Analysis

  • max time kernel
    212s
  • max time network
    213s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-06-2024 14:56

General

  • Target

    BytesGen.zip

  • Size

    29KB

  • MD5

    36c8c7e6265de469fd35d5da73fbad55

  • SHA1

    a995722a6d96efb0a47f0c10b00ffe6dc72557ad

  • SHA256

    d4d608a2a0763e50b5d6b651683abf63bb7b41673b181cfa6c58178c49cdf281

  • SHA512

    ddaf2523fe52c9f48be4befd9637a1602c811540c8344bea5758bdfec7cff81b908878125b7e1835e3dfb3cb6dae9a8ca772652d0d9c5735e8a5c3e1183d8a39

  • SSDEEP

    384:smuUFUACXk82FvDLTi6VhkYIX3kWNLKoH3936f0NWXlFmtxfjq0K568uD4H:smDFUAck8gvTi6VlIfHX936MNWVsLQ

Malware Config

Signatures

  • Downloads MZ/PE file
  • Drops file in Drivers directory 6 IoCs
  • Modifies RDP port number used by Windows 1 TTPs
  • Sets service image path in registry 2 TTPs 2 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 7 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 26 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 16 IoCs
  • NTFS ADS 2 IoCs
  • Opens file in notepad (likely ransom note) 4 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 56 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\BytesGen.zip
    1⤵
      PID:4856
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:3144
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\BytesGen\README ! ! ! ! .txt
        1⤵
          PID:2284
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
          1⤵
          • Enumerates system info in registry
          • NTFS ADS
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:4356
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd061c46f8,0x7ffd061c4708,0x7ffd061c4718
            2⤵
              PID:4072
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
              2⤵
                PID:3012
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:432
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
                2⤵
                  PID:3548
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
                  2⤵
                    PID:716
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
                    2⤵
                      PID:3804
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
                      2⤵
                        PID:1828
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
                        2⤵
                          PID:2688
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
                          2⤵
                            PID:2192
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4496
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
                            2⤵
                              PID:4284
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
                              2⤵
                                PID:824
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3628 /prefetch:8
                                2⤵
                                  PID:4660
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5368 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3640
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
                                  2⤵
                                    PID:208
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
                                    2⤵
                                      PID:1184
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                                      2⤵
                                        PID:3180
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                                        2⤵
                                          PID:1216
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
                                          2⤵
                                            PID:1356
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                                            2⤵
                                              PID:5380
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                                              2⤵
                                                PID:5388
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5416 /prefetch:8
                                                2⤵
                                                  PID:5824
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
                                                  2⤵
                                                    PID:5832
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:8
                                                    2⤵
                                                      PID:5932
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6448 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:6056
                                                    • C:\Users\Admin\Downloads\MBSetup.exe
                                                      "C:\Users\Admin\Downloads\MBSetup.exe"
                                                      2⤵
                                                      • Drops file in Drivers directory
                                                      • Checks BIOS information in registry
                                                      • Executes dropped EXE
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of FindShellTrayWindow
                                                      PID:4036
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,4008777596929574945,5613979788875854680,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5404 /prefetch:2
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:6500
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:4656
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:4284
                                                      • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
                                                        "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
                                                        1⤵
                                                        • Drops file in Drivers directory
                                                        • Executes dropped EXE
                                                        • Impair Defenses: Safe Mode Boot
                                                        • Loads dropped DLL
                                                        • Enumerates connected drives
                                                        • Drops file in Program Files directory
                                                        • Modifies Internet Explorer settings
                                                        • Modifies data under HKEY_USERS
                                                        • Modifies system certificate store
                                                        • NTFS ADS
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:5340
                                                        • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
                                                          "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Drops file in System32 directory
                                                          • Drops file in Windows directory
                                                          PID:5264
                                                        • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
                                                          "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
                                                          2⤵
                                                          • Drops file in Drivers directory
                                                          • Executes dropped EXE
                                                          • Modifies registry class
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:5752
                                                      • C:\Windows\system32\svchost.exe
                                                        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
                                                        1⤵
                                                        • Drops file in Windows directory
                                                        • Checks SCSI registry key(s)
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:4596
                                                        • C:\Windows\system32\DrvInst.exe
                                                          DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "000000000000014C" "Service-0x0-3e7$\Default" "000000000000015C" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
                                                          2⤵
                                                          • Drops file in System32 directory
                                                          • Drops file in Windows directory
                                                          • Checks SCSI registry key(s)
                                                          • Modifies data under HKEY_USERS
                                                          PID:5460
                                                      • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
                                                        "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
                                                        1⤵
                                                        • Drops file in Drivers directory
                                                        • Sets service image path in registry
                                                        • Checks BIOS information in registry
                                                        • Executes dropped EXE
                                                        • Loads dropped DLL
                                                        • Enumerates connected drives
                                                        • Drops file in Program Files directory
                                                        • Checks processor information in registry
                                                        • Modifies Internet Explorer settings
                                                        • Modifies data under HKEY_USERS
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:5800
                                                        • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
                                                          "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
                                                          2⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          • Loads dropped DLL
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of FindShellTrayWindow
                                                          • Suspicious use of SendNotifyMessage
                                                          PID:3916
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:4400
                                                        • C:\Windows\system32\NOTEPAD.EXE
                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\BytesGen\keydata.dat
                                                          2⤵
                                                          • Opens file in notepad (likely ransom note)
                                                          PID:3528
                                                      • C:\Windows\system32\OpenWith.exe
                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                        1⤵
                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:6164
                                                        • C:\Windows\system32\NOTEPAD.EXE
                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\BytesGen\windows%32%.config
                                                          2⤵
                                                            PID:6220
                                                        • C:\Users\Admin\Documents\BytesGen\Keygen.exe
                                                          "C:\Users\Admin\Documents\BytesGen\Keygen.exe"
                                                          1⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:6288
                                                          • C:\Windows\System32\cmd.exe
                                                            "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Windows ExpIorer" /tr '"C:\Users\Admin\AppData\Roaming\Windows ExpIorer.exe"' & exit
                                                            2⤵
                                                              PID:6360
                                                              • C:\Windows\system32\schtasks.exe
                                                                schtasks /create /f /sc onlogon /rl highest /tn "Windows ExpIorer" /tr '"C:\Users\Admin\AppData\Roaming\Windows ExpIorer.exe"'
                                                                3⤵
                                                                • Scheduled Task/Job: Scheduled Task
                                                                PID:6476
                                                            • C:\Windows\system32\cmd.exe
                                                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpB5AA.tmp.bat""
                                                              2⤵
                                                                PID:6392
                                                                • C:\Windows\system32\timeout.exe
                                                                  timeout 3
                                                                  3⤵
                                                                  • Delays execution with timeout.exe
                                                                  PID:6452
                                                                • C:\Users\Admin\AppData\Roaming\Windows ExpIorer.exe
                                                                  "C:\Users\Admin\AppData\Roaming\Windows ExpIorer.exe"
                                                                  3⤵
                                                                  • Executes dropped EXE
                                                                  PID:6520
                                                            • C:\Windows\system32\OpenWith.exe
                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                              1⤵
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:6648
                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\BytesGen\logs.dat
                                                                2⤵
                                                                • Opens file in notepad (likely ransom note)
                                                                PID:6724
                                                            • C:\Windows\system32\NOTEPAD.EXE
                                                              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\BytesGen\keydata.dat
                                                              1⤵
                                                              • Opens file in notepad (likely ransom note)
                                                              PID:7076
                                                            • C:\Windows\system32\OpenWith.exe
                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                              1⤵
                                                              • Modifies registry class
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:7028
                                                            • C:\Windows\system32\OpenWith.exe
                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                              1⤵
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:7116
                                                            • C:\Windows\system32\OpenWith.exe
                                                              C:\Windows\system32\OpenWith.exe -Embedding
                                                              1⤵
                                                              • Suspicious behavior: GetForegroundWindowSpam
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:1328
                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\BytesGen\BunifunTU.DLL
                                                                2⤵
                                                                • Opens file in notepad (likely ransom note)
                                                                PID:6072
                                                            • C:\Windows\System32\cmd.exe
                                                              "C:\Windows\System32\cmd.exe"
                                                              1⤵
                                                                PID:5512
                                                                • C:\Users\Admin\Documents\BytesGen\Keygen.exe
                                                                  keygen.exe
                                                                  2⤵
                                                                    PID:4924
                                                                  • C:\Users\Admin\Documents\BytesGen\Keygen.exe
                                                                    keygen.exe
                                                                    2⤵
                                                                      PID:2036

