c8a496dcf94d5d246dec0747f139957709b63412f48d9a1591ca5e771a988636

Analysis

max time kernel
301s
max time network
152s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mbam-setup-1.75.0.1300.exe
Size

9.8MB
MD5

683fdd3d773c58b262dc07cd0c6ce938
SHA1

d0bc40ebc2a60e259aff000acc025f68ef62da7d
SHA256

7efac5a2df9effd2b26de68163ad872d138082512d4403bbf1e1103722bb17bc
SHA512

b608da4e3dd2bc45bcc5ae84b7989e1ca8b7f05262418be1a04d70af5be7561835a3b897e21911678ab4c7e2de88891b235ce163c947ce71f227479539fcd2cf
SSDEEP

196608:5q5r20GmfsK9aoDKlE5xiKEsP/GfvUhWhyyvJ9ryBvX5NV3:52TGmxIKKKjivjv/hlh8vpP

Score

8^/10

discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

Processes:

mbam-setup-1.75.0.1300.tmp

description ioc process

File created C:\Windows\system32\drivers\is-3Q253.tmp mbam-setup-1.75.0.1300.tmp
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Executes dropped EXE 4 IoCs

Processes:

mbam-setup-1.75.0.1300.tmpmbam.exembamscheduler.exembam.exe

pid process

2308 mbam-setup-1.75.0.1300.tmp
3044 mbam.exe
1604 mbamscheduler.exe
1108 mbam.exe

description	ioc	process
File created	C:\Windows\system32\drivers\is-3Q253.tmp	mbam-setup-1.75.0.1300.tmp

pid	process
2308	mbam-setup-1.75.0.1300.tmp
3044	mbam.exe
1604	mbamscheduler.exe
1108	mbam.exe

Loads dropped DLL 64 IoCs

Processes:

mbam-setup-1.75.0.1300.exembam-setup-1.75.0.1300.tmpregsvr32.exeregsvr32.exeregsvr32.exembam.exeregsvr32.exeregsvr32.exembamscheduler.exembam.exeregsvr32.exeregsvr32.exe

pid	process
2536	mbam-setup-1.75.0.1300.exe
2308	mbam-setup-1.75.0.1300.tmp
2308	mbam-setup-1.75.0.1300.tmp
2308	mbam-setup-1.75.0.1300.tmp
520	regsvr32.exe
2308	mbam-setup-1.75.0.1300.tmp
2308	mbam-setup-1.75.0.1300.tmp
2308	mbam-setup-1.75.0.1300.tmp
1464	regsvr32.exe
1780	regsvr32.exe
3044	mbam.exe
2712	regsvr32.exe
2868	regsvr32.exe
3044	mbam.exe
3044	mbam.exe
3044	mbam.exe
3044	mbam.exe
3044	mbam.exe
1604	mbamscheduler.exe
1604	mbamscheduler.exe
1108	mbam.exe
1084	regsvr32.exe
1928	regsvr32.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

mbam-setup-1.75.0.1300.tmp

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Malwarebytes Anti-Malware = "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe /install /silent"	mbam-setup-1.75.0.1300.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mbam.exembam.exe

description	ioc	process
File opened (read-only)	\??\J:	mbam.exe
File opened (read-only)	\??\R:	mbam.exe
File opened (read-only)	\??\B:	mbam.exe
File opened (read-only)	\??\H:	mbam.exe
File opened (read-only)	\??\I:	mbam.exe
File opened (read-only)	\??\J:	mbam.exe
File opened (read-only)	\??\Q:	mbam.exe
File opened (read-only)	\??\H:	mbam.exe
File opened (read-only)	\??\M:	mbam.exe
File opened (read-only)	\??\U:	mbam.exe
File opened (read-only)	\??\Z:	mbam.exe
File opened (read-only)	\??\L:	mbam.exe
File opened (read-only)	\??\U:	mbam.exe
File opened (read-only)	\??\Y:	mbam.exe
File opened (read-only)	\??\A:	mbam.exe
File opened (read-only)	\??\P:	mbam.exe
File opened (read-only)	\??\Y:	mbam.exe
File opened (read-only)	\??\K:	mbam.exe
File opened (read-only)	\??\P:	mbam.exe
File opened (read-only)	\??\I:	mbam.exe
File opened (read-only)	\??\S:	mbam.exe
File opened (read-only)	\??\T:	mbam.exe
File opened (read-only)	\??\K:	mbam.exe
File opened (read-only)	\??\N:	mbam.exe
File opened (read-only)	\??\V:	mbam.exe
File opened (read-only)	\??\W:	mbam.exe
File opened (read-only)	\??\N:	mbam.exe
File opened (read-only)	\??\X:	mbam.exe
File opened (read-only)	\??\B:	mbam.exe
File opened (read-only)	\??\L:	mbam.exe
File opened (read-only)	\??\O:	mbam.exe
File opened (read-only)	\??\S:	mbam.exe
File opened (read-only)	\??\X:	mbam.exe
File opened (read-only)	\??\A:	mbam.exe
File opened (read-only)	\??\E:	mbam.exe
File opened (read-only)	\??\G:	mbam.exe
File opened (read-only)	\??\E:	mbam.exe
File opened (read-only)	\??\W:	mbam.exe
File opened (read-only)	\??\M:	mbam.exe
File opened (read-only)	\??\O:	mbam.exe
File opened (read-only)	\??\R:	mbam.exe
File opened (read-only)	\??\T:	mbam.exe
File opened (read-only)	\??\V:	mbam.exe
File opened (read-only)	\??\Z:	mbam.exe
File opened (read-only)	\??\G:	mbam.exe
File opened (read-only)	\??\Q:	mbam.exe

