Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250610-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/07/2025, 05:28

General

  • Target

    2025-07-03_0d1d290c899f25fae7c444139f97cf4b_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer_swisyn.exe

  • Size

    2.8MB

  • MD5

    0d1d290c899f25fae7c444139f97cf4b

  • SHA1

    4fd2340144115095ac32bf6a4908b0ad5d9527e2

  • SHA256

    1573b1b0cff64147082ecfa16e524c55217d4c7266bb936d64e7d4248b7902f8

  • SHA512

    347e120fd369e0641affe241b2285ec1159c2189b62ccc59b5d411cbc96f9da018309b825a7fd0371e3de265aad96b10458f71a81133d1d3144456110d9ea9dd

  • SSDEEP

    49152:ta0/fqk52pHLiqwAeyfvE0Z3R0Tnxn1o2d5xXDvdbVVrT:Eqfn52p4AeKtwnW2T

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Downloads MZ/PE file 1 IoCs
  • Drops file in Drivers directory 10 IoCs
  • Modifies RDP port number used by Windows 1 TTPs
  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • Sets service image path in registry 2 TTPs 4 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 24 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs
  • Loads dropped DLL 38 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 26 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: LoadsDriver 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-07-03_0d1d290c899f25fae7c444139f97cf4b_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer_swisyn.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-07-03_0d1d290c899f25fae7c444139f97cf4b_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer_swisyn.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3100
    • \??\c:\users\admin\appdata\local\temp\2025-07-03_0d1d290c899f25fae7c444139f97cf4b_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer_swisyn.exe 
      c:\users\admin\appdata\local\temp\2025-07-03_0d1d290c899f25fae7c444139f97cf4b_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer_swisyn.exe 
      2⤵
      • Downloads MZ/PE file
      • Drops file in Drivers directory
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:6072
    • C:\Windows\Resources\Themes\icsys.icn.exe
      C:\Windows\Resources\Themes\icsys.icn.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1796
      • \??\c:\windows\resources\themes\explorer.exe
        c:\windows\resources\themes\explorer.exe
        3⤵
        • Modifies visiblity of hidden/system files in Explorer
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:5896
        • \??\c:\windows\resources\spoolsv.exe
          c:\windows\resources\spoolsv.exe SE
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3556
          • \??\c:\windows\resources\svchost.exe
            c:\windows\resources\svchost.exe
            5⤵
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            • Drops file in System32 directory
            • System Location Discovery: System Language Discovery
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4548
            • \??\c:\windows\resources\spoolsv.exe
              c:\windows\resources\spoolsv.exe PR
              6⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              • Suspicious use of SetWindowsHookEx
              PID:4604
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c c:\windows\resources\svchost.exe RO
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4748
    • \??\c:\windows\resources\svchost.exe
      c:\windows\resources\svchost.exe RO
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:4344
  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c c:\windows\resources\themes\explorer.exe RO
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4768
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe RO
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:5276
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
    "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
    1⤵
    • Drops file in Drivers directory
    • Executes dropped EXE
    • Impair Defenses: Safe Mode Boot
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5860
    • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
      "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      PID:4060
    • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Modifies registry class
      PID:5380
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious use of WriteProcessMemory
    PID:452
    • C:\Windows\system32\DrvInst.exe
      DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000140" "Service-0x0-3e7$\Default" "0000000000000154" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
      2⤵
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:3244
  • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets service image path in registry
    • Checks BIOS information in registry
    • Executes dropped EXE
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:6020
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:1600
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:220
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:1888
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:5628
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:4480
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:5088
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:2564
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:5780
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:1592
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:5788
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:4296
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ig.exe
      ig.exe reseed
      2⤵
      • Executes dropped EXE
      PID:4448

Network

        MITRE ATT&CK Enterprise v16

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll

          Filesize

          5.4MB

          MD5

          956b145931bec84ebc422b5d1d333c49

          SHA1

          9264cc2ae8c856f84f1d0888f67aea01cdc3e056

          SHA256

          c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3

          SHA512

          fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll

          Filesize

          5.2MB

          MD5

          fdd046da9d395052a74cba975e58a29c

          SHA1

          359a47e9e8ab682539211025e95dcd49834bcf1e

          SHA256

          8ca449b57df9b70ebac3aba5993d0b7ee4edb2c24f534229a14add96209e9c69

          SHA512

          de02e6d461630c2707f84676a5f707c4e19e6c10c5c9851c8fcfb68b8d21f19c7eb1fe85bc667fab8c996b7d5242fff547f3a552452ca6d545117ae1f4c84290

        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

          Filesize

          4.1MB

          MD5

          18641c1028572ac38861472767bbd51c

          SHA1

          a23e7b0403799ab88e83d653e17b98b1a9ad2adc

          SHA256

          2630ff28ce0009638f1af8a8a603946b585e985f64fcf159ede3c81c2eba7d90

          SHA512

          cda2372d9a8e09786b30cf27b480c840bf752a149b5cfe9e1c11160447eb0e9ef3d8e67c253c633b6d36d23102d7ed07b5b1c27f87dc06371f1267e50d643501

