377ac497bdeb20e13ea84ca1eab709946535b77d4231007a7646509386a4af33

Analysis

max time kernel
130s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MBSetup.exe
Size

2.5MB
MD5

7ce024e6e2248ee891248469894d8a9c
SHA1

13db96c5e8d67b7f1141d22567741cd45d659c1a
SHA256

377ac497bdeb20e13ea84ca1eab709946535b77d4231007a7646509386a4af33
SHA512

ce5b6e7b7da5d3d00ad1df64006c24c291e24cb63e855855375e52e7a18ea7b3d283fababb79046a59533bcd80d8c18f604d9ace64af7e712f18020e5b351eff
SSDEEP

49152:YXrcUh6gxrxD0Xc3StQyfvE0Z3R0nxiIq2ddIAuSF:4rNRxrxA6KtQRq2SSF

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\drivers\mbamtestfile.dat	MBSetup.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MBSetup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	MBSetup.exe

Downloads MZ/PE file
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-convert-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\BusyIndicator.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\GroupBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\CircularTickmarkLabelStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\RangeSlider.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\JumpListLink.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\TableView.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\BasicTableViewStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\DialogButtonBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\GroupBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\mbae-api-na.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_ko.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\LicenseControllerImpl.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\iconengines\qsvgicon.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\HandleStyleHelper.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Drawer.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\Menu.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\groupbox.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_fr.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\Qt5XmlPatterns.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\plugins.qmltypes	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\ApplicationWindow.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\TableViewSelection.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\[email protected]	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\ButtonStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\Dialog.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_ja.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\StackView.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\RectangularGlow.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-crt-private-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\HorizontalHeaderView.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\MenuBarItem.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\TumblerStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Switch.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\SpinBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Imagine\CheckBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-handle-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtWinExtras\qml_winextras.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Calendar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Private\ColumnMenuContent.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\MenuBar.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\VerticalHeaderView.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\SpinBoxStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\ToolButton.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\SpinBox.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\TextArea.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Button.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Frame.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\sentrynativesdk.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-console-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\ButtonStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Base\images\slider-groove.png	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\Drawer.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\languages\lang_hu.qm	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-debug-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\api-ms-win-core-rtlsupport-l1-1-0.dll	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\Styles\Desktop\CheckBoxStyle.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\plugins.qmltypes	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Fusion\TextField.qml	MBAMInstallerService.exe
File created	C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls.2\Material\HorizontalHeaderView.qml	MBAMInstallerService.exe

Executes dropped EXE 1 IoCs

pid	Process
4396	MBAMInstallerService.exe

Loads dropped DLL 2 IoCs

pid	Process
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MBSetup.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1000	MBSetup.exe
1000	MBSetup.exe
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe
4396	MBAMInstallerService.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe
Token: SeDebugPrivilege	4396	MBAMInstallerService.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1000	MBSetup.exe

C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:1000

C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4396
- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
  "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
  2⤵
  PID:3092

C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
"C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\Actions.dll

Filesize
668KB

MD5
ce34c4bd9e70afb8e9cede7a1c4b22d0

SHA1
b694c15fab71eb4eeca91dbbbcba79d9550197b7

SHA256
53af4a63806b7bacb3d3567194c870d42d382c5850fb84fafe8197a6d17a8bae

SHA512
2eb44c0a734a8f0766c16d57d627963e057868d352468c98405956fb1c32c8fc74733d6b3199a105239ef3a988b0b189387e4475c8ea21f89ac4494a7a08fb2b

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll

Filesize
4.4MB

MD5
bf34b62bacfbaa6ab3ac8cde8463e3fc

SHA1
58bdc5c8573f100a4726102806895cca7305c89c

SHA256
932b66a994d7b49de0a8c38b3683d5bfe0c42269b6878b5df5d557278240bb04

SHA512
7d7af06aa901e0ed4b70df190ed48804b30c91ceb0b6990b83c5dca997953c3d8d2abb13c732f737a65656b16c2bd6bdb7076fde48d2102efedc4259a6afd0f4