Drops file in Program Files directory 64 IoCs

Processes:

mbam-setup-1.75.0.1300.tmp

description	ioc	process
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-17D09.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-L916K.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-7LCMQ.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-3IM7K.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-BDA2G.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-41UF4.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-2IIV7.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-0GP7J.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-D6I0P.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-N8UBV.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-KID71.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-JU7F2.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-GFBB8.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-QP29O.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-K2VNN.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-9MOMA.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.dat	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-7F9VV.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-7UAFI.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-J6IE1.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-N33MF.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-EIU35.tmp	mbam-setup-1.75.0.1300.tmp
File opened for modification	C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.dat	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-LIMD2.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-HCS4V.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-6UFRF.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-43P62.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-LJ7RT.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-5UEV6.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-JR5QS.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-9DM94.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-QJJ2H.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-7AM9P.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-G3J7V.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-LC3S0.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-0J4E2.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-HMP58.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.msg	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-N855M.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-II6TO.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-T3ABI.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-INLGT.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-CMEOE.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-E874A.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-H4LB7.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-119FP.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-C16RJ.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-0MJGK.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-3QGPE.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-IBPEM.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-MTSMA.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-48TGH.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-AV838.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-K73QE.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-UH37D.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-REBN1.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-04RMF.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\is-NGUET.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-R9EF2.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-C91VG.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-36JCC.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-97QP0.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\is-I4MLK.tmp	mbam-setup-1.75.0.1300.tmp
File created	C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\is-1VK4H.tmp	mbam-setup-1.75.0.1300.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

mbam.exembam.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	mbam.exe
Key created	\REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main	mbam.exe

Modifies data under HKEY_USERS 10 IoCs

Processes:

mbamscheduler.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware\alwaysscanmemory = "1"	mbamscheduler.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware\alwaysscanregistry = "1"	mbamscheduler.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware\autosavelog = "1"	mbamscheduler.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware\openlog = "1"	mbamscheduler.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware\defaultscan = "0"	mbamscheduler.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware	mbamscheduler.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware\alwaysscanfiles = "1"	mbamscheduler.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware\alwaysscanheuristics = "1"	mbamscheduler.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware\alwaysscanstartups = "1"	mbamscheduler.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Malwarebytes' Anti-Malware\terminateie = "0"	mbamscheduler.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CCA2E620-B807-451F-BAFD-2057AF9025FE}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SSubTimer6.CTimer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3E9FB490-7EE2-46E9-B52A-9DE91DD218F4}\ = "cGridCell"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MBAMExt.MBAMShlExt.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\ = "__vbalGrid"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridCell	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\MBAMShlExt	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SSubTimer6.CTimer\Clsid\ = "{71A27034-C7D8-11D2-BEF8-525400DFB47A}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\ = "vbAcceleratorSGrid6.IGridCellOwnerDraw"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ = "_ISubclass"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridCell\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\VERSION\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CCA2E620-B807-451F-BAFD-2057AF9025FE}\ = "_vbalGrid"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32\ = "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\ssubtmr6.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CCA2E620-B807-451F-BAFD-2057AF9025FE}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vbAcceleratorSGrid6.vbalGrid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\ = "vbAccelerator Grid Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridSortObject\Clsid\ = "{D2129738-6A78-4BCB-915A-412982CAA23D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SSubTimer6.GSubclass\Clsid\ = "{71A27032-C7D8-11D2-BEF8-525400DFB47A}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71A27032-C7D8-11D2-BEF8-525400DFB47A}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DE8CE233-DD83-481D-844C-C07B96589D3A}\1.1\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BC39A57D-DF2C-45B4-BFFD-7D55E911C1B2}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A27033-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71A2702F-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CCA2E620-B807-451F-BAFD-2057AF9025FE}\TypeLib\ = "{DE8CE233-DD83-481D-844C-C07B96589D3A}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\InprocServer32\ = "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\vbalsgrid6.ocx"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\SSubTimer6.CTimer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ = "_ISubclass"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A27031-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{71A27034-C7D8-11D2-BEF8-525400DFB47A}\Implemented Categories	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD}\VERSION	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{459A91BC-193F-4A70-959C-BFF69D781142}\ = "_IGridCellOwnerDraw"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\vbAcceleratorSGrid6.vbalGrid\Clsid	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MBAMExt.MBAMShlExt\ = "MBAMShlExt Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{015FAC74-0374-494A-A02D-316D562C0FCE}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridSortObject\Clsid\ = "{D2129738-6A78-4BCB-915A-412982CAA23D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D2129738-6A78-4BCB-915A-412982CAA23D}\ = "vbAcceleratorSGrid6.cGridSortObject"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB}\VERSION	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67}\InprocServer32\ = "C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\vbalsgrid6.ocx"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{AFF1A83B-6C83-4342-8E68-1648DE06CB65}\1.0\0\win64	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A2702E-C7D8-11D2-BEF8-525400DFB47A}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BC39A57D-DF2C-45B4-BFFD-7D55E911C1B2}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A27036-C7D8-11D2-BEF8-525400DFB47A}\ = "CTimer"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\vbAcceleratorSGrid6.cGridCell	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71A27033-C7D8-11D2-BEF8-525400DFB47A}\ = "CTimer"	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

mbam-setup-1.75.0.1300.tmpmbam.exembam.exe

pid process

2308 mbam-setup-1.75.0.1300.tmp
3044 mbam.exe
1108 mbam.exe
1108 mbam.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

mbam-setup-1.75.0.1300.tmpmbam.exe

pid process

2308 mbam-setup-1.75.0.1300.tmp
1108 mbam.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

468

pid	process
2308	mbam-setup-1.75.0.1300.tmp
3044	mbam.exe
1108	mbam.exe
1108	mbam.exe

pid	process
2308	mbam-setup-1.75.0.1300.tmp
1108	mbam.exe

pid	process
468

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

mbam.exembam.exe

description	pid	process
Token: SeDebugPrivilege	3044	mbam.exe
Token: SeBackupPrivilege	3044	mbam.exe
Token: SeRestorePrivilege	3044	mbam.exe
Token: SeShutdownPrivilege	3044	mbam.exe
Token: SeTakeOwnershipPrivilege	3044	mbam.exe
Token: SeTakeOwnershipPrivilege	3044	mbam.exe
Token: SeDebugPrivilege	1108	mbam.exe
Token: SeBackupPrivilege	1108	mbam.exe
Token: SeRestorePrivilege	1108	mbam.exe
Token: SeShutdownPrivilege	1108	mbam.exe
Token: SeTakeOwnershipPrivilege	1108	mbam.exe
Token: SeTakeOwnershipPrivilege	1108	mbam.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

