524b67a027f86931b

SHA256
db022473891b789a610185acd1966833cf49fbcd95e4b0afc0f73ba9dc7bf554

SHA512
41e522131598511e8f6f9b5e56fa2d3743d6b4f7c8d53e280e9dbaea11d423a76a001fc24112d7c4dd8096fdb6693d4233477dcccaf638e60d3a8f778b2d927a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
654B

MD5
5981d3b96d6f06422ee78cd98c9a3b03

SHA1
42beb54a712be083bf55c08daf929a7cb4d10c36

SHA256
d77bc0fb435a6bb7907254c242027b3ff5ece3bf9d15d767fc083c672a9af67e

SHA512
c4d01b6c3843c49505c0c30446df7c84d00fa0ccf314ef8f2c93ed8a526aad4e2de7e8e2f86e5ca5912c744741e8fd9cde3d6cce61dd4c3d9fc95686f3bcadc9

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\SwissarmyShim.dll

Filesize
187KB

MD5
5caa586a688d04bd84987c8173d19500

SHA1
281419c23ee96c210219bc386ca358baee1f35e0

SHA256
cb2874d27a835d660b44903cc2944b43235349b3e0fc274615506c6df17012f1

SHA512
48fab5ad97659afc2a58f2033457379c5bc9b944b93d03965cb97e5b08bf7415346e361a0de26e71a37d0f165520128bb757f55a57776786f8ef35d8be8d8337

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\TelemetryControllerImpl.dll

Filesize
153KB

MD5
fab0399859f5ea4e03623b442ed235fc

SHA1
8bbe4d6032d50f47e05c4b7d26b9754c4fce4208

SHA256
61d1bf531fd1d3894e0696f3f1216d60cade823dad305ba2cd95c7277b5072a1

SHA512
9775e36b3e74cf9944efb4b8ab3bc404c5e9aa332384b1379ed3ac67ed0060992e02748e9bc923458fed25cb4cbee8f8f711357e0e4e6a10f0b1f11d5009c133

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\UpdateControllerImpl.dll

Filesize
52KB

MD5
ce02de9a1f66b22a7406516dbda4d437

SHA1
3cb52f53743970935c668ca53b6ba91deaaf82a2

SHA256
7f13ab1d88f3528de8eef7040199a999765d3bf48c5869e7b7b948ec2d2138a2

SHA512
32a08e80c6070e9032e8c5d719e983c978ee358a41f0fc65227089ce54819391636db1d12988f81acba7fc16a4daed49cf0654b22b9cb7b89784e76ebe03f141

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

Filesize
8B

MD5
1ce34e67180e7f2d233b274457cc1c65

SHA1
451a6c7c2ac52cb903d5325acccb52d29d92fe5b

SHA256
d7f50cd5214d75cad9d919e64c6c6e7e75b1a62066e6f09ac7432105b4c33e3d

SHA512
f969f37de5af5d033798a1824a8d7fcbc71e78d31c00d3995426c7004adf180b970702921c8d05f5a42f65e46223a9e606076c77db47720beb2bf02aeef221dc

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mb4uns.exe

Filesize
134KB

MD5
d9b3e66f2c720f2b1eb9fdf6cda5c3f9

SHA1
bd996b87aa22beddbc4300de114c0d8526c9fb92

SHA256
43d635261acd3e1a1900677226d0b30a94469279716171b6569694d7680500a9

SHA512
2b50b01a765de45a609eee8bf3034e2453ad903685f5aee1b13dd7d37530402e0974be151137c96df4197b66b5dc60d4bc85e9ac8868f73e794b1cd7c7f6035a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

Filesize
125KB

MD5
e58352921b4385e02b2731921a51ff00

SHA1
69eb9e00d271230080bb8cb9599715fada182324

SHA256
4bb06b3dd8f6f9775f52544489f62b91dfd9ba916ea04068bcd19182ec42444a

SHA512
23e51d20f4dfa1a812d9d210eb6f0a12602b63ba116bf50e1f1540b55b48a9a94b0feb61440709773ac241efa28c3e9660b2aa90b39afb082ff4a4f35aa65699

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

Filesize
202KB

MD5
b3f0919c01d378b7b0db03b91790bd9f

SHA1
41cb95561f2a5fd7a5dd79e216dad5a152f862c9

SHA256
55d471bf44e41b758913e178d6d4f8aefce7b87b8fb1086801d9dea340a4bab9

SHA512
420383f244b1968ce1e672bf885d1235d816c9e03b6f7ae5a50ab982340b104642b7e6eb728353d356a34af6b1b3a90c02f84fc65aca5dcb54eaf62df8df1ddc