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MBAMCore.dll

Filesize
448KB

MD5
a62567171d93a65f767483d4e384156b

SHA1
d1722c1bf5fb19eb8631fc2206204635b1a1a355

SHA256
0af29cdc7e022a0c6567658d19c60ca6dda16fb4df4e928cc448dd5339cbd0bf

SHA512
8a74e56dceee10289e79a9ba1d85d4ac3257dabb8e91e13ed58b580e33c4f88482cb32688425ef9b351a8ec33c6ee7b82916026476280350cb55d5c3601e0de1

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

Filesize
4.2MB

MD5
03d6455dc6934a409082bf8d2ce119d5

SHA1
995963c33a268a7ed6408c2e6de1281e52091be2

SHA256
82ca2aec64fe151efd59a838c1845111bfb9f94ff277be3afae4e3f684ef3a62

SHA512
a0ff71bc01a11c9a95c1a0186a7bbfec9c3f84d7e600d0bca877934fa5f84053627bc59bb355f53ce9e3c9e4c6a841b8f5cb7436fe7f43b63426a8a851392c6d

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll

Filesize
4.4MB

MD5
16a0c3e48ad4da7249c759e6166b30f5

SHA1
cd81ff9b515813e5cee051fa9ca220385d1adcaf

SHA256
b1462d678a454f40c9af1653024a6b963a23d3363fd0df9bef47ae7be19a128d

SHA512
c30dd40ca0cfaa754f47e310f92405376bc829dfae808d94043512a04e7d9fabe734a1876973f3f3f5b32332446d6e40be9b08f0d92e000f3c9f0acc1c5c9d75

Download Submit
C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat

Filesize
75B

MD5
78a2f986c56dd2a89b07595ac73153b1

SHA1
3d5f39d3e8374ac0dcf8286d030b123311fc95ad

SHA256
a04b6f69e0300caf092c107139c3a16e46c79e2f09300d6c6c5ecf2d98a7f26b

SHA512
00fd09f9f545d9dc40317ffd9ecd1ed106a21a324344f716ca10e43ff8ddbef45ed520b723d9f5eb2d68a768a5e145c602da176cec3d017cd92158445566bf77

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nm

Filesize
335KB

MD5
ebd2d149c6ab1c848b4ec0a194b433a0

SHA1
eb1da4efdcfc319bd34cc2ecc66f77830c9f8297

SHA256
12a3865bb87dee5250fb968faf748c0bde20683526485a520388c0bfdd5987ef

SHA512
95982cc2239a63bb3b617035846f30c7f5782927580291fab2e7683b5c3315ccb0e8761b9360d57e8ced5e6b6deb56f1d5389c3bb821b50c7c5e7026d675c334

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr

Filesize
11.4MB

MD5
15a5ce8f6070621b67b7c9313c7e8bbf

SHA1
38082af465541173e1198d215cc2b4ffdf83a29b

SHA256
5d049b3b2e0f3ef75660b6b0889dd79ee27fd633b33d5befd3602283b31a99b9

SHA512
779231da9ecade6e5e9448cd1575f4b970c4d70b82890731fbc379932ae69963276e967fddc5cf41e7e1ce22c3f320a57f662995d20b7277ed5527c5425282ea

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.bin

Filesize
995B

MD5
a8e4820e175f7d9c0f37c4f63bdf44bc

SHA1
e0aa265a99ceb65255ead59d54ab2e044c7f63ef

SHA256
4c2d5ddb9c89842b4c0aa4289c62aa67d7480400b95b0bb9be5581576b680a6b

SHA512
68a717c19a8f3532ff8bf3fae6d28a081939618c0f49da8c2cb8c14a9b563cc8dfd3b22d1d0f0e3aec8bd79207f46f3ecb0c49f5caf4fee2d570a5d1917df0df

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb

Filesize
14KB

MD5
0e2304979600639e6dc5df6bbf02f19d

SHA1
8016560b39daee5c62f62214f192a903eb4b5783

SHA256
8c821313760c45453e2ed479c0d592f3f00c5293e39b30165b1906afcef2b570

SHA512
2ef18becaefbc3cdfe440cea9031507917495e8122b10ef21cbf0dffe20547f6b04ddd06cc01043c411d0a27a35f439c3f9353a01284281c057b53380ebb5228