mbam-setup-1.75.0.1300.tmp

pid process

2308 mbam-setup-1.75.0.1300.tmp
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

mbam.exembam.exe

pid process

3044 mbam.exe
3044 mbam.exe
3044 mbam.exe
3044 mbam.exe
1108 mbam.exe
1108 mbam.exe
1108 mbam.exe
1108 mbam.exe

pid	process
2308	mbam-setup-1.75.0.1300.tmp

pid	process
3044	mbam.exe
3044	mbam.exe
3044	mbam.exe
3044	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe
1108	mbam.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

mbam-setup-1.75.0.1300.exembam-setup-1.75.0.1300.tmpmbam.exembam.exe

description	pid	process	target process
PID 2536 wrote to memory of 2308	2536	mbam-setup-1.75.0.1300.exe	mbam-setup-1.75.0.1300.tmp
PID 2536 wrote to memory of 2308	2536	mbam-setup-1.75.0.1300.exe	mbam-setup-1.75.0.1300.tmp
PID 2536 wrote to memory of 2308	2536	mbam-setup-1.75.0.1300.exe	mbam-setup-1.75.0.1300.tmp
PID 2536 wrote to memory of 2308	2536	mbam-setup-1.75.0.1300.exe	mbam-setup-1.75.0.1300.tmp
PID 2536 wrote to memory of 2308	2536	mbam-setup-1.75.0.1300.exe	mbam-setup-1.75.0.1300.tmp
PID 2536 wrote to memory of 2308	2536	mbam-setup-1.75.0.1300.exe	mbam-setup-1.75.0.1300.tmp
PID 2536 wrote to memory of 2308	2536	mbam-setup-1.75.0.1300.exe	mbam-setup-1.75.0.1300.tmp
PID 2308 wrote to memory of 520	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 520	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 520	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 520	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 520	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 520	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 520	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1464	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1464	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1464	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1464	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1464	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1464	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1464	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1780	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1780	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1780	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1780	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1780	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1780	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 1780	2308	mbam-setup-1.75.0.1300.tmp	regsvr32.exe
PID 2308 wrote to memory of 3044	2308	mbam-setup-1.75.0.1300.tmp	mbam.exe
PID 2308 wrote to memory of 3044	2308	mbam-setup-1.75.0.1300.tmp	mbam.exe
PID 2308 wrote to memory of 3044	2308	mbam-setup-1.75.0.1300.tmp	mbam.exe
PID 2308 wrote to memory of 3044	2308	mbam-setup-1.75.0.1300.tmp	mbam.exe
PID 3044 wrote to memory of 2712	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2712	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2712	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2712	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2712	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2712	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2712	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2868	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2868	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2868	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2868	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2868	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2868	3044	mbam.exe	regsvr32.exe
PID 3044 wrote to memory of 2868	3044	mbam.exe	regsvr32.exe
PID 2308 wrote to memory of 1108	2308	mbam-setup-1.75.0.1300.tmp	mbam.exe
PID 2308 wrote to memory of 1108	2308	mbam-setup-1.75.0.1300.tmp	mbam.exe
PID 2308 wrote to memory of 1108	2308	mbam-setup-1.75.0.1300.tmp	mbam.exe
PID 2308 wrote to memory of 1108	2308	mbam-setup-1.75.0.1300.tmp	mbam.exe
PID 1108 wrote to memory of 1084	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1084	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1084	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1084	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1084	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1084	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1084	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1928	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1928	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1928	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1928	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1928	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1928	1108	mbam.exe	regsvr32.exe
PID 1108 wrote to memory of 1928	1108	mbam.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\mbam-setup-1.75.0.1300.exe
"C:\Users\Admin\AppData\Local\Temp\mbam-setup-1.75.0.1300.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2536

C:\Users\Admin\AppData\Local\Temp\is-N54F7.tmp\mbam-setup-1.75.0.1300.tmp
"C:\Users\Admin\AppData\Local\Temp\is-N54F7.tmp\mbam-setup-1.75.0.1300.tmp" /SL5="$70122,9824451,54272,C:\Users\Admin\AppData\Local\Temp\mbam-setup-1.75.0.1300.exe"
2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2308

C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:520

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:1464

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
3⤵
- Loads dropped DLL
- Modifies registry class
PID:1780

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /starttrial
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:2712

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:2868

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1108

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:1084

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s "C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:1928

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:1604

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.com
Filesize
213KB

MD5
b4c6e3889bb310ca7e974a04ec6e46ac

SHA1
3f000086108398edc802251a2b55b1f077e3ea64

SHA256
522f2d5aec8707d071a1f95c90efc5ee87755dbf41461fb0e8b14f4b989c046f

SHA512
3b2366ab6c733afd8e44fb09f8fdb72326343feb9220a6b08b33b932bb121982dee3826166778e412a900c8b4fee0d8507fbcff9098335b8c44591984153529f

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\arabic.lng
Filesize
21KB

MD5
05cbc1cb9ef2981feb33b2f2a3513be0

SHA1
3d77b4aca102d7b88b3fa1fb8c5dc8f15d2139fe

SHA256
539b5b6d3b12523f624d5f09a0567c548fca3fd4e88f254e32f81d6a15b6eeb1

SHA512
6fbd35a8e5aa05cab257f9a744b7aac0a6dbbe6e99e139c526758970a2d1fe6b774c69feb6c045efd77637659f540a1c76d20ec0730355e883811ea9d4dd09b5

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\belarusian.lng
Filesize
26KB

MD5
3cf8a281363b8baf17fea44ee6aed7fa

SHA1
cbb74d119dd177b9dd16467e225d4034d50d9992

SHA256
cf5808803b42f6ee9ebdeb4bc7223512b6454a2ae3da6277381ba19ce4e1d690

SHA512
41605c547c14d8323a91f11870c722cb4539d5b54ae7ed2f7dbee04a870bca102ff6c0e9d84423b9d2d92bb81dfdb506cf8cfb2eb059ae47e7c78ece3fd7d6ba