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

Filesize
400KB

MD5
c1ce4c54a36a15f8bf8b95af3d958973

SHA1
baa6c6b9c7c23605c7ed36659e2e4c34cd95921b

SHA256
cca83dbde6bd9ad356363a5c34be86b6a2c4730db2431ace65e6766408d92634

SHA512
60437f8b5f16220c30dabcdb1b9e9439c3ad3fbb5327b60c0990e290d2e7150cfc8c4c830abc95b4544c94303fb57989b1168ee53eaa5dda14a887cbfabd3c3e

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

Filesize
473KB

MD5
545233177fc560f03a1cea38fa97ce37

SHA1
1992ebc8c6ae8080e9e284ac1801f2998bb3b8db

SHA256
27d3d67585a46645e31bb9cc101d81bcf2167c3eb3f29297b37024d98fe826b8

SHA512
83b29947af9ad728c10d991c134731bfc185a5009fe24719232b3d9e16e4b2dfec3d7a3a79fdeb552f5c043505632d29c2fa30683a31893576717ec756d13b29

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

Filesize
114KB

MD5
f782f049b0e8c13b21f8e10e705bd7e5

SHA1
5c11f955e3983c50ea46b5d432c97c9148ac8e9f

SHA256
16c450a310edbea07f578f31368f168ec338011cd117406898593e86ebb83dae

SHA512
eed29c42b14ff26a030f53d61d6dc8e3971e478dc7646b26189f14f16699b6bedc170c4bcc37efe2e8f3048bde37480033b49eaf1a4712b88464f5da0efc18f2

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

Filesize
9B

MD5
f726542aded84023a13eb78929733a4c

SHA1
a6e6cc94faa58f8f9de95d6fcdd6a7ef8a86565c

SHA256
ca8a93db9b23da70acf8913f25b52c74ba3cb9a705de99e8cffeec3053c97316

SHA512
a0c11b133436d6f186c7ad44e307b7c7190b7c685c9e750e4d8eeb90e1c5efb9a6397ff575c998cf3d334a670b331b1ac5e30d6524e6c051e9a3fa5ddd367673

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.dat

Filesize
6B

MD5
74c6677020fc6b6c867aab117078bf5f

SHA1
8c46db37dc0b39eb963d4144539c8b591e122400

SHA256
cdbb9bc874d71e154c71b68b1fe959913d286036dac11e226e5620c919ba9708

SHA512
3f9db8d9bb25322f8d8e750750bf92dbe6ac63d686eced65cddfcd61178cf0e947118a491058414d4d2cbb4892e39815565669aee0dfdda23aece72d278292d0

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\version.dat

Filesize
47B

MD5
8a06517a8e3be54ab7007a09fa050738

SHA1
4b8e934469c4a9982f7a99cb4a0f70514e49b262

SHA256
60ee799401f2fe72df9d4ebf1646a2e6c79dfb46947743dfc41f183427e5b31f

SHA512
23bc60d4463eca24a2ca84c4e4823b51b4084ae906cf0f306727919b251d3a954e0f1e78935987d730846271c0e53e5f69cb28f990d3bfacff8e71799f6bccaa

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
1KB

MD5
4251fe660509facf27bd1a227a335185

SHA1
267e1ddbb0974a8752cc8c1992bdc94249e20de1

SHA256
2a4a182187ba1e76e991a0a0d235d90941e64f018352922e3c9e148fe0c35394

SHA512
aca639290e40c7bc434a4da455a7f0f851a65ee0093baee614e7a20d7c54915b76f1e86526503fea86efe39f425db51ef46bd24772ab7f9054542769c0615a4b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
43KB

MD5
78e9504c29870381d1ab5da1ecb3534f

SHA1
f356146995d69931fd7bd87e1f9ace1525534460

SHA256
d2e38cacd7479a3f9da685624f6b38650e694ce0ae6f58f5511bad97f4486001

SHA512
da77da9fb30d8811f6f45273c91dc30c2dcb8a658be8c087c2d86e604e6585ffade624b98dad34dec5b67cbe5732297955d8ab21a95092544d2190bfc546d5a8

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
21KB

MD5
fe5f6383daee9f1e687c105f3c513b01

SHA1
f63adabbbd4ab63041817ca5e4949db9715fafa6

SHA256
de3f30af33863bbc8f5c82f6c81d0391691e23fa1743900becfc658e25a00577

SHA512
996f176fa0bf54a36de09f5fd8e151d7fe7236065b969ff8b7b4ec65fb3659f2b38642e2be96f89bc45a0d69a47099a16ede2d3233e5e431ef204db07eb0514b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