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat

Filesize
924B

MD5
d936c8be3edac700887f62ae11328af6

SHA1
59388dd68d889159c012319d20f5f7a59ece1ccf

SHA256
6e3b0d632fb89861e7d71641ec26d41c1b520f87b3102004f47198ee0fadd1a7

SHA512
a227e5d207b3510e6c3d625cdbe19e7b187a9b7d33a6a237053ea8dd9ebfece3efab7f2c387d1d895bc75e73a460ae8251a0d38696f6363aebc9a94f215a07f8

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat

Filesize
39KB

MD5
10f23e7c8c791b91c86cd966d67b7bc7

SHA1
3f596093b2bc33f7a2554818f8e41adbbd101961

SHA256
008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

SHA512
2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt

Filesize
23KB

MD5
aef4eca7ee01bb1a146751c4d0510d2d

SHA1
5cf2273da41147126e5e1eabd3182f19304eea25

SHA256
9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

SHA512
d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat

Filesize
514B

MD5
d8328f450695ce107e363b4265bedbaa

SHA1
ce05a2b35d00e65efa04dcfdbdec3662257fde24

SHA256
d1f8a171f63c07affcd7e2b999a2d5a1e73089b907840c59885e0ab8c044220d

SHA512
ca2ac49cdd982faeac43cf47582f4c515b55a7ded5841071e2c5b43215c52473037d056bdc41329b0d35ccc2e19acd74f433d29af58a0d43b4226484428bec65

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb

Filesize
24B

MD5
546d9e30eadad8b22f5b3ffa875144bf

SHA1
3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

SHA256
6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

SHA512
3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb

Filesize
24B

MD5
2f7423ca7c6a0f1339980f3c8c7de9f8

SHA1
102c77faa28885354cfe6725d987bc23bc7108ba

SHA256
850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

SHA512
e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb

Filesize
9.8MB

MD5
7be480931852fc531901a014d36d62da

SHA1
7a71c3559f22e004640ab09c733c37929f040635

SHA256
34bc9b49b1a173b465ce373e6ea59cf450f0439b4b41945781f7b09dcb616f18

SHA512
eecd7f9f8bf40a8cc31d97f46ae88d8ae749e727d416e8db40ffbf0fc3d9f1a72161049c3fcad97c9c0a770f01825e3da17aa1a9985bf8789d62923595750619

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb

Filesize
848KB

MD5
d837cb097a756d6cd64674dffeac2c79

SHA1
d168ad2d478ffdb3a78db07025ceda729e6cbd64

SHA256
086e61d9b94e79ba0c1cab1bdd7ad6b8027c1ca04af8ad561407d0aa5b73f4a0

SHA512
d23672a344ed7c09f50cdf7c6a2c93ea2ce9e418113c7e70c18db6dad7f1ddfcb510045ccd53269b4627754945a98a2c14b9bacf758cb8fd12fcaa0f2c52cad6

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb

Filesize
168KB

MD5
6a8a4fc4beb5403ffcc19e788539e6e4

SHA1
17dd15820790c0a1ccc333748647b99569e526cc

SHA256
d21e305e3b6e6981b472646309519fe0ded1b2c64d29006e3df6122345442e9f

SHA512
21d1646aaa556ed4fdd6cfa98c1ade067782412e953459ccaa61a1bdb04104b3b72ae4f15c38dc5cd1ab51c16a8a0bb51f22318aefe72566b19cdb16f80c249f

Download Submit
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb

Filesize
16.7MB

MD5
24d1bf9696a9654b21ab798d81bab4f2

SHA1
f85b062fb29671476d51475280224dd0fe5240d3

SHA256
d23824ea0c1a348606da11e944bf94b13be8270eacf19494c6f78bc30b6f43c4

SHA512
73c42cc2d0062469f4ebeef69832fc907dc593b444e83610e9b9cb9d6ebd164b161b2c4a2746c4f90236654eb55d40a410cf8f2da968c7d0bb7027fc762e0539

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

Filesize
8.4MB

MD5
e1fd25ef57e7468890edc15ee864185a

SHA1
18ce627db11d8f2d0836e34f90dbef8760f3f2fb

SHA256
b980f9fa38b7b628663078ce5fb9f1901832e1dc1f2e3e021fe05cb0094dc68a

SHA512
5eae9e5f24e5825b926e28f27367b2a8d02d40748533fdfa51ef72ee7ca499c249b166ab75091643b5380975014fee8e049dc0427c9747aa32e1ce1736f1e99b