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\bosnian.lng
Filesize
26KB

MD5
16822a099801daccd66683ec93a29067

SHA1
45ce0d09e4e059b041adb48086cfd4c0416ec8fa

SHA256
e25f60a9dc928f9fe8089816874335d0d65ec58166ae5d52e17335d45ff148bf

SHA512
c91c4581ad631af4513cc2921a2eb482a6c1af32da497186f29db24141774b79dae245cf7e7c1fa70e3df6c4293c50b9d3aff43941805d3fd63c57323ed254c8

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\bulgarian.lng
Filesize
26KB

MD5
7429699be4394b8bc9f8bfdf391368bc

SHA1
d50d5f316e6ede3e425e982ef0964d66d79afc1d

SHA256
7d64c170b808b6cdb7e9f940dfcb66717305f97be4abec3b7b44da31c26b5121

SHA512
5b6551cb467553b50c9fa6398884528992057c7a295d93e9f804f7838c74efe2417108f1d2febf752eb33ebe9d875c6e47d87a0f0504fc7f6d1974c4620794fe

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\catalan.lng
Filesize
27KB

MD5
1f586f270386fcb19d85874b64b2c5f0

SHA1
79955def14e4fb3bbbe0f19895f517f276199361

SHA256
842fcab4b84b172ea48733a56f59dd23bc3e2f47fba1376f319ad3fa601bcb72

SHA512
1a7879c378fd00a04211a74590742a05d72c2d9a3fb064dde98ba276c8864bc0fd8839fd20e10acf8ee5f584a81ce3a4e1dbec632c11dd975f3c3573a9a2352e

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\chineseSI.lng
Filesize
10KB

MD5
ad7457b600c15f4d388c2f12e5065d81

SHA1
395d15a1b3eee638004faf0ef1a66d06939b501e

SHA256
c99136fd872c1462913c26c17148f0d2d8715992834ee51ee912f1301b5f22d5

SHA512
688fa64408c995590393a9d7b351de98664611bd41ce7e1c3f152bada509974a72b1a39c0c7a01d9ff4035c792c9869bcd139b7070329edd8d81522710152786

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\chineseTR.lng
Filesize
11KB

MD5
e6c31f7a99cd024e71129a81d1a3420b

SHA1
0d63dd13231e8fab281bda1ce979f14305a676ca

SHA256
9e4843f0bce9be083175d26e6be6aa1cd89ed14fffd2b56e3c38ac9d3c8d5a20

SHA512
f54920c2bfcd8b8dd37b2a68c604c4b14f2700dc60bfa52d2f2904e13bebf4ee13d1ac022e7e74c721afbae5338890ed4f340f67d71304cd2af1bde62c1a176b

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\croatian.lng
Filesize
26KB

MD5
b0ad193ad3c4e9366d4bb0b5491373bb

SHA1
1c836066a01656b2de2a68f6cca6c18e598f6793

SHA256
5501c0f968174d2924d7299b3141795d958cf5c5cb37dcd43133671c6ad4f473

SHA512
683450cfe543087f9de6cc4d40943128dfb3d51fedce018683cb22ae2827d1cd20d861262da10ab8e556fba95cd192c94fd399cafabadcb5c21f30ac47753dc8

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\czech.lng
Filesize
24KB

MD5
7643eb39937e09ab1c5d39fcf2ff5d9d

SHA1
07f4c45a0688537879ae782be113651b350308e0

SHA256
7c2adda6dc13e104651a8396fe7b499764ebd300c15088a55695067b436c20c9

SHA512
bc6618c69d7c61e0bb6b7d33e790570ba3f4a9da8e6f9b7a77c3e309c7d0f42f4b61690261dc103581db6ce70468c959567625cd46fbcd9ae78586ac41389c1f

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\danish.lng
Filesize
25KB

MD5
e0f89b418346330781fbbff6246a027d

SHA1
4e0d3c83a399e49ac265f5bc84764b16867a9bdc

SHA256
6444d8b4206a7e81b199022659aaad95ceec28a3aa7952e44efd0ef2920d2662

SHA512
f340731c017f27807fa2e0573e30fb777f0f8b5d4cac43fcc33fe1f3ebd43fb7825e4687a0ffd1793b91d9fa3f790febc05e6656ec3c439f30b55f2fd659e69a

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\dutch.lng
Filesize
27KB

MD5
001f86596d6873ce84880c8c28ae9e77

SHA1
a816b001cfde79ea195bce9d2c0bd0924e1482a4

SHA256
659b366ce457f7e08ca687bccebc571fa99508f92255b1432688bd6af811c023

SHA512
53fe90b2194798f8250b0c0e0a2a62863e74e82b8716ac6b33f386c5244de4708bfcd9667a34531afc2f87a3eea96cdbeb5a7f4e29e6e5965f96d20c052875a0

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\english.lng
Filesize
23KB

MD5
6fff275a7fb0e2516b791231735da779

SHA1
15e5bdc5b5ea1a911e5e449c3ddb2fa9bcc5700f

SHA256
0939de00f1c733edb8422227d237d3647ffa81cf60ab7434cb80d741c5b40485

SHA512
9ad07edc92e55e4d1e2b5854dd5f391867dca2c7e8c6e5b9049517b2b6afd310e450861c1831105aa6eb1eccb34d2c8322a23cd699c601023820fe813f91963d

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\estonian.lng
Filesize
24KB

MD5
24d8bc03ef7756fc4717a184f541c703

SHA1
89f24ffec7dc573a6fc2bd3fc1419545f095e67b

SHA256
34ef3df57ea42cdc3af7a0b9671cea8ad0525ae79b05dfa5db1914102b21e06a

SHA512
6a983dfaf7360651ff15e62ffb5d47f5a676ad10e7b3d8984d7fda6bba0f91fdf6f7bc19188cf040ed35e49da72407ca881312fff31b052993afb5298dad4615

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\finnish.lng
Filesize
25KB

MD5
7db8c6cbad083a190bcb35d237d37d3f

SHA1
d1cd03f432ac752624c4a14e3a1936bdd8bbb77c

SHA256
2197251cb2df8f41f9c9a41e698d8c15e9231e24d28e4a86f44423282fea6806

SHA512
f366fdf23eff177bd10f4e074cc7a97b294940e794827a7616706aefd2a2ace1b08e584e7d79ce6efdef5c590bbbc659b71e3b57d07cb6b18b58f7f1d5c73f9c