Filesize
66KB

MD5
a4466292a76b4bad452444415b2eb895

SHA1
76318ab0c429d71fcfd53adc98f6f10b375e6e00

SHA256
89732efa990d5ff078e5560311964f5c7758e99fdee8973cfd703d80ec64fd4e

SHA512
020831fe7ea17967d0a81c688989a4c1ab3b704ad46a26b31676fc786866435deb2d62e326a87dfa5e82700e15a7b9e60d18b8bc9ad25d4fbfb51bdc3c780744

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

Filesize
607B

MD5
152347119c99adcd7d9aa2e1509f4ecb

SHA1
5ce19ebd4adbe64eb9b9adedef1c12e3ed39d152

SHA256
df22630f54a93696a995e5400be2750e6cf448edaa931ac1215bf69d5ada1830

SHA512
7db69642a23e3f5e05a7c96a26c7c6aa2ab613ac4c25c3f5319a2c7572e6226148b2a9523864a10f79d4dde0efc9b54725e88b3f707d36a28173256837f48c53

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

Filesize
847B

MD5
b5fdcdce9934a9d7fa1133f0148455e8

SHA1
a330960f2a914d58bd475f50b792199806e327ee

SHA256
31172b20b5110580268ae82667340145b1527e258b4fc27dc8f76f1d8b230ac5

SHA512
0d768e4aacdf8e7336714de1e61589082c30373c0b788f960f0ced315b5f574f7271f350fa6e619de1d27a8443b03438e3a4af3187bbc98d126f940d5acd4953

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

Filesize
846B

MD5
7aba0452da075c0d64a6504c4571644d

SHA1
70ee272081c9e6b588b56218b73345ef1c00f34b

SHA256
bc5529d0c2b0f35a005dd09841f7c21fea63b67a2c357eac34518cbe58cf3ebc

SHA512
cd9362567b6880af250baf6ca40c36acd670b93ea32a522d355d5e606fa574475f84104f0a6b5d72538bbb051e0d047b093724d67f30dc57dd1274e6b8560f47

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

Filesize
825B

MD5
d26bbaa52bb94eeeb87737b0bf856d98

SHA1
dd7a3883ce790c2209fba0813ba915cb77a2a6db

SHA256
e973510a3d1a639df506e16e5072bffdfa8934dab36d6c351de8944b193ba9f2

SHA512
e907f0d325dbb172ef397e82cdfa49d3afe59e11656d430b980942ca0816053265cdbe5f880a8e79425019cb236dddbe2396cd3421ba3ea14a899e43bbcf1389

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
15KB

MD5
2b5dbf5f511778db2f7c5914bcb13e39

SHA1
b02ec96966924111fae85587ca736e7f66091a75

SHA256
bdf9f91ab06bd8ee299dcd7e520687fb31a59d035d66f7ab38a42b01bbfd0bb0

SHA512
796fbabd8390ee934ca2dd17c7720f5ff9bafa9e5282eb869480244fe5bea5fdda565b3ac7cfbdf3c39b9385c4c695e7f785c92770418925c13c18037c04f5f6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
15KB

MD5
4bdd17683ab958e22c9e20cf3ad9d033

SHA1
5915c6ea9a851280f46f1ea4ea54d7854c314d3d

SHA256
d509946404c39be21e4d6742dc7540c65594b1fbd58fe05c00748379651d0884

SHA512
fd589575ce4c76f0e581bfab3ab321d7ee0aefae51305b15baed70ad034d2576887f428c8634a55b28be534baf5c0dab03227215d0ccca7305fdb6563e1c8be3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

Filesize
1KB

MD5
1ea6d09dab830d152edb775f48a56090

SHA1
04be8be8a25cc987c03013c74fdfeec175f52c49

SHA256
ba583f48c2e5007b1a7718e61725a052783db6ec6533ed2d652d8dc7f9a03e9e

SHA512
3dd5babad9c890672a33faf8e9f3e0a1ba97d2aab489d455e9d06f36c782967b47c025eb60a777d828cf29552ca6992e0021728fec85fe4e6b4a7d01318fe71c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

Filesize
8KB

MD5
1e99f85c1b9e14b1fe5a29be35fdb076

SHA1
548684f134a5a3669bf7688ca3f7f2aa3fc242b5

SHA256
bed93b22cdfb832df0a9d6300c90652f4b374ac876bd04efa11014f618ef3f57

SHA512
bcef53b7ce50bb512ba772022a2360b683e86e2390f2179922c13433c1265e3724fec9312632906f175776c91307ab4ea6d801aaddda202d81ff1a8910c7e1f6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