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

Filesize
593B

MD5
946a352f61b3f223ad4078458cf74dbf

SHA1
aa542272191a754f6bf1bbf05038625760b4f647

SHA256
4db0cb36a9f9b4eb2cb5bdf728aff0ff467d2475577db72a81add891194fada5

SHA512
ba9af68adba6d1466f11f58fa242f9ddc2d70b3e855f2e249f676542e342e5a547ea823b2fc00d956a38be0da1bbd09efdf61b2d05ed92b93f1098ffa748796a

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

Filesize
8B

MD5
74124b3ad8439d23425d6698c70c5287

SHA1
17d97c8d7bae30511d712775c9b27838147c781b

SHA256
ceb1e5d13a18b34ed2cbf4f77be7db9176c23ea8c60cb062ed833487c6fa2a10

SHA512
7d16352985022c1b10beb17871b152abec6ecada8be61b20c524d775f227520fe78895cc8ae038e9ffb2c8ded08b800d94de664ebbcef7088ba51fec6720e804

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

Filesize
113KB

MD5
2ccb84bed084f27ca22bdd1e170a6851

SHA1
16608b35c136813bb565fe9c916cb7b01f0b20af

SHA256
a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb

SHA512
0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

Filesize
10B

MD5
a81e09a9a21ee732dce3ead5dc3c3cf6

SHA1
45ac33ec7a0a1df9bc359b18a6b274156892193d

SHA256
329d6dcee25edafe05672ad6615be6b04c636f46fc112af4734c4d484de452ad

SHA512
80340387ee90d35f209cab4c05e5e9c1056ce4424245ab3a990889e9374f66eaba22392ea47a85d8e32c9520759b918bf9d194e4d9831cd21c8f6edf0847b46f

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\uipkgver.dat

Filesize
6B

MD5
74c6677020fc6b6c867aab117078bf5f

SHA1
8c46db37dc0b39eb963d4144539c8b591e122400

SHA256
cdbb9bc874d71e154c71b68b1fe959913d286036dac11e226e5620c919ba9708

SHA512
3f9db8d9bb25322f8d8e750750bf92dbe6ac63d686eced65cddfcd61178cf0e947118a491058414d4d2cbb4892e39815565669aee0dfdda23aece72d278292d0

Download Submit
C:\Program Files\Malwarebytes\Anti-Malware\version.dat

Filesize
47B

MD5
10e194879087ef52a805ff78fff04b2d

SHA1
0eadec73b85b10793a1589edbce08eaf19db2520

SHA256
adb45408d499e486dc9856c3f6e894dda39df5f7c32b5b931f2aa2cf23d170f8

SHA512
6b6a545bb42ddc449bf615bfc69bd89cfa5e2342d96ccb7ddfc75918956467b04b50a14807374c3808f82c17eebba79c5145bb0ad2fe3b893c7dda2f07b7ed13

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

Filesize
15KB

MD5
f94e888ad5521de036a89854996da85b

SHA1
1d8e013652a14e70e23b694401c112b8c2ee31ee

SHA256
933fd3222c0a322009d75c4fb952dc2ea973c4162dde953cbbf468a9dd99707b

SHA512
ed7d241959c2d5db0eab456a9088c3675fe5823836b421971780401a581e7746510ee5f2cf07cf90c2067b2f4f7e6a84ed64aa3a658460ce2e244770ebc485b7

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json

Filesize
814B

MD5
c0812e82e410ef7f82931d262f646068

SHA1
f009c4d3e244c179acd9225e4b7f95e0102ea96d

SHA256
bc6b1a97a98e6b216eedc0283626759863618eb90554759a79249c6d66454d60

SHA512
48d108db121c89b5c5cd3f096c80707cc8a5f3974b99330a513e30c0be9a4b397cccfc8966667c32e2b43ce03cf15ab37e2aaebd64a3d15eb9540d63d74a0aa8

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

Filesize
1KB

MD5
e8508d20a52593bb665c06a60964da84

SHA1
239b7f4bd25acf00c943c21adcdc7d10e509a730

SHA256
9edf95012c431c24ab8d0da56b5036c415270185cbf6b3c567c5243cc45d3891

SHA512
f3e9c682a55cf625a1db78f9445c330f801b9b57e788d95474f6a313042bb1a806618954abec6673d108ae8da8849813f47f6fcdbb4f54df053cd30d0104d182