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\french.lng
Filesize
29KB

MD5
0f9c8f03d3d09ff73510ef18ff71a65e

SHA1
1193b423e79dd8a11ff5e034af10ae048f44f1cb

SHA256
746fa0b87e8a260b9332a5d892454deb5d7226ee8796bb676eeefbe09a0da5c5

SHA512
7711b53699b5cfe3491e7bc818837458f6c5b9be15fd90dbc43a4942dd2ae4e9ec3c7be0c8a13a69ff5cf2e17e831b27e90063f84655476dde60454ee821b235

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\german.lng
Filesize
29KB

MD5
2ff0bdf1dfb09f2b5c46dcaa6c552fd8

SHA1
028b3bf4bae72be828988ff1b7fa100cc766362e

SHA256
cab79da366c139e4a67c25910abd3e54c85460cf45efe203c9a3323681955083

SHA512
857c27a7ffb7e1b0e8e3450ed3bcead347e565eafe61b9be864f050f5f47d70d68614d30946e15c22f8e9ec1588c3da0b3c4a9f1dbc43f8b5cb3edb6e4bf6668

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\greek.lng
Filesize
28KB

MD5
c1b3e93a760fab833965eef9255ca3ec

SHA1
2a5fc42106b4a0e4ec9dd15ea0f671afecb38ca2

SHA256
e8ecebc80849345a738c2c2a61724a543b327dc71709dcbf32a3aaef0c25770d

SHA512
449c75abb82a4188b620503d7662cce3aaaee4d4b58bbd155df0f628636ba8795b3a3a46e68a85162e2aa35b94e2f3763ac891212a23e0b6cf619e742d32abc4

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\hebrew.lng
Filesize
18KB

MD5
f0c5836acf6e0251c17a5ee160d3a48b

SHA1
e8e063bb190ff2dfa11ddfc696b603f85fdd4265

SHA256
a2ecbea208c42ed87615210c9fe9f7f773ba58d057ab92405bebe1d52fef3c91

SHA512
36e305be5586321842763640e2708feabc5c45b63adf176f238f6564b596cee5e6399fdb11bc9b1130d922b499a73a52039fea94c4856359aa5df57846828bf9

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\hungarian.lng
Filesize
27KB

MD5
690d3e784eb4b80adcbfa13c83b01adf

SHA1
70fb2e0de0491f3585262db07a68fe64b7e61712

SHA256
7d8344a60a0a66e5a553008895ceec7a1562336123d37de5a7b7ed2f89ef893f

SHA512
ac87051a777cbe291c3cf1dfb502ac378f9f18f85e7b494afb8e774f67388876339d3f2bcab01235c1a6b9ace1d7a726f4fb245ad15541d9ba53baf37bab44a8

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\indonesian.lng
Filesize
26KB

MD5
6bb9287537827df22f09d6f23f961e8a

SHA1
0062baa7d14e04761258ae1bf424fe487d5a243d

SHA256
6e88e066416d7a107786637836e93dfc6804c4150ab992704f6d64cb07f1a0e2

SHA512
2ab77b827fe2130c2c020aa571de863405f14f79ac1a8c85b2be7a062852a775392c41c167ac1fcec578140f97444c8f00a694fe5df1b6beeea24bdaeba6ab53

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\italian.lng
Filesize
27KB

MD5
5cad86897428e6a1ba9233ed57df8d9b

SHA1
a3d9cede76e3e1414b218ca9b69d9e4d04902253

SHA256
ce1ea6400ae7525fe43fba836a08d6508f83f87703b28f908721a8a9684aa188

SHA512
85f0e78c5f3d36b577555aeb1f3ecafc1096955438b193c7945002cf1f01058d15100b804ee9c64500ad7f9b4a921359130b448bee0a9cf94c9b445cc7675744

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\japanese.lng
Filesize
15KB

MD5
7a83d3c0b4b052e79b543b6670e2e84f

SHA1
e86634a1af4de1b1dba7f4951e419248551b825e

SHA256
7343016646092f7161268ca461fc256171556fb8801cd9a84a775ba365072114

SHA512
d263a01ff25c523f61bedf80dc1c5ef7dd2ba547c3cddc5cc7df3402e2ba098469290b1f90e4760eaeac1f325e4f09c5ffc3d2cd74a8893a7df7f3ae7fa2bf62

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\korean.lng
Filesize
13KB

MD5
1522900cb19498d404cf35c294b0c5c3

SHA1
d829746076f40d6ffcd9998c04f749f39088d0a3

SHA256
5223867a9019b32200f019c0ab0c78cb1f8fbaa84abfe719ba62529e994a8d68

SHA512
35be84db908d78b362785c5ec2f2c48426fa98a49715a9af4e1c6381dd0c78383a2188eba897a75bba6891c7297716d66b36ad92341555d5e769d890a190f0eb

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\latvian.lng
Filesize
26KB

MD5
c0ebae67c200a8644360d8d41a9489bf

SHA1
fa41c1c775033045d0524d64d1ae209109eb5679

SHA256
73ce3b9a92ecb43709e6459ed5852b824106765dec21340e8ac8a8f2f90e31ef

SHA512
33476206dbfd50b023d5ec29e8b2bba688a5450643214e48b7c0cd880834a1eb818794d45d216b4f24a3f16b0bf050a191c4d80b5278f9cfc715c9250f0a42da

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\lithuanian.lng
Filesize
27KB

MD5
495170d367f9fc73f85a21af45061b18

SHA1
d04dbd84d3ce096150581b78c123c1569281236f

SHA256
eb8d25cb4543354e3ed99d666901709e14becfdcce0c7e43dee1f0b0fb2c89f3

SHA512
98c0868e9ab35b3a46487fcab9001df7e57f2944dff10ac06eee3149569470ef27bef62ff80e0c3267a2af3c204b66623ba12e56e44ebc343ec70c07793cbf7e

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\norwegian.lng
Filesize
24KB

MD5
b08ca598350b32c432ba7d4704b3223b

SHA1
6e384f9323c2cf0a93af7c0c1767837ec437b9c8

SHA256
72082e3a29e9114c083c5528043dc4c3489048805e83354828e41db34a7275c8

SHA512
11c68fed7227f2477b4621992767d93d355355b200117069304f6ff044c8b00379931ab22b05c8edc9e7ff2ab68ee828120b64564e7a10dcbefd798f0ac16677