Filesize
10KB

MD5
446bfebb65f3c6f9e211093cc6ec5cd0

SHA1
20a536416ab001d55f5c70649cbb8cf94eae7b03

SHA256
5a1ca5a685d418be5272f8cfe788c79c58b7b4f20b514ab233c4899091fc3beb

SHA512
c4d2f9e3892a2a57842c527572eb165db8a3948d54817f561cc0b73753bcd7f6a5059442ac59abe1af1741bb7c89743cfe5d0a2d04e7ee9e8b4aa3b6ca3ab1fc

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MbamClientConfig.json

Filesize
10KB

MD5
e79e29258480304c853071a6f233b118

SHA1
0c8c70cc03c0b4ad1c0ad4ccaab7bbf596aad9b3

SHA256
6261f863e2d81daeced033d724ae1b19835d43019196e1ab2747dd1ab88b739c

SHA512
be2182f4e35c3454142fe1a3adc0b22876a075a251672d95ac7ae256cbed72643d7e7df4042bf4de880210bb110092a8c78869b35e42e497953d58174fb221fd

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
1KB

MD5
f5fbedbf2d47566b2d8a51d5fb1a88ad

SHA1
e8faff20fd69305033a60ec8c6bc4ac9831c886a

SHA256
62e83d17b22bc90b42f9e272ad794844d0845895428fdd8d0969b9682fb5c65e

SHA512
52258a980b788ed6aa3006be7b48bf95c5e3b9b0b066f52717475b352c1254a89be10d27a667f5f98cef32e8c0cea9a4416e16c2a25d4f7c56f09ed1949ee6b3

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

Filesize
2KB

MD5
3da07cf43f6ca850367cfe14d7bd26b0

SHA1
58d10dce59b4dd5a51b1a04addac12c37103f677

SHA256
751216c19bca4d121836af9a5b1f0eb2311bb3624404c19840fa01d80eaa5693

SHA512
3288bcf920335cd2833c1e83b7c6b285e27544da39f42f8fdedc436d03d61b883c330187cc0bc80d5cc2ae951b074b9d24fb333bdc996b3a0da2d69f99a99a18

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
903B

MD5
1df07764720dabc98a0ce6321a3564a2

SHA1
af0d0d30f2a102fe63d61bfd09e7feabf0a1570a

SHA256
3aba724f94d66d1f57285f2738ed507122a06c5fd3f0ad3eaf9301a9fd059a57

SHA512
cf05ae1f676dbb213c9831c268e62d216e514ba60bffbc08ab45e5ae3af00ec859c173eed42410c0ba6d3f3dc59333b480c4efcdb7faa59c5f4b75c0c340182c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

Filesize
1KB

MD5
f3281c68d221c7c513109da88f8caf72

SHA1
bcfdb2a746bc6cbc1507eb663745b7b20e0de6f6

SHA256
7c99d9231bf3510c82f10de2ebcacfdea6504640862aa774ef9f601d95166803

SHA512
055bad21db6e87c483915b0962677ac3519d551ffe54d304efe753df5c1b4296e68d39fe348ba90b059d5ea07b709c184b28eb962fafc759acd2c62652dfaea6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
2KB

MD5
9ae6e8720a92beb773a475db6d918967

SHA1
421ea119606f1efacd631d1e904f4af76947a432

SHA256
70a37d0f2ded3b25e6f82b6ae8c22bee888d950905af97567939693bd8937f8b

SHA512
2166dbd16087267180c14f41e8fb9df663cc7ebdf8a9ddcf1a1d5b49ebebb0b5b7a978ee7bafd4fa24a9f3e5d20c60398d71d29240ab65415d3f096ac98abc24

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

Filesize
4KB

MD5
0c2ebff0572998aaceb483dcdd86c2d2

SHA1
550e9449233693d450c5b2f2963143618c209a90

SHA256
d725082c7285ab2f9f72038c823ba447c60b2c2d3064200484047afd826012fa

SHA512
d7382507a97fd542f3f8aa99c92dd55ce37c64cc421d50f0321daa293138e0aef5244fae0c3df462afdd7e77aef0e0a2aa25a7f2ec92b1b529018bb44a3f9253

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

Filesize
11KB

MD5
3de141e330f1c2de28e6bd057b8e529a

SHA1
4353c7a45b5fe1c2b62b71d0b6c67618780b3717

SHA256
e1a6875a0b2e679da7c9561f49eb05096ffa92f09d7181ed185e371b37bdade1

SHA512
45da453387d83e0d4c1bae88e7682b4c68e8580d40e950e64329259532cf25673667a21a8f33341aaf32b931b8ee96b3fbba789843c155fcfa6a35af858757a8