                                                                  Network

                                                                  MITRE ATT&CK Matrix ATT&CK v13

                                                                  Execution

                                                                  Scheduled Task/Job

                                                                  1
                                                                  T1053

                                                                  Scheduled Task

                                                                  1
                                                                  T1053.005

                                                                  Persistence

                                                                  Boot or Logon Autostart Execution

                                                                  1
                                                                  T1547

                                                                  Registry Run Keys / Startup Folder

                                                                  1
                                                                  T1547.001

                                                                  Event Triggered Execution

                                                                  1
                                                                  T1546

                                                                  Component Object Model Hijacking

                                                                  1
                                                                  T1546.015

                                                                  Scheduled Task/Job

                                                                  1
                                                                  T1053

                                                                  Scheduled Task

                                                                  1
                                                                  T1053.005

                                                                  Privilege Escalation

                                                                  Boot or Logon Autostart Execution

                                                                  1
                                                                  T1547

                                                                  Registry Run Keys / Startup Folder

                                                                  1
                                                                  T1547.001

                                                                  Event Triggered Execution

                                                                  1
                                                                  T1546

                                                                  Component Object Model Hijacking

                                                                  1
                                                                  T1546.015

                                                                  Scheduled Task/Job

                                                                  1
                                                                  T1053

                                                                  Scheduled Task

                                                                  1
                                                                  T1053.005

                                                                  Defense Evasion

                                                                  Modify Registry

                                                                  3
                                                                  T1112

                                                                  Impair Defenses

                                                                  1
                                                                  T1562

                                                                  Safe Mode Boot

                                                                  1
                                                                  T1562.009

                                                                  Subvert Trust Controls

                                                                  1
                                                                  T1553

                                                                  Install Root Certificate

                                                                  1
                                                                  T1553.004

                                                                  Credential Access

                                                                  Unsecured Credentials

                                                                  1
                                                                  T1552

                                                                  Credentials In Files

                                                                  1
                                                                  T1552.001

                                                                  Discovery

                                                                  Query Registry

                                                                  8
                                                                  T1012

                                                                  System Information Discovery

                                                                  7
                                                                  T1082

                                                                  Peripheral Device Discovery

                                                                  2
                                                                  T1120

                                                                  Lateral Movement

                                                                  Remote Services

                                                                  1
                                                                  T1021

                                                                  Remote Desktop Protocol

                                                                  1
                                                                  T1021.001

                                                                  Collection

                                                                  Data from Local System

                                                                  1
                                                                  T1005

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll
                                                                    Filesize

                                                                    4.8MB

                                                                    MD5

                                                                    4a6bd96ef1a04a332a98af3cd9505507

                                                                    SHA1

                                                                    1bd6a43804226c32573283a9ad3848608f383591

                                                                    SHA256

                                                                    4a90709d539ca3194cf64ecff60896f0a8cc959f0cb4a83e5330c6c06951b8a2

                                                                    SHA512

                                                                    c806faef29d979d0b0b7d0de3484508a1fd5737dfa73b54eba6a9ff351a3c11d00609da41ab8060b067ff02b18a4313a20df04e5593aab366fee8db271791550

                                                                  • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
                                                                    Filesize

                                                                    4.2MB

                                                                    MD5

                                                                    80202b21a6f3df9d0d54f20a381df93c

                                                                    SHA1

                                                                    6915dcc75d0b84e5db40656d6382cb217a1996c2

                                                                    SHA256

                                                                    4217a62ea3df3bd98e40d205b4fb5f9673c340c366551adb771ff3e34e7bdcfc

                                                                    SHA512

                                                                    8d691deae1f7c5243d045940f7f728a874e72550859b291119c9b951bd95232980dc2a1b3c19154c723c42e0aa93747a046f747bbc305941594477a39c2925f1

                                                                  • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
                                                                    Filesize

                                                                    4.3MB

                                                                    MD5

                                                                    3dab92561baa80cfd65cb12206f67909

                                                                    SHA1

                                                                    c1af27bc59a047e1f6bfddced3c922f9a1c0c5d7

                                                                    SHA256

                                                                    18bc533cc8f6995644aaf7d453c745a9ed696a1472033219b9cab6adccd8fc48

                                                                    SHA512

                                                                    2bd06382f4a32f32a7ee548356775d2e3db382e07587dd6622be722f843f8f5c8cee0b131061142fb9605dc503435729410e1853895a0a8856db0776bfecea1f

                                                                  • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb
                                                                    Filesize

                                                                    13KB

                                                                    MD5

                                                                    0434affa018310878bcb593f1e687fdc

                                                                    SHA1

                                                                    8fe7a0b354fa1a2875c4a9486a759d6ffd660e64

                                                                    SHA256

                                                                    9ef1b9e8f27ff518faa378ce7c967bba97d14a8d7f68a7cb4e08269db986b098

                                                                    SHA512

                                                                    8652c4f99be49712c971a00d151582a33b97c5b76e50dffcdbf556a7859f7f36606602913d5d6fef74ddc0de0ceedbc6e4ae651eef740e3c0136ace6dc9600af

                                                                  • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat
                                                                    Filesize

                                                                    924B

                                                                    MD5

                                                                    b0a4df5abe41faeaa6ffe3fa9f798b3c

                                                                    SHA1

                                                                    f29e94e13f3b74f99eb093c609b3339558fbab50

                                                                    SHA256

                                                                    b18900930b99ff13312a4dcb2fefb68740a574d6a8a5463974b1ef5f0a74535a

                                                                    SHA512

                                                                    3f274288aecc5027e5676df509e5449de9b8fdf2193da58444769c2bba6e5f68a5c54083ed46a657a31a8139d957ffb867cc57d3554a834bb0f35311d7a4a0c4

                                                                  • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat
                                                                    Filesize

                                                                    514B

                                                                    MD5

                                                                    6da06f61916702d87f03be7b96a81c61

                                                                    SHA1

                                                                    a0edb68a14561924d7df8f7c2d84d44b8c8ff523

                                                                    SHA256

                                                                    2668c8799a332c9c90955f7cf41eb1ce96247b437300f86c36ee1c6b88d7ced7

                                                                    SHA512

                                                                    ab7c4ced27d839db071bc1bf9f8c5b389c931179735ae667ec6539f573d2b4ada57158838335752beb76a00d318848818561d07ffee8e7e3bac4b5fa837af3a6

                                                                  • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb
                                                                    Filesize

                                                                    24B

                                                                    MD5

                                                                    546d9e30eadad8b22f5b3ffa875144bf

                                                                    SHA1

                                                                    3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

                                                                    SHA256

                                                                    6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

                                                                    SHA512

                                                                    3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

                                                                  • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb
                                                                    Filesize

                                                                    24B

                                                                    MD5

                                                                    2f7423ca7c6a0f1339980f3c8c7de9f8

                                                                    SHA1

                                                                    102c77faa28885354cfe6725d987bc23bc7108ba

                                                                    SHA256

                                                                    850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

                                                                    SHA512

                                                                    e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

                                                                  • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb
                                                                    Filesize

                                                                    9.6MB

                                                                    MD5

                                                                    6288a7075210a909b6c04f958c2aec89

                                                                    SHA1

                                                                    81ac9494df9f11a448bce725b07df16ad1d36f3e

                                                                    SHA256

                                                                    af5584761a73313464ce850a59f06a7a8c567ea3a94016f3fe860f392ca8280d

                                                                    SHA512

                                                                    93c8745d3897f53338566053b6f800ff1ecd455bce9de8dcb400e8c5853f4cf5b5b8912e3841dc94ed3c67c9e8225359667b7075dcae5e2efa8b48e4bd2198d3

                                                                  • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb
                                                                    Filesize

                                                                    888KB

                                                                    MD5

                                                                    b479a7ee661053c1cbf487f05528f885

                                                                    SHA1

                                                                    27a1163a7b1bd1d56ab1b360665b45586ea273ba

                                                                    SHA256

                                                                    9c97c6fe7296207616b267adef5419b79ee33aaf6182d416c0a0ce2ca49e652c

                                                                    SHA512

                                                                    61429b48d47feef93cb59bb70207faa0f82d8f62c1f2f46d0552a852b08ad2133691e8999bff8706093c8895e09b7b585ddccad3cb018bf731bed6241899019e