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\polish.lng
Filesize
26KB

MD5
239e83a1586f3fe4f8577959fbeacde6

SHA1
33c92646f185a1fb975a7a31422045b589ad3bc4

SHA256
a3acb47d3b6607939e41d1c084c10fb762f5b2bc2a3c2af7675ead7b3ef59934

SHA512
4b704c80204aa4ef070c6ae7afa4ae28a8bc38507b5d6268cb601fdf844f310fe87ce657c6845437eb1b79e7c8d33bf1dce86e66708b5a4ec650e1cd61abbc89

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng
Filesize
27KB

MD5
f54cda18152096c0ef50994acb4eee74

SHA1
1c21c3758ab831aec7795c77de308993bd11c81f

SHA256
c6ad305334f2e8131689e856f9fba26efe671e1360206746a1216564b04883a1

SHA512
cbe83b66f93dbd64c0bd5a1132317458561d355c62aa64787f0297bf3368481af5cf267233d11f3136f4173edffe0bde886d74ed23828d71bb6645fd72ca23ed

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng
Filesize
28KB

MD5
499403a26c3d7485e1f1c43169b25459

SHA1
db6e62bbe45552d11c833bd40b31b9cc0455abaf

SHA256
59902808d46740465121c014f24ffccfb114fb9a723d418990ffaccc4d907260

SHA512
652c237f4d97ac3c1a9d63eb1f79b5cc7d48f4c4e85bdba2b18d53d0eba3b9521d7f8c45413940b181a1cd1136e1f946f30980c76d146820e330295a140fe907

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\romanian.lng
Filesize
27KB

MD5
dcfa500fa9b30a9312f3d9edcec2cb8b

SHA1
ed2d19daf38fbaa089e66b6c50cdc51770aa75e6

SHA256
bb4760c17a96f8ebbe0f1b23a5781e65a7190d01f39f9a56ded22d27ed140b0e

SHA512
da6155a4d3d1de1e1af8a2ba06f6d9e6ea5654e47ec6b4d6ba8d001f29fd2cfba65b321f3f868be828a838ed01a4f4b65727cc16734ae98d1e709acee860f595

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\russian.lng
Filesize
26KB

MD5
54f12663da6f2fc8d4d65ac7c4359dad

SHA1
a90f67c76336fe8a34914b5d5d94c6433fdaab70

SHA256
9133bc2b07ea322a56ea7adc95f6f6cc46a6c16c47e14ba86e9ada4b9fec623b

SHA512
03c6cf4a2f29f21da78e191a3b6d77ffcfc960fd2fecd46a95c9bec2cd7512496732fe4eb45e521f69e3bf1b2b44ab36a5ff857f84ba190ea5b767d7a3db90c2

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\serbian.lng
Filesize
26KB

MD5
ee0e13a7b2c81a692d5a5abc8553c231

SHA1
61c7466b3b8088e914e23f9d488d8b746cbcbb14

SHA256
7d119f63c191c27d70f48ef1fccb017677d312f4541f68720e88ee4979dcad4d

SHA512
d0e218b3e80c3660170acc4a43098d8cbfc76f9b50b63880d8112b6a53fce4116dc12c10c8fc2f216f3a38651dd0b36b052d8217765540029123636e2ad8b846

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\slovak.lng
Filesize
25KB

MD5
10221917d1d4ef6cfb13b364aafc9f71

SHA1
53617f2fc8978abdfe8f518938e823a7b939c2b1

SHA256
5b4d0831664fb6ed92c6248a5ebb10f8214b78b01e1c0a31b44d2b3695bd1d22

SHA512
ff9b25c8690fbb44b7ffc0a0e38c24f8da2b7e93efd226036da41e08853ae8691f4e453887dcfb2a7dd7ea05cf64715a6f97087f718fd6bc8dba91fb3aaccb2e

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\slovenian.lng
Filesize
24KB

MD5
237b0446a385509fe52efd1fa1b3accb

SHA1
018a16e2b1c5c7552e3277f5e2c753a2389acc90

SHA256
e3e6070664312587cc053d637497a395716bc4a39a1d8411932b93c017221b8c

SHA512
71682e34d708076625d4a55706ecf88afcb3dd15e25bb91ab93a2dd85d6ddd5e926241829e5c64e8dcec6ea41c0c6fa4fc1996144a0856f233306e96d839ceba

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\spanish.lng
Filesize
29KB

MD5
198a6353e5311848abf1d471d8d6ef40

SHA1
a4fbaef77a693fb637df5667edc3a3874700b95d

SHA256
3c31f459e488c126613cf842a1718bbd6f9e66543bbf64dcb8b5242377ffbc2a

SHA512
f472647baa5e0ad8a650cd78cd4194d672772cc5cff997934dd572456348f1cc8670cd472e7209b4bd0bcd1f1bd6616da2323b4ffc5e5f8f8c4d0d95126d5f78

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\swedish.lng
Filesize
25KB

MD5
485f59c78e649ddaf83eaceac0992e36

SHA1
340b3f3378df28ea36caadde92555a893b089814

SHA256
f0e17d90e0a222e3b09ba51948718228bcdafe016111db8b68dd8e027886aa51

SHA512
8f3554599fe77d789d33f1f2ac276f93e7380d6c90ea411fb151f9383a6fd9a3428a6505fb723b7c4bc6c5b8c8ba4fd7c530c5658be94d5506ba6684a9a66dcf

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\thai.lng
Filesize
25KB

MD5
a91dc7cfe632c36923f3f857b3f5a849

SHA1
3f88b3038bb57f59c78ec3e42d2efc8e25fabfd2

SHA256
575de4c3f99c87d8927169a7e7d3266f09b9e84bf5dc2f51e87f6a36715ff4a6

SHA512
acad82e3d78be938823dc91490521f2b0d24b00f381d31868bca7e531800863d79f6ee438f42d4071d49d0b3526625ce5378978a45fa5fdff5bf119e29d6589d