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
63271eafe84dea94dec6f786f30f5301

SHA1
1af32b07471f3dab0666749954bfb72992b206f0

SHA256
a0bc05911315aa73ebb6643a5159a56413c1b7a08bed36299074e6173f5c0846

SHA512
b9a48c4bb0b4fc968152c00467bdf2e3907a4f9508aefb60fbc112134da9455c27a6a4191c4f701d74bf2b69c00972b3677646f58e5d4abff060bcd9a6581258

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
7db6d93daba1999416f2b9f829480a4c

SHA1
37c4b70ef583a7a3c27c8437decf3c580e9c930e

SHA256
920278d1511196d0a0465cadfeee760cc0c815f053a3dba76e7b10b6097bf0ea

SHA512
55a04aff246782c4ca9ca1bc51933e5c5698acb49222b83a3ba4be0d685f0a4050863606694f472d6ca1039d285218a654a3906748009592d7b4250e3583245a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

Filesize
1KB

MD5
a8812ef180d583b2a0b6bb7980614696

SHA1
95b4dfac7b8a86125c9c1044c1f91cc50a122d54

SHA256
2e4e2cfbee3d57b6b258399fd004517331e045ef4f067bccd7ab14a4ed8183c7

SHA512
e5c2d499bd6f427fe509736eb42e55ba2c4765c6da3d40ca7a2bae7067d42b9ff5df29b03a0c379e4f029a9041812e678535ea69be376dc2c79922f41c0836a0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
68e8d5881aa58f3b072b3436093a68a8

SHA1
9414c1cc2693c9a0500ff5a54a46a6180a75f9ce

SHA256
ae6b1a89ea7eec50e7bb719078982697fb80766d38759b555b427fe7c113ef7c

SHA512
d72e57fa8a647714c508069de029af37ec0ee8c472dbd63cc55769a8bc838199e6abae5140963940a26b1a673803f3c416dd972a75c2cd78feed8be2a380949b

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
f1f4d183ac4a2467e6f9952391417c56

SHA1
514990f20056e51894e95b0308f7f1d709bff881

SHA256
9d4a28668dd45d99faa6dbd2322e53f010cce3ca9befafaf6d66a4a269962a5b

SHA512
fad6d3b0a7ade1febb526064c5a1c11bda08cb72fae1666b9ec4c13d4df8cde503931e651113463c102161e99826baffc594bf78187dc3fc201170b32291cdef

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

Filesize
273KB

MD5
900682558358307d2fe51a43d2d5385c

SHA1
76ae2907533ad9768d2cbf2c17f1140a271f8511

SHA256
1b8ec5c49d079838b909d7765abd6cd087e2dedc94012917c282cc2a63067b3b

SHA512
6f5bc37ffeb5fbb3fe5673a7465c664f62561e444d862a5c10065e39a6da563cffb05f96bd9937cd5b24ae0d7278c3d206ba2c79b9141229b24378f355257c3d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll

Filesize
215KB

MD5
4e64ff9d05022becb52a9e462e98f068

SHA1
5a6946e6e1a854503df9e96311c374369bfb0df4

SHA256
fa3322216240cf13d76672c67683d66a2e153784c0259e73d362bc1b8090bb0d

SHA512
77a4c480b53a81bffe475f59e9292896cfce810f58d4e010bb779ae6d3048f2c37b9b5b386e3c123774518b2812a2edf74d5ee91e3621c5b3dc1dd52911464c9

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm

Filesize
172KB

MD5
c7c42ed8a0b9f9f77fe32e881c12f516

SHA1
e7526858843becd59bb57597af7ad97780f7e3c6

SHA256
286000e8d9af8a9703774c60cf515b6e99ec623dae83133e9909484f2f14e386

SHA512
0b7ba4acd801c101e0c4f718b797c7a87c07805491f88437c29ffe54bfe7b2588e37cc64d89f6cab5cfcca600cd89700ff3e669a2e0694466bb45be0a9aae4f4

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

Filesize
390KB

MD5
034e6f3ffdf27a786d5f69106f2962ce

SHA1
d8c9209e12c31f82ba4af569237a54b3a5406727

SHA256
b0801b782d4dad146f536e64338b6211ed33b6e7fec0c2295938f79f7379579c

SHA512
72a8b6906f2db7406c812b9db1c673ddeccc207d05201ca53971682ef692cf654e563afbc7c679532247db8bd5b4c9533f31c6533c4012bad174674d681df74d