                                                                  • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat
                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    8abff1fbf08d70c1681a9b20384dbbf9

                                                                    SHA1

                                                                    c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6

                                                                    SHA256

                                                                    9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658

                                                                    SHA512

                                                                    37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

                                                                  • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys
                                                                    Filesize

                                                                    107KB

                                                                    MD5

                                                                    83d4fba999eb8b34047c38fabef60243

                                                                    SHA1

                                                                    25731b57e9968282610f337bc6d769aa26af4938

                                                                    SHA256

                                                                    6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c

                                                                    SHA512

                                                                    47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
                                                                    Filesize

                                                                    8.6MB

                                                                    MD5

                                                                    8ef5fe48aa57a5c252d9bc09bc21d17a

                                                                    SHA1

                                                                    b1d73d06719c32163427ce69cabfd18630f20386

                                                                    SHA256

                                                                    75348e3dae5d4e878df0655583cc00281d7eab72b0b7a708dbd6fb9206315ffa

                                                                    SHA512

                                                                    7f8eac31a7cb9af960069785360e50686976f8f99ae709b0cfee6ed078dc9eaa80ba93ae1ea6d65998ca668e721162dbab237103c92ea38a76f6c8400e25d291

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
                                                                    Filesize

                                                                    2.9MB

                                                                    MD5

                                                                    46f875f1fe3d6063b390e3a170c90e50

                                                                    SHA1

                                                                    62b901749a6e3964040f9af5ddb9a684936f6c30

                                                                    SHA256

                                                                    1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec

                                                                    SHA512

                                                                    fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
                                                                    Filesize

                                                                    288KB

                                                                    MD5

                                                                    23f1360ae0e948d300f0f62b53200093

                                                                    SHA1

                                                                    e44fd6f0248e0a02525ee67664d83b535d9cb7d3

                                                                    SHA256

                                                                    40dfe0689b744e0812ce857f7221ff85431ca37315d9b4f75ca40892af5870da

                                                                    SHA512

                                                                    6e34d2546626736aa26b369a86745bdb9816138244fba3d5b5e29de4585cf4e66d52c35b5c5a577f252b62a137e340dd9de36c08a06f5395baec5a726ffb5222

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
                                                                    Filesize

                                                                    621B

                                                                    MD5

                                                                    a33d5e09f15829c70b497ff56de5506c

                                                                    SHA1

                                                                    7863918492fc5c05835ad398733d78a386f023a4

                                                                    SHA256

                                                                    a16e4987994e92f45f5fd21c7e2852cf59cea31e6ed948776c157cde5387fecf

                                                                    SHA512

                                                                    79b53b8137731233cf62c805b8d2b7a4d338f0f2bf38cadc4841ce5d5749e97048ea96ddfb4dd1cb5c1f6aab0cc8c7cbdfae4c6fa9303395dcdef473870833f4

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
                                                                    Filesize

                                                                    654B

                                                                    MD5

                                                                    73d230e1f515ac493bec1ada1fde8a6e

                                                                    SHA1

                                                                    5523374d7b4894c94a1d112371a8adb6eaf7b88a

                                                                    SHA256

                                                                    2ebf7e4b2a5d8d2b3fce798a8768905d8c8bb88078e3f0106fadb2329fa6edf8

                                                                    SHA512

                                                                    995f99b5cee57b78e0cd0b37505b750dde5dfb43022402c94f4b2d9d46602556e5c9f8b4656ad9b3a4c3638808e66ae7394305724494051d1544ebccdac3743c

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
                                                                    Filesize

                                                                    8B

                                                                    MD5

                                                                    dbee8e7bbcba63adfa242c00f228afb0

                                                                    SHA1

                                                                    6aae8d9e4053cb52a2f1b6847e65ec6335dbc0fc

                                                                    SHA256

                                                                    c01415842abaa4bb6ada941a44c132a4a41c55097fb7e931decd04e8b5d6d380

                                                                    SHA512

                                                                    1e82896df024fe6a2390e415bcf8dd92f71125639daebed99e115bd9ac219b5667201d29c6b2390a2fcd505c3780ba112ddfca128137b665da0cfdbd4d63f038

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
                                                                    Filesize

                                                                    3.8MB

                                                                    MD5

                                                                    d289d84c0406750cef937bdcdbd32740

                                                                    SHA1

                                                                    89a8a040a62bc0d2c2809177773f6a10bb83fae9

                                                                    SHA256

                                                                    e21d1060a4a2ad8d0cc781d0ec252b497d96915b648fbc9d1ab46ab750c8d00d

                                                                    SHA512

                                                                    c8abdac9756ba299ecd3285a134219ccc222acc9f005a71eae85fd815a93b17b8857ac1e446a8122755e8702a39b76c13df962ba79f45855c752e3347311e09b

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
                                                                    Filesize

                                                                    2.7MB

                                                                    MD5

                                                                    b7e5071b317550d93258f7e1e13e7b6f

                                                                    SHA1

                                                                    2d08d78a5c29cf724bc523530d1a9014642bbc60

                                                                    SHA256

                                                                    467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

                                                                    SHA512

                                                                    9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
                                                                    Filesize

                                                                    2.8MB

                                                                    MD5

                                                                    2bbf63f1dab335f5caf431dbd4f38494

                                                                    SHA1

                                                                    90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0

                                                                    SHA256

                                                                    f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364

                                                                    SHA512

                                                                    ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    5d1917024b228efbeab3c696e663873e

                                                                    SHA1

                                                                    cec5e88c2481d323ec366c18024d61a117f01b21

                                                                    SHA256

                                                                    4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8

                                                                    SHA512

                                                                    14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
                                                                    Filesize

                                                                    114KB

                                                                    MD5

                                                                    f782f049b0e8c13b21f8e10e705bd7e5

                                                                    SHA1

                                                                    5c11f955e3983c50ea46b5d432c97c9148ac8e9f

                                                                    SHA256

                                                                    16c450a310edbea07f578f31368f168ec338011cd117406898593e86ebb83dae

                                                                    SHA512

                                                                    eed29c42b14ff26a030f53d61d6dc8e3971e478dc7646b26189f14f16699b6bedc170c4bcc37efe2e8f3048bde37480033b49eaf1a4712b88464f5da0efc18f2

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.cat
                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    f7c8e0339bd48b6fe8eca81ac3ba5ba5

                                                                    SHA1

                                                                    1369bd4dcfa7709d8eed12fa76fdbebd39dd6bcc

                                                                    SHA256

                                                                    a9dd01f84a075ea8d0b0968fd7a11720e49f019834f7d4fe80f50dacb12030aa

                                                                    SHA512

                                                                    c722510c40fbed32bcda3b5b69c590a9043e4e51f8e804f77f73eb8ea0cac0f4a587ef540f2773981839f04e44f48bbc8b5e8c03ded3f0cf637ed1e3172c8e07

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.inf
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    d87c2f68057611e687bdb8cc6ebea5b8

                                                                    SHA1

                                                                    27b1311d3b199e4c22772fa1b7ea556805775d37

                                                                    SHA256

                                                                    ff93773f55bf4a6a0242adf82276a8c95c0b244b9bc05e515c4e810c81a960e8

                                                                    SHA512

                                                                    4aa65b8911d8a2a0f9ef0ee6e934b94db0a9ad4c2ec543b5edcf21486be43f6ab1fda6617ea2cbb85eff230628c9fa8e7649da915d6de695803b28e55bef5819

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\sdk\MBAMSwissArmy.sys
                                                                    Filesize

                                                                    233KB

                                                                    MD5

                                                                    4b2cc2d3ebf42659ea5e6e63584e1b76

                                                                    SHA1

                                                                    0042da8151f2e10a31ecceb60795eb428316e820

                                                                    SHA256

                                                                    3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c

                                                                    SHA512

                                                                    804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
                                                                    Filesize

                                                                    9B

                                                                    MD5

                                                                    5e0e2d584de048ec8e1d96a8402b9074

                                                                    SHA1

                                                                    bc939970e17845f19b5487ebc0f1962aa4f5a756

                                                                    SHA256

                                                                    2b7b5bc2a6db622fd284281cd712081dc0a8c2650ac55133a96d2a719306f41a

                                                                    SHA512

                                                                    8481bc8a5a7188e3d242f426d9daee162ed372101327ef6c452bdabb64cc3b5c38814715705d8341303a3ae1b377e6a0c77b8e0d7258376f563af8f9d21131f9