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\turkish.lng
Filesize
25KB

MD5
dcf249529c524f1742d70bf49ccf7941

SHA1
2183e53cf833d95166e7d77ae4e8fdc9bdf1af49

SHA256
37e4938e4610e274c3127ec973d97284d75899babac595952ef9e40900dabe5e

SHA512
03db2aefcd131f59972c434aad2d4b79ce835fb9f3e3c0537e4eac7bc6c846a00f61e2ced433a31a50730222d84c77692b6584c0f35b476cb9a48ea3f574a29b

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\vietnamese.lng
Filesize
28KB

MD5
a4d4978d29ed969c43591a4700a73796

SHA1
e72ad5925492b4eda55eb5fcf042a04a3d878d06

SHA256
9d386e56f72b54741fd5956078e08e2c683bed96357d224ec9030b04362eb40a

SHA512
c91ae99dd6629062f1e41ea815c41e4b24572adb1ad6faacc8cb42a4d80f040ab1e3dfe27a44c7fa1b186cc43122e1cf8b7784caa88d05b5fd9c508ab9e55ee5

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
Filesize
93KB

MD5
d713fbececd754fb7110cc5c4e0948f5

SHA1
9795da458eab26f4782be56f67c9894b648aa53c

SHA256
44c99d66b3480381a82e91cae878036b25e17e5a970a4a7ec1964eb5b1eb1306

SHA512
564a72d035cf9b95622dcbd8d6eb3a66224b08ae54a00e10e9aaa0a7f2684384d8e4b428df185354a987bdaf7dcfa53bae55b295282da57fa81be5653e5e65b4

Download Submit
C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
Filesize
485KB

MD5
baa4de42156350754976dd563d02cde4

SHA1
ba617efebe79c1a60daf941f2766fa92fe1635dd

SHA256
2ca8945c81be66f6b023af6dfa37d336ffdfb9a9a3e785f26f8891198d362295

SHA512
b7a02698a795dbbc98a22c899ccc3e69c1070d9a2b678e9d5e682d21a31a4b4f9355a00061879310847c40d21c14253c4ce8639489c6509ce17e1e8cdb4d52a5

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\build.conf
Filesize
140B

MD5
f0a44e989926a85cf820b824ec268206

SHA1
aa4e6f856ea2085cc6b0a32f9e7c7acc7c767243

SHA256
87259b08fa5467b3b6e71913de4fa9ce8f8bdec80c5dd93ad23041b999320ee8

SHA512
86debc288a09480c16da05bdd4ff413c3047faa0c0e19039e6b0b3c1bf04e056e2a857e2e2bd82d8933f92f366ee98ec74d414ccad49cdbe609770904ba78c36

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\custom.conf
Filesize
20B

MD5
529584ec24ab8643d97e43eb2c0bfa6f

SHA1
95aabfb6f47e24d278808c29c0e6c2b6b1195a63

SHA256
54fa58f6f44dffdced1c0ac7212c292e36a76049aae98e09d22c3a08661eb66e

SHA512
f4394523e28c74780dc64c779a35bbbfc61f707a1628d43d3d7fe49782593d41e0bd2cc1fad76fc53c11c91f15ce3098537b6b628c4c5df2bd51be49bbc71c5d

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\database.conf
Filesize
432B

MD5
34a626d29697de3c62d507e7e00e7db5

SHA1
d1e98f8e33cfc97b17928eb3438511a78efddcce

SHA256
75133af2f9e8c3e4b0360091072891a18180714d76a479fb5f8334c55ce4bfbb

SHA512
6828d66cae2c51c97f69a8c92df593b23bac54a92d30913fa9967b5074bdab5c8965f09bbdbcf38fb3ee9b18f29b41e1d8ccb650d72437384e0994191143ed2e

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
Filesize
321B

MD5
7a7efdd8689a4b56134730ec90abb1b0

SHA1
0b942791a7038e97bbd265070971eb9ce0d18d98

SHA256
0a903c89bc186426e59fe36878a0fd9103cddd8934dc742333adb02a92c0bcda

SHA512
27d0249141813c2ddaca2c9ff48e291910c6e42bd13f6b4bf6aca0e832fbdb9cd16a34b846ab906259dc7b3aedaaead6dc50fe75c566f0b5027c9d57865fee01

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
Filesize
359B

MD5
4a6ad0b2510070eb897602410298348b

SHA1
6ba39a62c6fcbf1ca5f96b824f723ed916f71908

SHA256
aae20b69c53d163ca335c2a5c446ff6cb7190e894dcd6a37c72d9c7c015c2438

SHA512
00672ca2ec9063985c16fe10536f695ab02ea6ddeb3efd1f9d15d17975f720ddb307982636fc3400295e14ed1d299b01e6f0f833b7556cc218814e2759da9937

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
Filesize
359B

MD5
81c7d3adfddd7c0989cb88e522da6c29

SHA1
3e111f166b9565b5ae8ffa3a7d46acf031d9078e

SHA256
72f4485acaedaa4152a614f895c6ddc617eea949ecd72629cfa6cdd57da36d57

SHA512
9b1209faf1bdd7a6d115f93907a5bbd7023df5c0856e0b213ce1e602ae330d727f175c3cdb7c1dcef6a48debf38919dfc61fcf331b01e59bc57ba6277439c09e

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
Filesize
359B

MD5
dabf7bd2e48af7ae4c109cb52c4b8e8a

SHA1
aea407da0997ac39164d158cd02b343e59fd5b91

SHA256
491c03321b551dd3b19ebf8584a407a219dd2654755f27a6651afbf6002b7ec6

SHA512
4dc3e765ff4f4ea94c77b69d354bf3c982920b36ae0c3787f220385cb9741493d4b1982192d4bb3f42f63d0c7d82585965a712659d715020193439d5a5632593

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
Filesize
474B

MD5
c184c48f6c5445591c62aeab1f619bbd

SHA1
361b7b5078611ef42b8cf4a0bccb7ee8f56c545d

SHA256
bc02b44f2f38047e63d57327741cb21924efcc8810ce7bb77ae044e3fb5db9b4

SHA512
195fe3e20e9991d23fdf4539b7a5e98f16fec178e0790ddd27e31936eae0b776b1814321960900e0b5098561826431faec0f5d17d8fdbb394ab1a4db9d53d028