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dbmanifest2.dat

Filesize
924B

MD5
497f07ec752a714727471d41056a92ee

SHA1
dffcec86a799907a21a9db799a58a840df3ee388

SHA256
38dfef9dd549abcba04c3499c5953f46cfc7d74ca70d64145bb74f89d75f8667

SHA512
87c8093633278a4c94d9a6d8a962c3aca6d25065d00d20c726a6d09e9320ab8a40f2508b90a494bbe46e7084131dbaadbd5e444b9fa1146ec67cc8e109d81dde

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt

Filesize
23KB

MD5
aef4eca7ee01bb1a146751c4d0510d2d

SHA1
5cf2273da41147126e5e1eabd3182f19304eea25

SHA256
9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

SHA512
d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

Filesize
149KB

MD5
4e02d4965ec183c94425a6c720053303

SHA1
5f556105d1f07be42802520a0eb376ccb040ed32

SHA256
52c8d11afce56436ecc81f535d54eb3695f16d36728c5514de9d90391750d6fe

SHA512
6e121d13c1cc51fd5ed2f72a7786a8117da113cc68084b895b829a0e95e7086a6887852d366f873db44abe9b89b84fcf69a6251425a52ed02f4bc5db189cfcb6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

Filesize
331KB

MD5
dd58b1403ac6d686f1c01f59d015d879

SHA1
c122d19c574672f6e4ccf48c85095a794ba16617

SHA256
3de4ecf820dcaa308043867e4a63390565d4308cdd500b48ce8ca78ed362f03e

SHA512
b31ca59e537f4e08fe25f482e0668666b396290eb9442a317dcb2b2711613a83c54dc51d5debf8b2779d48157e512154ce0549ef22ced5743e8121e1386a5785

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

Filesize
124KB

MD5
930bbebadd5cec785fd85e87a4067a7b

SHA1
9ae0d25d0f89bff3ae073ff16ba60a0906bbb444

SHA256
7f08957959f9f65a7c8e9c0bf36bd6e00824522813215a260e10b3536a24a54f

SHA512
a056f3a2865fd50521c975617035478a863f5556d44c1ba29d6bb0bc2c80c8135ab4a771a5e2329ba59f33d58d6867b50c3a2feda52cfcabb906fa49e5a16e8e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\scan.mbdb

Filesize
263KB

MD5
53e7edc219e633fd1ed25f8d1c17f825

SHA1
37ac9699c8cfe72c92110d6b931019e8f8031623

SHA256
3b3bff1b799fa3801acc3f3b70dabdb01810967d7dd39aaaff6b61141238cff5

SHA512
f78d1dd84913153330e51197ddd25668de842ab0a2008b5aa2457e21e2bf09db07376e080d226bbe6ba7660b3440450ed5e732784be24f24aefe6035cd747e97

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

Filesize
340KB

MD5
69e39cf52ec26212752bf815f7a15a10

SHA1
7d394e0565d7917e729ed0ba23b877ac8f0dbbdd

SHA256
577d383d6a55091ebdde3d4f8f70467ea637a70ca3c0bfc447ac7e03bf55d058

SHA512
1ecc3e01f821d3f8eb392322f8c378c297f2787e2525cd2d84908e60aa5eae12079224eda21239e817ca6f49c31ba26b68b9d2542accc2fe8c65e40f16004737

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat

Filesize
74B

MD5
43a66f01a40ca43f94291adf83283248

SHA1
e108ccfdf469ab6c168620a4fb235d057f2013c0

SHA256
eebb77fef6715025ff39143ce85b4e4923f3efd05e121f13dc337907246cdb80

SHA512
7dd86875ba0435bdec862c33b290409779d764b81e7c27df3bde75f031e463f613a8b7f65a06129cddeccc66b6ccaedd05d96371e82a116ff54ddbec89e8faca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e71d66ce903fcba6050e4b99b624fa7

SHA1
139d274762405b422eab698da8cc85f405922de5

SHA256
53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

SHA512
17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
43ed541fcc5cde8b549c5d1fe42a500b

SHA1
062895ec8be6a693e0c019eb90c5eea745ae2c0c

SHA256
14ec90bd43150b1bc9545f654da7c9a803a2688ed22ea19da901971ef22192a2

SHA512
10f5171c98fff84037dca21576c368b1133ec360dad51df14e21a3f35c5949f0664b490d61e7206e8783212d1bfcafc00a52ae33f058575dbca7e67209e27b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
44a86edab04cd3abedcf79a2d1985ba9