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
ccd285ea6f660979ec3d62f2a26b34c0

SHA1
b109013bd75ae4206fd7a615dec4f175d6b9b6f1

SHA256
d5055ce472263fe9b7cd0cd6478c14376bd867e1627f0b7fde76b006c5b2c608

SHA512
2fe53912ac0acd03a41d05e1a45d835cf488a77f3e4a4c622984b6c4f9494cce13606027c4a76ce685edc778ee2972e75dd44f8174841f6f10da70cbc08b019c

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
3f896bef04627f2d3f57701b7df6918b

SHA1
4d8a31cd6623fc6bdd2dd552c4a6b3c7915ff6c6

SHA256
ab0cd88da8612f76420c6e407f308a476deee53c947b26d2ef3ce2d49ee92381

SHA512
64bc37a50392d7f05e47373cd740b89543b13b8de2bb46103ed799428b04b763d3ffdd81e79fc781837e6d5c499db3da5c23f4c62d5f4f20b5ccacfe83875e74

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
cfb7d2199e2bb0243ffd28b48afe320b

SHA1
e633579f15349719a511424cbc745778c27e3638

SHA256
81d020084b6fa4e607e5586b464a990e997c6616b716f0c08c51c29781d29ee7

SHA512
e386fc97b99ec9f8ab58dc2a2b602ee844d0da3d504bc3365e495cca110a9fe47121fc0c84ae8307bf934acfe3a795530d5ce297b6fcef1a8b006979704cd8b0

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

Filesize
1KB

MD5
89854f515e6c3b664527df7aaffa9c0a

SHA1
18751f32a1e75b6f738c0b150ed198d1b0ff0fd0

SHA256
4a2521bce90f3adac4dcbbd7824e98610a6be75b6aa3f98bad7d0e250ae3d91c

SHA512
8031af5856bd0b76c4d610a2675ccd1fc86445c894f52d6dddf2663c37ebebe9bdc76d213f6e3a5eabba5c32c7571fa3e7e8f90e4681cc1c1810e83c32bdc8d6

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

Filesize
640KB

MD5
d07772cafc32aabc7046ee2ea4d04a94

SHA1
6b2e7ad0d89b47201abf2b21eb03c7375b3db3e5

SHA256
352d70bfb02300abd2a1df4debf805b7fc6f62b81b78b3f495a0e81c693a249a

SHA512
41756168de676a1b0689090e32846ed14fb93caa7fcdfcf0d729003bba4c52255420e814c9e2dfe40d723bc9b9d7b1003a844afb494990d3163440eac3df568a

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Global.sr

Filesize
3.8MB

MD5
96e48d09e666ca40948d8550be5d895a

SHA1
ae0f54858aa4ed8697fc7ab881854dee61e712e4

SHA256
c8d95ae8aa8d13db1b60bfd6185542b0b87782b9aaafb52b12d37bc8457b9b89

SHA512
2fce1bc53c00eb454f4459dfbc574022c6055695f52eb60132935d99d0648b70eaf29e69f3bb64880d2f5ac3450e43d449d726826f4ea7aadde8a85b5470685e

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\rules.mbdb

Filesize
9.2MB

MD5
8e7d8a1af7327285ec07e40b8361c511

SHA1
e5151327863bb24ff4dd2436c660db11e90c9774

SHA256
058e72b5d935144f1813fbd6036fca8e430af28b6566724382e295fedc816741

SHA512
5bbb05cda57347e77e65c8700dbe18275e3cf188321cd6fc4925d113a3e4a09a703712c247b0843ad80b664b66785ddc8be4ee993ec5eb7c842fc26c886051aa

Download Submit
C:\ProgramData\Malwarebytes\MBAMService\lkg_db\wprot2.mbdb

Filesize
1.2MB

MD5
a62a678c0c1d7bbc751d9e122954cf4b

SHA1
12ceaff81847d6717b73c49fb59f7e9423ff176c

SHA256
f714980da56c2a3085ffbf98eb353f6cfead750dc02098b771af9ff0006fc64f

SHA512
0f82cfc65bb2159c1c33dad7c620ebe31052923e8d3b019fd0aa207eab803fcbafab399f298dfb7b8a847cddea63f7554c2931a2c419f725194a975f14d6a003