                                                                  • C:\Program Files\Malwarebytes\Anti-Malware\version.dat
                                                                    Filesize

                                                                    47B

                                                                    MD5

                                                                    3e97b6b68d223e9c0700c7a943013016

                                                                    SHA1

                                                                    4e1040cdb0e52dc26360bf4cd161a15035b9bab6

                                                                    SHA256

                                                                    0a2f7e18507594521dbf96d4f0f70d7d19b6b4f76b9ff8e4d89ba04ddc7477a2

                                                                    SHA512

                                                                    5ed7e4996b24ef03ffca63473c2ee4f92fd12c57a6d5c163a6ded4dc969cf48252dc00c1daa134bc6fcc7170c5dd15375886023177432179539de21f7bce1667

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    a01d5834cfc97bf80913db4ca44d3502

                                                                    SHA1

                                                                    33e1b78cca450860d61ea12ba7c089d6060a51a6

                                                                    SHA256

                                                                    660c404675f23ae99ae8bacbd78a4c8c4cb3da7a522727e1db7b6e8f87b4f18a

                                                                    SHA512

                                                                    58d887835bbebd345a299bb714495a009f1ca25c757f673951ad4b0845b518310e7975621aa57c4a558e006cc10452365261d5604fc1dcaaca78d4038a69516e

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
                                                                    Filesize

                                                                    47KB

                                                                    MD5

                                                                    0edacf1e04d104626fb34fc3af0dd05b

                                                                    SHA1

                                                                    050d5d55b4a21efc290d8269a241f0c70153e907

                                                                    SHA256

                                                                    74380d19fd241f60dc33d3c883b219d81c365efe3f21dd320f1b8f2551f084dc

                                                                    SHA512

                                                                    d052c3d0e9bf40eee63a3c0dfc640f68311df1207e59c67bdf153ff67c4eb392eda48ab1a84e5e48e9a0883d39bd3eb79688b22f624b0a16a1aba8dc744cd3bb

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
                                                                    Filesize

                                                                    66KB

                                                                    MD5

                                                                    f7d2c079780b8c47fc3dfe74a318c9b3

                                                                    SHA1

                                                                    2073cdf74dc7ad9592c8f43f2f9f0da96b3c9dc5

                                                                    SHA256

                                                                    98f2a18e3276244f569a9caf7f44cd376d553f7986743fe7cec5dfa418125f3b

                                                                    SHA512

                                                                    b7570b1f820e01f7be0e259d9660d57a1ccb8efaee38fa3b31caa039fe0d6eb4b9fcbe2a9cadb8aa86a3ae7c2704f3532fb67cecc82bef98d3b25e0af8081e38

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
                                                                    Filesize

                                                                    66KB

                                                                    MD5

                                                                    b5e0c656c16147e979de54434d995acd

                                                                    SHA1

                                                                    ad6279b733e450d49dddd4cd7e4f2b210a446ff2

                                                                    SHA256

                                                                    7e20ccb854c977c8b4374eb304580f26424a2b7ec05f1f9ce999fa45139e1865

                                                                    SHA512

                                                                    eac6e23b4ab699b86a070f95d47ac15e8a58f2db863434ffb95e15247368dd7c1f5def8577a3716eebbae32d2f7b62a3ccecdb6d1b70c16f062dc19c41f314e1

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
                                                                    Filesize

                                                                    607B

                                                                    MD5

                                                                    f09afb7eb9f0cd7af62b127109f01746

                                                                    SHA1

                                                                    c234ae340cfce3a21302ef31abad67753ad8101e

                                                                    SHA256

                                                                    ac6cf1c434abbcbe976a79eb6e504514aead20d4c765aa8e5f7784be86a18769

                                                                    SHA512

                                                                    49f316d8d078a3c7b573e58d3def447913543bb82038a20654f4f111c275df1a64cee6af939f1559c2b9761c91dccac7f7abc2b7deb40dcf2b708730008e2649

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
                                                                    Filesize

                                                                    847B

                                                                    MD5

                                                                    90f6e9c16af43def63d4e0a58d2dbf44

                                                                    SHA1

                                                                    9b17427cd965a481fd47f96e406153972ae94826

                                                                    SHA256

                                                                    4387670cb3e26735a1c5d3703c124530d8499bc58265058aea021760e1b34ebe

                                                                    SHA512

                                                                    03d4b982b914cbf8efe5e5b4a90f4013be486723f98149e506cfada099ef21d467ea2a02b4ba9717fcad93bcc1a9f7d921cf384d2e74de224a5f1048ca9999f0

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
                                                                    Filesize

                                                                    846B

                                                                    MD5

                                                                    be6452dc8646ddedfa6e6cde459f26ca

                                                                    SHA1

                                                                    8a35bd97137668c80a5a812f4b1eeec88999b70c

                                                                    SHA256

                                                                    f7b290fe8f3360e870dc9466e15460a6833f777249175b2d6e61e434bc986f26

                                                                    SHA512

                                                                    7765e64acb6b2c24f59839366761796afe840f2398b0af190736a39a64df9e5004a39082e5200d9c589ad2fa686b6bd7bcc215f9be8320affabba4a923adadf8

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
                                                                    Filesize

                                                                    827B

                                                                    MD5

                                                                    2b55eb185544cb6009428e7537e4da51

                                                                    SHA1

                                                                    a568a45fa157e1a3136c93703d409be7f3c5ad3f

                                                                    SHA256

                                                                    d3b7cbd756b3fb2c6bbcdd57ee55bf2f502e864fab312491c7fdb89d12737327

                                                                    SHA512

                                                                    e7734253f5f8e669d3ea65c5539bdba52607b5ae80569ef27f7625957452b799b4835b6c5b7c669fb5eab11ccdc0b5a2954d3851cbaec474ec85d2077c654516

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    64b295c89a2195f8508741aa68b7b816

                                                                    SHA1

                                                                    24ae16da90a4e6ab4eea1bd178caa9d0b4a90883

                                                                    SHA256

                                                                    d0b60ebcc0b624bcf1918e7d3c8f04f3c16c0d749e838ee7086c8d28c57f8d66

                                                                    SHA512

                                                                    adf6eff8f27f0538026f2858390a5788cc4518416b7a1e2a5b1df53337b468dcf1f27dba86064cbdb680ad50d8f1895a7f465a118e0e0bb0ebbd5182004877e2

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    beba42771d09c27eaad6405566a8d9fd

                                                                    SHA1

                                                                    7903e15ad5816e1680593b9b59ef618a0a765e20

                                                                    SHA256

                                                                    02ab60bd3c8725881b1887634e38181d18bb5b93469271086c738f85e248157d

                                                                    SHA512

                                                                    9ab50b205cdafabf4ea729b174488cc05f9f113d83bd65982e1641def95514d94a44b6ca238c25d66b3c7753a70ec3b03e421fc0d187a97ae0f0f7643fdddf41

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    8379b4d49ab67533f139ee322cf71567

                                                                    SHA1

                                                                    438559aedf0b4a65544d0112c0c1c4a067e1e019

                                                                    SHA256

                                                                    e9a678b55fd040e0c6c427aed1210626f1507859069628b692ad4a17b585b629

                                                                    SHA512

                                                                    afa967919a866c19a72ecd923c526bd7c594281bf4afefc61268393f8494025a660f204939de63f8d2d68019eb41a91bced9943a27083dd7d5fb4c438abb997b

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    3916796cad82a21209c95e275f0555b6

                                                                    SHA1

                                                                    885e02fc2a3fa44111b9474f45af846540fa3cad

                                                                    SHA256

                                                                    6d141b44c28906d346f55a7fc7e290545f124643787837f67b3c276a2ffed961

                                                                    SHA512

                                                                    b511b05b18c7bd5a0e20996d983c8d43cf3beec26bb27d0fe806a02db6de7b45f1a4983b0f905ee60adf7f85d66ebd1781ecd6fb53668462b1d8803758b62310

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
                                                                    Filesize

                                                                    814B

                                                                    MD5

                                                                    e6b064586df65bbc8222530c2fe44606

                                                                    SHA1

                                                                    00b4974bf2895fe658477dcfe4aafda835ad2128

                                                                    SHA256

                                                                    ea1c38aa757b91d6b14be1b82c8a36b079badcfdd9267451760eebbe5360bf5b

                                                                    SHA512

                                                                    55e4b4f485d732b80b781b54f86c151cf9d1f2a61fdd28456dbf9a126a6889b0748c63c7b577582019cf2f652d46316153a10ae27b450fd005b90da67ba7ad7d