SHA1
fde632153e253c13f2fa914f04de6550d46ad5bd

SHA256
a8db9e7395e96b02d33b9c4a1a39ef8d35043ac181044b1382d46b6f263c6f9b

SHA512
e7178ba0c3ae5950fc3e8677cfd222467468f6de9846bee3ce44b404ed810c67f1ed9da91a53b35239452e49a52ad32a17fbc10a87ddf5fbcfd0e51b7d65e5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a96e57f9a1724d20080143704f801394

SHA1
5ef8161820c860a69b250f1e7b0bd39af58c75dd

SHA256
e7f8035c3c1db2c172a058d0ce56957b12391160ed11033f3a332b0457e6a832

SHA512
ec9d2bb6885fe69d288b34f6451580219bd7fbdd0af68e5190e8c06cd1367a17ef0d8915fe31d4d0f8dea13565683cabe1e830de6b2d6bafe38ab3b2c423f853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1b1b142e24215f033793d1311e24f6e6

SHA1
74e23cffbf03f3f0c430e6f4481e740c55a48587

SHA256
3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

SHA512
a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
71048bb09215ef68576255fb0e39416b

SHA1
351cbf3eb23b73c5f10ebc761e797d61dc5e0b45

SHA256
7329b967c8fec22bda7dda1e87a2636ea92f6cf46203e3a6fade0aad6f83edf6

SHA512
4fab8343bc8cedffc006ed41301046c09233ff06c42fcb3b10db0a4623f6ccd7062b8a3276eda58bedcddc90aab487f065c8d3a3188583ca08165fc096b6c4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ae8c13e32ddc3365d574fc58cec0b303

SHA1
94642df4dd6ef15d14fdbf2f18e49c83c4b486c1

SHA256
c00c28b95923bcece15303b85dcd7faf3d4a619765dec07efa2d7c6842ac3777

SHA512
6e40bcca163a0320bb8e2c80e2fe386819b2771e35e985b39d31c5e4076f569ce978b33cc4a6f6390aa64e7eba6e769834e1837295462fa3e380e0194a3f9b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e6e33a9305605f63b8dfb8986c7d72f6

SHA1
6323c3d62e0342e588a92f4a4f85cee71437a5f5

SHA256
aeebd0343ba5eb9e9617e7c7a0ff479dcd529f574e5a4c0cb3ae49931ca623ca

SHA512
8a233ca204f5e29b0f9d6bf5b8cac8db7754fb489f25469170c0cc6b39f414f8b262ec4db151d05a2005729b32d64af8cd67ce94e96262a7d1009fa819360e0a

Download Submit
C:\Windows\System32\drivers\mbamswissarmy.sys

Filesize
121KB

MD5
196ab0ee915e951db8f085623ac0eb74

SHA1
8a7756d11e18edbc7c920dd3f0d2b34974ff2821

SHA256
17d019c8a42647b1ee39b3402e924b7df32fe2b5846f4f4f5d08ebea3e026fa0

SHA512
382346c0a5b638345baad04a08a21c040c5ffe0cce94e01b65e4db31afa215ca11e5545d400970f061bfff28dc68a909e35872bd0313a1c82e07be45af224fc8

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\7z.dll

Filesize
1.6MB

MD5
ab8f0c1a37c0df5c8924aab509db42c9

SHA1
53dba959124e6d740829bda2360e851bcb85cce8

SHA256
6e223b275b84d948cc5ae1f161f0bfff2adb34de04634c84d7dbe9305a4998d5

SHA512
ff8a26e8fd5a08c74e5ba93a564e0d3cd932754e7f06993a365bfad06670497889e69ec45bfba1378040b72f82d468e79682beba2439937bb29d2a41da940d4a

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\7z.dll

Filesize
1.1MB

MD5
151836c2f0da936262700b2fd7dffb2b

SHA1
8d884ad8d9b11bff7f72911910ac9e957a694787

SHA256
b5628176db3fc7d3c26a03a33cd3eb706613a0048f8ff267008a1f2c2b6483e1

SHA512
a622efb5ee6883ce9e88978fab39434f6b4bade75456b5718c38b94b4287b357747fa0466305989075e637042676f1efee52e814e2252b16713055c8557e70b6

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\ctlrpkg\mbae64.sys

Filesize
154KB

MD5
95515708f41a7e283d6725506f56f6f2

SHA1
9afc20a19db3d2a75b6915d8d9af602c5218735e

SHA256
321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

SHA512
d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\dbclspkg\MBAMCoreV5.dll