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\7z.dll

Filesize
1.6MB

MD5
4da585f081e096a43a574f4f4167947e

SHA1
38c81c6deae0e6d35c64c060b26271413a176a49

SHA256
623e628393bc4b8131c1f4302b195429dfa67e890d3325ceaa56940660052b1b

SHA512
0fe168bf1661691dbaa103e478dd7e46b476db094bf1938bf1ad12ddb8a8f371bf611ff504d2eb3ac319862444cc64a27ebee8735aa3752aa32a399b09427243

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\ctlrpkg\mbae64.sys

Filesize
154KB

MD5
95515708f41a7e283d6725506f56f6f2

SHA1
9afc20a19db3d2a75b6915d8d9af602c5218735e

SHA256
321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

SHA512
d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\dbclspkg\MBAMCoreV5.dll

Filesize
6.3MB

MD5
0ccbda151fcaab529e1eeb788d353311

SHA1
0b33fbce5034670fbd1e3a4aeac452f2a2ae16eb

SHA256
2a6ac5a8677bd1b410420183169b9ca9ec87dbb78ce0f11ebac2bfa022df7c70

SHA512
1bf9b8849b27491ecadfb4caf4e61926f9a0a8479c247a2281ba2d7c1ae0587251330ee29cc053630047e279ef6b52d3a125e21144b9688f1328f101bfc3c2e9

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\servicepkg\MBAMService.exe

Filesize
8.5MB

MD5
c02dea5bcab50ce7b075c8db8739dbe1

SHA1
d1d08a208e00567e62233a631176a5f9912a5368

SHA256
c264dd072a5c7954667804611bcc8a0708125ed907b1cf2f8f86434df1a125dd

SHA512
74bb2b82d0d2bad4e26138304d4e4ad6379acf19f8aa13aacc749901e7381281d59720d7bfc3c6df0c835d805f134ed08fcde47a79c4c5384a92abeaa4c89f4c

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\servicepkg\mbamelam.cat

Filesize
10KB

MD5
60608328775d6acf03eaab38407e5b7c

SHA1
9f63644893517286753f63ad6d01bc8bfacf79b1

SHA256
3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

SHA512
9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\servicepkg\mbamelam.inf

Filesize
2KB

MD5
c481ad4dd1d91860335787aa61177932

SHA1
81633414c5bf5832a8584fb0740bc09596b9b66d

SHA256
793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

SHA512
d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\servicepkg\mbamelam.sys

Filesize
20KB

MD5
9e77c51e14fa9a323ee1635dc74ecc07

SHA1
a78bde0bd73260ce7af9cdc441af9db54d1637c2

SHA256
b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

SHA512
a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\servicepkg\mbshlext.dll

Filesize
2.7MB

MD5
b7e5071b317550d93258f7e1e13e7b6f

SHA1
2d08d78a5c29cf724bc523530d1a9014642bbc60

SHA256
467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

SHA512
9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\uipkg\QtQuick\Controls.2\HorizontalHeaderView.qml

Filesize
1KB

MD5
d8c9674c0e9bddbd8aa59a9d343cf462

SHA1
490aa022ac31ddce86d5b62f913b23fbb0de27c2

SHA256
1ef333b5fb4d8075973f312ef787237240b9f49f3f9185fb21202883f900e7d7

SHA512
0b86ec673133f6400c38b79f9ba4f7b37ce5afdab1a2e34acbf75019e2590cc26b26d323ddc1567c91375053c9c8593be0615389db8eb1a8d1eb084ad4200b82

Download Submit
C:\Windows\Temp\MBInstallTemp067628414c4911efb64cd63901c91a66\uipkg\QtQuick\Controls.2\Imagine\VerticalHeaderView.qml

Filesize
1KB

MD5
829769b2741d92df3c5d837eee64f297

SHA1
f61c91436ca3420c4e9b94833839fd9c14024b69

SHA256
489c02f8716e7a1de61834b3d8bbb61bce91ca4a33a6b62342b4c851d93e51e0

SHA512
4061c271db37523b9dea9a9973226d91337e1809d4e7767e57ac938d35d77a302363ed92ab4be18c35ba589f528194ad71c93a8507449bf74dd035acf7cdb521

Download Submit