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\manifest.conf
Filesize
184B

MD5
5a4535ce45d1a6a84dab4f6d3b891bba

SHA1
59830e8da4d813ae1a72c4c2ef8e1ad8c5059a5a

SHA256
99c173c423f84a0c7185e883ce9baf820135de3ab532fb14799aecfeaf315009

SHA512
cfe02184d2e0c4c6858ca2dc1f406ef16b337795721385480a3261fae2bf9888f31693193cea03d3512eda1f849dbe5e3435d8cfa6062d3670636677443b4c72

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\messaging.conf
Filesize
1KB

MD5
83a933c593922da6a3712856308e56f6

SHA1
c1a37617b5fbe69988864e84ed2949bcc6ae9882

SHA256
d4325f1c1a2d5c5f56a0d239efd75d668e2211f981fa914797c4b147dc2b00cc

SHA512
0f0d10911ef31cd1b154bc8f1bad95d537e50ad880c9b422be69957c86364a09877af424ec7a52710de1ce534214adc7b7eced82eb9e8f3d3b64074f8fa5c01b

Download Submit
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\news.conf
Filesize
379B

MD5
0b33f3f974ca9bf1c11c78f386a481ce

SHA1
6d2db642ecf684b93239556b48750cd238cbbfdf

SHA256
630c450da4b704e95c0127c6cfa0e29cae0a3b19f63aa4f9bd4a4e43493e0155

SHA512
b125e78f0878af5299620629dd015ffb6abed9ad94aaa96afd1c1a05d1adb95cd8621a7d3ce19f55572546987c8c17857f0ea5d3b5ef2c35cb0971d8d0cf3c8a

Download Submit
\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Filesize
866KB

MD5
534a3cb0847ba114f0d8a5f2bb2ef6d0

SHA1
4e5df9f61f73944ac73003f5b1324fc134015fed

SHA256
db39ed39e7cd122c880041fd00708243550e5ca1a69632ff7ccdfeb6e0ae8faa

SHA512
49f23505d96ca5d58267bd7f7eaba476e5c2f5fb20344024f5c387cddd6ceeced6c6006cf65b4c65ed7caa1a020b583c08671225b6926b0a4a302c0624f8acdd

Download Submit
\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
Filesize
45KB

MD5
91ea28804ec3a71126841554199e28bc

SHA1
00d568f31e6d4e2110f54c3fea93219092181891

SHA256
e5f85613264ed15fca01e332068cb4515d56fb7f4f7267b4a94deb06b7944063

SHA512
f8209a77dd64b9562057ecc2da1de46fe763e1b0e6459ff4cfb5efae05300b8027bc71c3f44033d8be0b2115aaf3acdad6a8b83796f26044f88bc76e5c466e82

Download Submit
\Users\Admin\AppData\Local\Temp\is-64PR0.tmp\_isetup\_shfoldr.dll
Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-64PR0.tmp\mbam.dll
Filesize
515KB

MD5
ef39cccc9ad927a25334ae0b41a8a343

SHA1
236033e220d9052618e2c9a92190b86e788188c5

SHA256
ec5fb376f84697f42b632bc9775d362cf6c54a68e26a0cf027d90f5a419bea74

SHA512
ad0f655b3111b51836057cc3d00948019727cdba377f7d39f9d19af5e45a202b29d46132d113f01625638b3fda1e67df70a521ed0c0173a8f3bd4519b7da665b

Download Submit
\Users\Admin\AppData\Local\Temp\is-N54F7.tmp\mbam-setup-1.75.0.1300.tmp
Filesize
695KB

MD5
cd18e303b47e126eaacdefad26b006b2

SHA1
1eed13ece35a3bb91cf9a8a9d4cfb19b8934304b

SHA256
59af3786cbb9b933a9ded045c99aac308037e74a1db1aad19af4ebaa238460db

SHA512
19c4e2ed3b9c14fd9f4b70b052a014192c0df80a02505883c892c8d7e4c4671ca441c67bae00fc660613a9b39e40c796457714925c08b3c39ab332d2b97202cc

Download Submit
memory/1108-555-0x0000000003AB0000-0x0000000003ABD000-memory.dmp

Filesize
52KB

Download
memory/1108-551-0x0000000003BA0000-0x0000000003BAD000-memory.dmp

Filesize
52KB

Download
memory/1108-552-0x0000000003BA0000-0x0000000003BAD000-memory.dmp

Filesize
52KB

Download
memory/1108-557-0x0000000003AB0000-0x0000000003ABD000-memory.dmp

Filesize
52KB

Download
memory/1108-556-0x0000000003AB0000-0x0000000003ABD000-memory.dmp

Filesize
52KB

Download
memory/1108-558-0x0000000006010000-0x00000000061A6000-memory.dmp

Filesize
1.6MB

Download
memory/1108-553-0x0000000003BA0000-0x0000000003BAD000-memory.dmp

Filesize
52KB

Download
memory/1108-547-0x0000000008A30000-0x0000000008A38000-memory.dmp

Filesize
32KB

Download
memory/1108-395-0x0000000004AC0000-0x0000000005B22000-memory.dmp

Filesize
16.4MB

Download
memory/1108-560-0x0000000006010000-0x00000000061A6000-memory.dmp

Filesize
1.6MB

Download
memory/1108-559-0x0000000006010000-0x00000000061A6000-memory.dmp

Filesize
1.6MB

Download
memory/1108-546-0x0000000008A30000-0x0000000008A38000-memory.dmp

Filesize
32KB

Download
memory/1108-545-0x0000000008A30000-0x0000000008A38000-memory.dmp

Filesize
32KB

Download
memory/1108-544-0x0000000008A30000-0x0000000008A38000-memory.dmp

Filesize
32KB

Download
memory/1108-548-0x0000000008A30000-0x0000000008A38000-memory.dmp

Filesize
32KB

Download
memory/2308-387-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2308-392-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2308-8-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2308-20-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2308-228-0x0000000000400000-0x00000000004BC000-memory.dmp

Filesize
752KB

Download
memory/2536-393-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2536-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/2536-19-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2536-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3044-291-0x0000000004AC0000-0x0000000005B22000-memory.dmp

Filesize
16.4MB

Download