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
                                                                    Filesize

                                                                    816B

                                                                    MD5

                                                                    defbbf7fd5b6db21d3d3292c7aa60fc7

                                                                    SHA1

                                                                    10bfce2aa55b786d5c0529de1f6d782069b44c24

                                                                    SHA256

                                                                    73feb4e5a5847d264e8704f7932e8e120301dacb5dff62bdab737928d0f13dc6

                                                                    SHA512

                                                                    4a04a29ccb7cb191104030a3f1409dc41e66247cb337d5c3b2e15636511c94c3dd205a6bbb510887445e3d71d95fcc825a7adc9a496ec30166e887d7cdc7a221

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    cf0913a694fe31a343fb9a6c348bdc80

                                                                    SHA1

                                                                    dd43be6bcba4c55eb8b8f31fabf025313e110cec

                                                                    SHA256

                                                                    5c2e425edaf1f699b8ce52809a7ad865593bd91df88ac220f3215c8dad9f8790

                                                                    SHA512

                                                                    af24b3771383de79f2e5bdff7a6f9b2dcb36fbc37067f67c29787a648f394a9f4364c3bc21c05ca4b5ff9d463170fc90a78f0e1f792ca9dbf9f1d3e5607ed19e

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    e2b846c43b64f486b9033d99dee6ae13

                                                                    SHA1

                                                                    bdac1e8f8ba676cb2f9726d1133a6b13cc475d26

                                                                    SHA256

                                                                    2ea3573f7c77c56130a11124b438994b0724bea6e034e7ebbb408e88508a853d

                                                                    SHA512

                                                                    6f3f8a2058c1bb9010be0bc88c22bb01afe1222af45a16610f42e856882a5daa679cacd6e093542a37dae054c7450b4b3db4febe0bf5e00f7ddb7e32a9aefc93

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
                                                                    Filesize

                                                                    4KB

                                                                    MD5

                                                                    e7ea99c921ddbde3a33421f0b9b60038

                                                                    SHA1

                                                                    de97c85a1025d00eb75cb49bad26f04139be11e5

                                                                    SHA256

                                                                    73e321edbd4b0933dc7f3e70dc1d511700089c8707fe2fb27e5185aaa7969acb

                                                                    SHA512

                                                                    c106b745c39c1ac2f694e99a945a193814888f4a0a5b53deb7702496fa11a355b4debae70cae9cab8597326ea2ed58e08b6dfcd62ec3205849f0926f354164f7

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    44291b22db63e8ff8c01e02b1bf0bab6

                                                                    SHA1

                                                                    2a77d10ad485504963a546bc5cbe8054531ea795

                                                                    SHA256

                                                                    8f5bf31067531f87843d86adbe94f6d0eebd9bfae715c3e08b2518d071b82bbc

                                                                    SHA512

                                                                    9e930f852d58f5df3a33bf9e21ebbbc03d2486b366a19e294031ca7667198fbce9d1195e3cbddad8fa843d7bb0a3e21a4c85f4506760c329165b7ec803e4e082

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    a8bd8d487ab94a3bdd1ee04401a45d92

                                                                    SHA1

                                                                    1c8879bcef0c110220bb1e0a3d5738c6e5a8ef5d

                                                                    SHA256

                                                                    a421ed5fbeb0c0cdd847203c1dba1ddf79694d7803ddcfc0fa9192d8346991cc

                                                                    SHA512

                                                                    5f8eb828811c48fccd84c7fc32eaafc3a733b55fd1385de54b813d877c9f6c4f279b2b5d962867513e9b55d496117d9e828cda8f7f55e21c3aeff5e85ada038d

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    84dee3f896ed53fcd4c27b134a73b9ba

                                                                    SHA1

                                                                    9ae8901bfda8e7c0c6db5ed76b0bde57ce2a4c02

                                                                    SHA256

                                                                    3756837613b8f142c539fe55e5a0d32e9798517363bd27f140f621befe7ecc09

                                                                    SHA512

                                                                    bb801e42bd5299fe1f1ecb63609865bc4df24fa63ec49dd61390a6c26b46b81fc8fc39cabf7d7a2fc28900d7104b9c617e7f8e0c18fe6691572b863e0306b50c

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json.bak
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    a8e11dcc1a944c972f6a227d218cb42a

                                                                    SHA1

                                                                    9be1e8ab5117d00f501b62f0f632a9a0d858cb6b

                                                                    SHA256

                                                                    f7734907cabedb435a8d7e81a97153a12a07fc3e7b1e0cf55ae9e2f91369d82c

                                                                    SHA512

                                                                    3f6df828181fee276993d0ab7f336d19372b2d55a3c29f37cb6f6611d9174d768697a68ed308d45e3bde5873523894537c34c9d33a7bcff7dea2a44feb6ff4ef

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    38b968d4062b3e86d352f3e1617f4fa1

                                                                    SHA1

                                                                    11e8ffee813ef8a85958553f87abaa999b47fdf6

                                                                    SHA256

                                                                    251f2a7ec0df8579e75d24baa9dcb2b38dc8f2201bf8f376778c39865764b780

                                                                    SHA512

                                                                    b749dad3a30141c4caae6d3eeab7b9b810ee170d19d127602182ded37a5dfc8b97173f45a116e051df28bbdc1c20c629faa3894955db1e3c338fac9084cd0b7b

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    4229a443bf4c21dd6a3603b8fe74c6fe

                                                                    SHA1

                                                                    b0423311a22282a8cdf8967d3455305143d6beae

                                                                    SHA256

                                                                    16bab2fb48eea2bcd70f2cf9ce3a7866660d4b3a90c5da904c921b69670b54b9

                                                                    SHA512

                                                                    4dcef2eb114e88f057a40129f1196b9f7b8eba6f61fa424d192d1aa30354bed8be7a467296bc4f72311513d91b5a50fb7a3a45fa1e5c3787c5bc4c3f68a4c844

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    c5a3e8762495ca562fe4d8da56bedb51

                                                                    SHA1

                                                                    f20bafe045c4aa357f8d4a54591dfe33e76b3bf6

                                                                    SHA256

                                                                    5eaad5191403a19b7b162d36d7f0d0530bd0ac50516a476e6848ab3464a4bc90

                                                                    SHA512

                                                                    0d7ac32d3aea78443bd3a3394361812bbc1442b2b2999ac9a4097759f2ce06d8e74579aa4dc9f387236e4474addb3dc7bb95fb40e59d1863e48b43540e2cc1b1

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    d914b867e8ad9d1985173f310ea2773e

                                                                    SHA1

                                                                    d728ff85207d4f84a107eb9d232cbfc6a5588437

                                                                    SHA256

                                                                    8c046f873327e50467edde6c59bea634276f19a382e2df488b96669d5f859096

                                                                    SHA512

                                                                    33f03db8cebe65d1730272d644a82a2dc9f495c3ca1c06253ec290e839fc267f3a2ee2a8d53ee2e355dd9259ff98b8a4d32caf6755a44aa84e35b02f83d9d68f

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    5065f0de836e7bc44788a4745d7524c7

                                                                    SHA1

                                                                    7c967f0e857ca431eab680b8e269016575274a07

                                                                    SHA256

                                                                    d366a5a35994f8ee4415274839143dc7371b1d3edac7021a833f0e74a56b5d7d

                                                                    SHA512

                                                                    55d015ab426b1d89f3f9a867a6100f2395479c7e1b60318b6d2c18770b3c9eed45a1910c94d250d97d405fd119bcdfdb69371a1c0505f9a36c892ab2363d7d0d

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    9a1b9e39983a7a21fb7f70e02ac7319b

                                                                    SHA1

                                                                    fec9e3658c047eb0a8f978e4f4053a288c70b5f3

                                                                    SHA256

                                                                    fd780280c0f0b0a2fefa3498ac859cf01e52ce6659b41ac114a295604ef36c4b

                                                                    SHA512

                                                                    da9d30af57217eabc5c44b9f6f8846bea4d1164437e85c94a039065a4b4684b29d310e7a7cec3a053ae536d906b2a928ce2bc4c470f0f51ddb8b18cc51c37b1e

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    0f02f6924371920294f890189c8fdd50