Filesize
5.1MB

MD5
208f57df7a6262bdb9f31defb6b0115d

SHA1
a95224315edc29489f2a6ddfb3b219f8447160af

SHA256
7b847cfb65f57aaeb8409d19b6b3afe3e40cfe57bd14430a3bf60f9bc48e9303

SHA512
7b824e41b2fcbb90c2a0beea5fa2614abbb93141b18078ebdfd6cea1dbde929f2afb8285e8d532c1e2982615a8104d808b4c1b5e4c83cfe17a0f520c37157a1e

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\servicepkg\MBAMService.exe

Filesize
5.1MB

MD5
5ae66c9482072e3c62d6b73d5e497a68

SHA1
6cb5dc4e8e62a539821f712cee1ac91e368adee8

SHA256
9261dd833697ad976ae3c8e73656e1bb57bc3bad3c275583cf28623de1f0a176

SHA512
c98361e8b6b51315ace311836509ccc99300c45ae01d7b1904ae9cee5aa6ad98c395f46b4da557f01c7edceada656912318bd12c0d37deb00d4460514cb24296

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\servicepkg\mbamelam.cat

Filesize
10KB

MD5
60608328775d6acf03eaab38407e5b7c

SHA1
9f63644893517286753f63ad6d01bc8bfacf79b1

SHA256
3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

SHA512
9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\servicepkg\mbamelam.inf

Filesize
2KB

MD5
c481ad4dd1d91860335787aa61177932

SHA1
81633414c5bf5832a8584fb0740bc09596b9b66d

SHA256
793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

SHA512
d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\servicepkg\mbamelam.sys

Filesize
20KB

MD5
9e77c51e14fa9a323ee1635dc74ecc07

SHA1
a78bde0bd73260ce7af9cdc441af9db54d1637c2

SHA256
b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

SHA512
a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\servicepkg\mbshlext.dll

Filesize
624KB

MD5
9df072881a7dfda9354288080f142148

SHA1
2930d68df210a88d5809a74e0f0edde00f4636b3

SHA256
84361df4bd5313a225665fbbc28a83c22be0ad7e53475e648da24d98deb9f4ce

SHA512
955df6a0c338f63680a0fe8952b8837d580b1c518138644545f698924a6916b08ecda5d7c5835415f679e0f5b07e103f7c51376b5e5285281acfb1543112d4a6

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qml

Filesize
1KB

MD5
d8c9674c0e9bddbd8aa59a9d343cf462

SHA1
490aa022ac31ddce86d5b62f913b23fbb0de27c2

SHA256
1ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7

SHA512
0b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82

Download Submit
C:\Windows\Temp\MBInstallTemp472b851dbc4111ee9f176e89f5e0ecb7\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml

Filesize
1KB

MD5
829769b2741d92df3c5d837eee64f297

SHA1
f61c91436ca3420c4e9b94833839fd9c14024b69

SHA256
489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0

SHA512
4061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521

Download Submit
memory/2284-4419-0x000001B9E8B30000-0x000001B9E9013000-memory.dmp

Filesize
4.9MB

Download
memory/2284-4179-0x000001B9E8B30000-0x000001B9E9013000-memory.dmp

Filesize
4.9MB

Download
memory/2284-4303-0x000001B9E8B30000-0x000001B9E9013000-memory.dmp

Filesize
4.9MB

Download
memory/5900-4334-0x00007FF859330000-0x00007FF85989B000-memory.dmp

Filesize
5.4MB

Download
memory/5900-4333-0x00007FF8598A0000-0x00007FF859CBE000-memory.dmp

Filesize
4.1MB

Download
memory/5900-4335-0x00007FF68FB00000-0x00007FF6911C4000-memory.dmp

Filesize
22.8MB

Download
memory/5900-4342-0x000002BF52380000-0x000002BF52390000-memory.dmp

Filesize
64KB

Download
memory/5900-4836-0x000002BF52380000-0x000002BF52390000-memory.dmp

Filesize
64KB

Download
memory/6016-4207-0x0000027068510000-0x0000027068710000-memory.dmp

Filesize
2.0MB

Download
memory/6016-4202-0x00007FF8598A0000-0x00007FF859CBE000-memory.dmp

Filesize
4.1MB

Download
memory/6016-4204-0x00000270673F0000-0x0000027067400000-memory.dmp

Filesize
64KB

Download
memory/6016-4205-0x00000270680D0000-0x0000027068510000-memory.dmp

Filesize
4.2MB

Download
memory/6016-4203-0x00007FF859330000-0x00007FF85989B000-memory.dmp

Filesize
5.4MB

Download