                                                                    SHA1

                                                                    836d722b01d66c2dfa1e0720b3b3a990e43470c1

                                                                    SHA256

                                                                    cf6c6c7879f0f82af331a38b1c495f3c171f80604a164c0fc341d4b5f27c50db

                                                                    SHA512

                                                                    3e6b46dba6f1bccd15e4fd1586156a7e12e71f1a4226312f34de8a821ed92c6fd6f3815912151d9792d208c9466e9dbf63f575099b62f0eaf348118b4f90f3ff

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    f934969b73c459b45da6ddf90894ab7c

                                                                    SHA1

                                                                    4e5fce764c0809540678cc5fbc7cd44546c11eda

                                                                    SHA256

                                                                    69d1556a6f49951a504be2dede1b7f474fd14e1fd05c3a7bc71a2b5ea4d8685e

                                                                    SHA512

                                                                    50af3c291ca15c9564b258be226ccf5d68a2e1d264ed655577d313b492ae212ae12aace81068b11655a98cf68731d73046e99603c2417a87cb89a3aea47a980a

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
                                                                    Filesize

                                                                    125B

                                                                    MD5

                                                                    f8de9bc0c58cadd4bee9cee0dcf3031e

                                                                    SHA1

                                                                    4a60495b4bc090ef75a5e5d8ced5fbb18faed973

                                                                    SHA256

                                                                    786a52a915da6a23d53d4c84855b76b58a987553d1ade29c2dffa75cacb8cd46

                                                                    SHA512

                                                                    659eabab8026b111f944fe590e52f868368456c9aaca4cc7428dde0334f61a615b9f4da0ba6600993889c5ba352a6866a295a92a51cea53801ab8ba4ddcac931

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
                                                                    Filesize

                                                                    4.5MB

                                                                    MD5

                                                                    f802ae578c7837e45a8bbdca7e957496

                                                                    SHA1

                                                                    38754970ba2ef287b6fdf79827795b947a9b6b4d

                                                                    SHA256

                                                                    5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b

                                                                    SHA512

                                                                    9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\BrowserSDKDLL.dll
                                                                    Filesize

                                                                    5.4MB

                                                                    MD5

                                                                    956b145931bec84ebc422b5d1d333c49

                                                                    SHA1

                                                                    9264cc2ae8c856f84f1d0888f67aea01cdc3e056

                                                                    SHA256

                                                                    c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3

                                                                    SHA512

                                                                    fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.nm
                                                                    Filesize

                                                                    335KB

                                                                    MD5

                                                                    ac657615f014ec0889d9817ce5191734

                                                                    SHA1

                                                                    46277408fc89319b152d86df03ddfccc11c51680

                                                                    SHA256

                                                                    e3a36eb49ae5f521653001cb8384f97322f25dacb49b6fe481de346d5de30fae

                                                                    SHA512

                                                                    309a2d1640ece5536e57c880711bb2752a9cae947f6015cd5b4b227a062c885363cfe3302c27105189c11c2ecbd34cd30348d2e2050688beceb3860fe975133c

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr
                                                                    Filesize

                                                                    17.4MB

                                                                    MD5

                                                                    911082e3f5e7cd4488c8942010f67b74

                                                                    SHA1

                                                                    ed48141abca2da0697b3b1e4210e501ef0924deb

                                                                    SHA256

                                                                    4a5252d3ecd5741cc40a8f86d4f5c7431f028d1af249145672ae7f286e1dc37c

                                                                    SHA512

                                                                    7c571337cbc5d257b8c0a911084e00e535aa04caec520188d9da1f226e2d079bc6a454ab898bc5d774c00988dd77e77e803f57711bcf2bccc626bd30292bf8ba

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\cfg.bin
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    69ac80ec518ddfcb3428c91e1064f4ec

                                                                    SHA1

                                                                    0d28ef92f3b27a70dffaa780999dfdfca078de1f

                                                                    SHA256

                                                                    9345fe4378ab8bc156b8e87d59f76f5dbde8f2a554941d5697c1c5d7bab508d9

                                                                    SHA512

                                                                    6e91f24aae10fe9f872a9ac7c62a8ef86f9ceae7ef47d06d38d355f31d874d00a36527c08682b28ff4bd31040bfa5b2738ebc3dd732b74a01a0e764c549134ea

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\dynconfig.dat
                                                                    Filesize

                                                                    39KB

                                                                    MD5

                                                                    10f23e7c8c791b91c86cd966d67b7bc7

                                                                    SHA1

                                                                    3f596093b2bc33f7a2554818f8e41adbbd101961

                                                                    SHA256

                                                                    008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

                                                                    SHA512

                                                                    2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\exclusions.txt
                                                                    Filesize

                                                                    23KB

                                                                    MD5

                                                                    aef4eca7ee01bb1a146751c4d0510d2d

                                                                    SHA1

                                                                    5cf2273da41147126e5e1eabd3182f19304eea25

                                                                    SHA256

                                                                    9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

                                                                    SHA512

                                                                    d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
                                                                    Filesize

                                                                    1.8MB

                                                                    MD5

                                                                    ffe5a249402aecd1d0b141012ef5b3cf

                                                                    SHA1

                                                                    9fe9b21390d35a0f82097fddaf1ee18e91fd2f2d

                                                                    SHA256

                                                                    1acc1c8c918e0ac6cdb4fc41d96339959d42a71947a02f573686ee091606ac57

                                                                    SHA512

                                                                    1f7427472ca3f8a9abf06d761595fadca59b77ccea93477e6d71546a1385d654817cb356585dc05499ef87f61c504511399620852e95a46601f31fc6fa05f2d7

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
                                                                    Filesize

                                                                    528KB

                                                                    MD5

                                                                    ad5afe7fe3eac12a647f73aeb3b578bf

                                                                    SHA1

                                                                    29c482e6b9dd129309224b51297bff65c8914119

                                                                    SHA256

                                                                    7d2c7bc745e07d54f1c26c06d7438eb40ec6f5d17dfa15928b67d447f4c63747

                                                                    SHA512

                                                                    5be9f8384cc22bb7d69d8e532e7025675db16777b2d01ca1819a6e3d8c7daaaaa23d842d338d55d74eb9973e230a8f9a11ce7524667fee09b18fbdcb5a49289f

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\tids.mbdb
                                                                    Filesize

                                                                    169KB

                                                                    MD5

                                                                    2b48ee7180940ce09e283a9a47a02641

                                                                    SHA1

                                                                    1719a2a520d1cffaf15597cab2789393156f3886

                                                                    SHA256

                                                                    ff7c93365ce1f5403fc5de2de027b9a78f5acb86cb94f78f44a101f0fabc5ba1

                                                                    SHA512

                                                                    5819ebc8bed0184c8243919e4306cf80da1eca0f5fe9ef69ebfb4ce28ff3239121e976c605158c471c0c3b12638268e06da05b111dda7b003af9cf8759f6269f

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb
                                                                    Filesize

                                                                    25.7MB

                                                                    MD5

                                                                    488c34cf83da90e2ae6615043c54629b

                                                                    SHA1

                                                                    448996b6e4a6b6b6dbc525cda72485dd3001c2db

                                                                    SHA256

                                                                    060881be0310c9f05f4ef24f252ce1d309f149c9c855ff7faa331acfc0983929

                                                                    SHA512

                                                                    5fd6abe8c87ff740d50c05b73c9bc76ba2a2a6280a0c78c407fb69950e177c5a2146d43c51704e595589e8d50e3e3766c5a5aef9992e37af471b89cc8e71d500

                                                                  • C:\ProgramData\Malwarebytes\MBAMService\pkgvers.dat
                                                                    Filesize

                                                                    75B

                                                                    MD5

                                                                    0b798c20f3edf79cd7b51c2649e9ef11

                                                                    SHA1

                                                                    f3d0f85ac8ed51f965555220b244cfbbcc765e58

                                                                    SHA256

                                                                    68764bb51a9674d25c3f33b044ab8604457c940444cf10246128ffd6cb4985a4

                                                                    SHA512

                                                                    34a24ac635b614e38c0c000d31970b7e2b45476ac6ff24f6e99a792e0452ab3aca820d2afe71591148ab0d7dbc84fcce160c9ef65e2d7e4fd809c4ada7dbd9bc

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    81e892ca5c5683efdf9135fe0f2adb15

                                                                    SHA1

                                                                    39159b30226d98a465ece1da28dc87088b20ecad

                                                                    SHA256

                                                                    830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                                                                    SHA512

                                                                    c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    56067634f68231081c4bd5bdbfcc202f

                                                                    SHA1

                                                                    5582776da6ffc75bb0973840fc3d15598bc09eb1

                                                                    SHA256

                                                                    8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                                                                    SHA512

                                                                    c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\96f50d93-e8d0-454f-8b53-cf5d22061dd9.tmp
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    dd665d07dbe72b2763badbbd3588733b

                                                                    SHA1

                                                                    a5a8785bcb27dd0a14bf0680b52e0d4e519ad458

                                                                    SHA256

                                                                    04bce3d86e5d8f2eaa2f88e40479f11984e67371200a211947cc92826b9b0e44

                                                                    SHA512

                                                                    de14e20b7fafb2b91d0d7e2df440347c67a136856b42fcd9fa2b8d19c8866a8275c8ddcd810c06cdeec67adf9b93989bad6f6130986213aadd48ec702a4fa2b2

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    87589f2218a26913cae6ed29642e1006

                                                                    SHA1

                                                                    22d8b6de7983f2b79b38a390bd253e22dfc514d1

                                                                    SHA256

                                                                    b34e298d91515c0c1c098b51de7c5c09f4d315b80af3a79ae4196924ee3899ba

                                                                    SHA512

                                                                    b910b09fef5ecd514d43c22548d4e7b7e21d7e41dccaf5947aa6cd278cd23e2e73499a63d81e7cd92f1c4c63ef44e279623203673f23bca777357f9aac6ad4e0

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    e2f1c90d421a18d4befb365a7b8bac3b

                                                                    SHA1

                                                                    58dc407789eefe62205add6a6c2a2d5a2c85c206

                                                                    SHA256

                                                                    c92bce9745234f492e739356cd00fc7aa4f595bece5bc3a486f3b7207db2004e

                                                                    SHA512

                                                                    d97e6fbe310c0dd159b64d8a7c96a0313605b5b68970da43fdd95cc0faac2d9e72665dde2a176be2dd4749adb927b2aee2c720ea1832fce23b976930bd95db2f

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    3KB

                                                                    MD5

                                                                    0a5cd45119402a13f15690cc79a052be

                                                                    SHA1

                                                                    86d98bd6376344822567d090ae216068194759df

                                                                    SHA256

                                                                    b5cfee2994c03ea4e9020fd44a92dee039b2ded9ee798d6ac217ea81e6335d8e

                                                                    SHA512

                                                                    34dc2ca790c218ef8ddbdae3337af8b1e66db7c88cd8821a4a5c2b46d0558a227114f803b05b60f202a495e3902bbd055be342987c54941709e65d21b117acdd

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    3KB

                                                                    MD5

                                                                    75f2cb7a68b2bf401ab4ba3a65d605b6

                                                                    SHA1

                                                                    745686415f2b06a045d45b15f214b7c31f4e34dd

                                                                    SHA256

                                                                    820ba56616a0cdd80e03423961741624fac8bb56b7088dc38e8f7ce6bc33d86a

                                                                    SHA512

                                                                    8f8a8782ada9b697a222c4d0b011336c4a07aae0ea01fa5e966f67f53400c9e636ee9fd36b8350e6ce49567bead7cd25c92e649ce09945139184fc7c0142ca33

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    ead764d29d00410b29336acfe522d2a3

                                                                    SHA1

                                                                    a26e09c00706186b49082eeab2202d50f323953c

                                                                    SHA256

                                                                    2217438495aa0f89f412e43a69afdd7a62d9e97ad4bfd780957cbac6dad6651b

                                                                    SHA512

                                                                    f0b2bf75488082f5c8ccce1fd859d1b9aadb5a2635474db931e8b41cc7275478049f161173f02aab3f6adf316bae62a62db82f5ce74eb77614c26de234e49b61

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    1fe2cfe8d0acc61d70a345e88f88e33b

                                                                    SHA1

                                                                    e5b270883b1cfe0bf4183a86a4ed5d992eba6e12

                                                                    SHA256

                                                                    081c23315a8f71568e01b92069db7a6dc3738808c9b5cf38579347abaf1b8be7

                                                                    SHA512

                                                                    b25db1685bdfed75630c2852273407008a1fa41d494dafaa909fd6072aa7aa3d1b980d08210406c58187ae10b278ad06402786ba83d1b7a5af25547eabdf1e7f

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    b280fff53144f794bf99ddd29d0a1c15

                                                                    SHA1

                                                                    4e56e0b138663afb3245ea113d00b05c35fc70e1

                                                                    SHA256

                                                                    7d75c79547662acbecf9a605d191b080271e31ed3f7fe7d74f89b51b6ca5a748

                                                                    SHA512

                                                                    b26a70894814ade6db87275d1790af2e83d356d645dc6594812ba7d3788a9508b3ff1230f095d3ed5e69450ec43f6cfcab5386857841dfd3f6e7c7069beb7895

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    af080a59eabbb06d8dea83a7998ed522

                                                                    SHA1

                                                                    0eeea1903f96da291eec393bfc9e221d61385fc3

                                                                    SHA256

                                                                    a1a6f5bdccb0dca7a24a5589845adf9c71020bd460919f769cd9b81583088d82

                                                                    SHA512

                                                                    6773f96b2b447beac66d4a9d7a9c687ec541fb450f7e02aa306a38513238a82b3b7d2fe7619ec412a0d07b330a1d752b0b51d6b852e2bb512a89210604f7a5d6

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    8c21aca492f9c5ca5a1c3754591c888b

                                                                    SHA1

                                                                    6d34665ef64fb420bfc00342dae2173257313093

                                                                    SHA256

                                                                    c4f7fe3809fc6f29cc624f0231396696813a2439a85a96d114813f0fbaeb81e8

                                                                    SHA512

                                                                    9cb1d5d5458b7594cd293629710044c0d38a7df9a6088a799b33f2f7ab59e7097558a7339ae3892705e320b0fb1766e5f6b22699335afd5769d80dace2c8e705

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    7d35e20892a753f44f097f656a246f4c

                                                                    SHA1

                                                                    94c9c7aa69e568dee7ecdbca7cd60ed25ce53994

                                                                    SHA256

                                                                    e75a2f310b18a841cc8eda6b0d3061a4e2dd6b09bd026d6a75b5747c3774b052

                                                                    SHA512

                                                                    2190c98ff83d8c5a453ee9e39f432dfb0b04d33b50cbe1bf2747a7688276d6c36f6d427d20646a0e360bc3db10a6d404ac08c226ac1093c4210705b3bd86cd89

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585c73.TMP
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    5c8e77e24b9d8a72a693ac20c7243a1c

                                                                    SHA1

                                                                    2ecf0c58b5f51b5783b92cf8873b043d0ad56cbf

                                                                    SHA256

                                                                    05418c9b91f533fb63873a6b76ce101fa6ce67a47f3294645bc520f02afd50a8

                                                                    SHA512

                                                                    59a032d5482054e0c7d90f3258fe718b614dffcd3926ecbe7cf4e5877ddd3e5b5b0d6bf6dc5239a027df1d17489eac17161288e2c52495aba9e9c8acc32c5d9f

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                    SHA1

                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                    SHA256

                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                    SHA512

                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    4d279312ed4c1ea0a1d9797054bcfe21

                                                                    SHA1

                                                                    e177d18f12b1dd7204dbd7060303359cf9eb2b8d

                                                                    SHA256

                                                                    38574d60e6ef0ade73e5e74e6896201c321e152ea6f07235555a3b4af759a5fe

                                                                    SHA512

                                                                    c290880f80741425a549e01457be3a1262858c7b4e49ae3a32092fa5bdd9c2fa679ae67e22321fe79bc2535e535b9da3e785c10564b320fa6d9eac6df0db4782

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    04245b92319eb6adf736e7b1efda82c5

                                                                    SHA1

                                                                    55b014095b29086fb1e440ad18152b726083b0f5

                                                                    SHA256

                                                                    3054f3b8d32f4baf3b4e1246c72f9d834cd9d6067bb7ae73b3911b9646426c42

                                                                    SHA512

                                                                    aeb68b18223dca51f7c6f36d18ba7e33357d5fc906eb0442190c8861b0d5c8e8a4404879940e8198df9e3e66707413055ef61f6f5d4ff51e4fac12efa35f27d1

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    99a951a825cf2a75784c3433bfd4ccff

                                                                    SHA1

                                                                    f61af36f658cd43eaeb23d7a875038bb66a8d0f8

                                                                    SHA256

                                                                    5ca92607a376b86ebb728fcfc3ad0592fb84f9d59b1409ab398c947dbf42497d

                                                                    SHA512

                                                                    209bfd9b3ea7ce318a2ddd89fbb836d08f61c027e4f42c4d8728a8dc1081855f7f8e68721541aee5b1662b74a294de5e0c9cfd89bf0c6487336def769048135e

                                                                  • C:\Users\Admin\Downloads\MBSetup.exe
                                                                    Filesize

                                                                    2.5MB

                                                                    MD5

                                                                    4e19e70399076ab58d1160d0fa2664ec

                                                                    SHA1

                                                                    e7ca7e0f1895c6bf60a14d6fbb0ccd4fb10a3134

                                                                    SHA256

                                                                    b9ee60f31be0b7dc3f814c8abbc7caacb6a3e1dc7eb1504b8e831dd42277f8d8

                                                                    SHA512

                                                                    f6338b52cb5a80d960e6b1ec72a28538614782a75d0270cb89e911160c0a0e8e3a4d0f93fb902c70c37cc5f4da0529043776e2c0b59287096f976addb7e584d8

                                                                  • C:\Windows\System32\CatRoot2\dberr.txt
                                                                    Filesize

                                                                    19KB

                                                                    MD5

                                                                    ecab02ba59bbe195113691d8b509c6cc

                                                                    SHA1

                                                                    4dff86ae4941dbb8db4e0b30f86b7e15584fa8a3

                                                                    SHA256

                                                                    2ba361b7ac686531e7182f23503ae57dd049297c2c9640da6bddf1c91cdc8d7f

                                                                    SHA512

                                                                    a0f5c1e7b39a34a84512814f07357a725a9c0206c8aedbd0383a60772c854c94fce1dde388085798b478f1b2588b82e174fcf1838cd0c3df291e1da864367cb1

                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                    Filesize

                                                                    19KB

                                                                    MD5

                                                                    82c9c396a0478b1c0898a7bcb00142dd

                                                                    SHA1

                                                                    a57adc62a6935d291cc1bdfc51e2eaa8a14da581

                                                                    SHA256

                                                                    a7dbe1a8ce33f2e648345dad607cb15d675c5d6022e77e4d2eb1f398c5e185c7

                                                                    SHA512

                                                                    9d45296f32b8638b0b6beff20d7d533b701f6ac55a321c9744f9a36a765ddfb3793170b6fa1af8aa0bdfd0fa85aa0b716e13c10cd4c2be92fe9a412d854c10d4

                                                                  • C:\Windows\Temp\MBInstallTemp3abd5c212d8311efa524fa8f9e8c279d\7z.dll
                                                                    Filesize

                                                                    1.6MB

                                                                    MD5

                                                                    4da585f081e096a43a574f4f4167947e

                                                                    SHA1

                                                                    38c81c6deae0e6d35c64c060b26271413a176a49

                                                                    SHA256

                                                                    623e628393bc4b8131c1f4302b195429dfa67e890d3325ceaa56940660052b1b

                                                                    SHA512

                                                                    0fe168bf1661691dbaa103e478dd7e46b476db094bf1938bf1ad12ddb8a8f371bf611ff504d2eb3ac319862444cc64a27ebee8735aa3752aa32a399b09427243

                                                                  • C:\Windows\Temp\MBInstallTemp3abd5c212d8311efa524fa8f9e8c279d\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
                                                                    Filesize

                                                                    372B

                                                                    MD5

                                                                    d94cf983fba9ab1bb8a6cb3ad4a48f50

                                                                    SHA1

                                                                    04855d8b7a76b7ec74633043ef9986d4500ca63c

                                                                    SHA256

                                                                    1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

                                                                    SHA512

                                                                    09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

                                                                  • C:\Windows\Temp\MBInstallTemp3abd5c212d8311efa524fa8f9e8c279d\ctlrpkg\mbae64.sys
                                                                    Filesize

                                                                    154KB

                                                                    MD5

                                                                    95515708f41a7e283d6725506f56f6f2

                                                                    SHA1

                                                                    9afc20a19db3d2a75b6915d8d9af602c5218735e

                                                                    SHA256

                                                                    321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

                                                                    SHA512

                                                                    d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

                                                                  • C:\Windows\Temp\MBInstallTemp3abd5c212d8311efa524fa8f9e8c279d\dbclspkg\MBAMCoreV5.dll
                                                                    Filesize

                                                                    6.3MB

                                                                    MD5

                                                                    0ccbda151fcaab529e1eeb788d353311

                                                                    SHA1

                                                                    0b33fbce5034670fbd1e3a4aeac452f2a2ae16eb

                                                                    SHA256

                                                                    2a6ac5a8677bd1b410420183169b9ca9ec87dbb78ce0f11ebac2bfa022df7c70

                                                                    SHA512

                                                                    1bf9b8849b27491ecadfb4caf4e61926f9a0a8479c247a2281ba2d7c1ae0587251330ee29cc053630047e279ef6b52d3a125e21144b9688f1328f101bfc3c2e9

                                                                  • C:\Windows\Temp\MBInstallTemp3abd5c212d8311efa524fa8f9e8c279d\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
                                                                    Filesize

                                                                    1.3MB

                                                                    MD5

                                                                    3143ffcfcc9818e0cd47cb9a980d2169

                                                                    SHA1

                                                                    72f1932fda377d3d71cb10f314fd946fab2ea77a

                                                                    SHA256

                                                                    b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7

                                                                    SHA512

                                                                    904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

                                                                  • C:\Windows\Temp\MBInstallTemp3abd5c212d8311efa524fa8f9e8c279d\servicepkg\MBAMService.exe
                                                                    Filesize

                                                                    8.5MB

                                                                    MD5

                                                                    31804b530a429b25e5763de3e7e5238b

                                                                    SHA1

                                                                    4d8eb7342a2bad8318ac51a02b7b55f978178422

                                                                    SHA256

                                                                    1541c57f87f24610dff7a77af7e932992ef574d16ef3c5e7007255776951ee3a

                                                                    SHA512

                                                                    efb6d78ad79c6edd8378640d2e6082320936b20462279ace63b127602009b06cc7097c822706cdbdbf9603e33372bfb5c8492c0319030a687589def37ba3c416

                                                                  • C:\Windows\Temp\MBInstallTemp3abd5c212d8311efa524fa8f9e8c279d\servicepkg\mbamelam.cat
                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    60608328775d6acf03eaab38407e5b7c

                                                                    SHA1

                                                                    9f63644893517286753f63ad6d01bc8bfacf79b1

                                                                    SHA256

                                                                    3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

                                                                    SHA512

                                                                    9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

                                                                  • C:\Windows\Temp\MBInstallTemp3abd5c212d8311efa524fa8f9e8c279d\servicepkg\mbamelam.inf
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    c481ad4dd1d91860335787aa61177932

                                                                    SHA1

                                                                    81633414c5bf5832a8584fb0740bc09596b9b66d

                                                                    SHA256

                                                                    793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

                                                                    SHA512

                                                                    d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

                                                                  • C:\Windows\Temp\MBInstallTemp3abd5c212d8311efa524fa8f9e8c279d\servicepkg\mbamelam.sys
                                                                    Filesize

                                                                    20KB

                                                                    MD5

                                                                    9e77c51e14fa9a323ee1635dc74ecc07

                                                                    SHA1

                                                                    a78bde0bd73260ce7af9cdc441af9db54d1637c2

                                                                    SHA256

                                                                    b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

                                                                    SHA512

                                                                    a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

                                                                  • \??\pipe\LOCAL\crashpad_4356_CGOJPNVWDKDEBSXD
                                                                    MD5

                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                    SHA1

                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                    SHA256

                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                    SHA512

                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                  • memory/5800-4357-0x000001F22E540000-0x000001F22E987000-memory.dmp
                                                                    Filesize

                                                                    4.3MB

                                                                  • memory/5800-4392-0x000001F22E540000-0x000001F22E987000-memory.dmp
                                                                    Filesize

                                                                    4.3MB

                                                                  • memory/6288-4397-0x0000000000010000-0x0000000000024000-memory.dmp
                                                                    Filesize

                                                                    80KB