        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll

          Filesize

          4.3MB

          MD5

          4fe0bec13b02be1587dcd00e62b14849

          SHA1

          20cce46db5cee5b892e0fd02c44a59b5da2678c3

          SHA256

          154e96500600eee8ec0a011ee95ebb7eaf4b977056a757429c126ad05f8862f3

          SHA512

          e77c63e7f867645d73577b9df6b7442d41160aef5561cf4711e90333bdccc6f08f89d47aa52e43865502b4b8b70d37715eefb0d311a6e14c24d690d21bc71644

        • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat

          Filesize

          78B

          MD5

          cec8d01f2a0af23c6662a9acab3c7b2f

          SHA1

          2561f9a0e7eef1b16274e5ed1f53a01a4d9d0c0f

          SHA256

          8259bc19e0a209c2c01f6db946e2d2612dda2723dd5f768e76fc14c9998b6dc4

          SHA512

          2105c6ec0d13dac03047aa1b92e64c43679cf532d68fb17d450ae8fe04b73dd9c3d6c17162f54d938ce825bb954d3f9a2c1f97227dc1e346a50196df97fc0a0c

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nm

          Filesize

          338KB

          MD5

          00ed936a1469d0ecf817f963dfafc221

          SHA1

          353e97b8801bb6b311520ab8a3b241b67da4c713

          SHA256

          fdcefcb343e91c6e0b7a605ef9f715665da13324b2499185a42827c2e67e04aa

          SHA512

          259c220296f5cd24e457b3893c1793d530f04ba3865b9c2be1ff039750a0f9e8a790ccd7a5be2ca61cf31ee419c04d394c8c2a17a8643851f818f880b860cedb

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr

          Filesize

          19.5MB

          MD5

          14a599aac2474a8d3408b4eadf3eec0f

          SHA1

          1c5ed9792dda0b2e5e8713a30bdb6c6e466cf2fd

          SHA256

          cf28e700fec252e1beb39c2f342f9db8d26b3c7d4408ad230bd7d2def3641b2e

          SHA512

          ec51f551d4fd3cb585105049c64fd0cf905698b42531efd423eb3ece0f0a6dfcce2509ffa2cf93664d7ebc7300f5811a35deb02d789793bec827c57739da48d8

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.bin

          Filesize

          2KB

          MD5

          a9ffdb4a6e4249032d1eca20ca7a174d

          SHA1

          fdf353bd6300444a7190584a0773cbe42e6b18f2

          SHA256

          2197a0fb87f14228f6100c05de73e7940f0694ff87907ff2f91003f388080e02

          SHA512

          8bed00085a9ebec6d529421586008742e891f9476d4e13aaf9f142e361dde40b3a4859451c7c0bb34b568c12ce9a230c069821f0179f586c3e1e34e4762be3eb

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb

          Filesize

          17KB

          MD5

          c5eb28d4d43978f7d267975efa1de2ac

          SHA1

          814088cb932427fc93b93e8ad809ffedb8b30e6a

          SHA256

          3d4586848f8b066b4b8f060af49ccc739763f0f708a7324489f5d2e9b4245a42

          SHA512

          e58f6e785b4bf61f05650143f11a2135482462c12791d559633df93e258794e282e12f282197142d8770be5ff8bd666f67c8c8416b6b9530725fb36c90eb48a2

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat

          Filesize

          924B

          MD5

          2983c309e26a7350d7c067a2fc4fbfaf

          SHA1

          6b0a29e04d8eabf9b6ff882ec3c4c4ffa1b4bc96

          SHA256

          09748f956d7d104bebb6c50dc1f39e46ff61436ec75e9fe2e103c0cfdfbd1931

          SHA512

          bcfd3cca1dbeb414ea3955fe0d4e4b039f0edaadaed63b1d3b4807778d0d59c60d16ec9f6efc9c42a36d17849883be4ca8ba566d9757a12ecaf30622ced4a840

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat

          Filesize

          39KB

          MD5

          10f23e7c8c791b91c86cd966d67b7bc7

          SHA1

          3f596093b2bc33f7a2554818f8e41adbbd101961

          SHA256

          008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

          SHA512

          2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt

          Filesize

          23KB

          MD5

          aef4eca7ee01bb1a146751c4d0510d2d

          SHA1

          5cf2273da41147126e5e1eabd3182f19304eea25

          SHA256

          9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

          SHA512

          d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat

          Filesize

          514B

          MD5

          501e30d43f8648f5f30325e680fe9fb9

          SHA1

          abd5060a1f13d7b81b44b1c5ef136ed940098707

          SHA256

          17b422cd3c0d0b6967a161acc87f25f18263d453ed363ea245847e73e845c61f

          SHA512

          533510c9e718a235e64c4586fdc4fcd97b93a4173a9986fa695fb70b02c3de0e96b28efd1bde0e0cdc2eb497a0bbf7b994459a8a50021ce2974a62418723c1fb

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb

          Filesize

          24B

          MD5

          546d9e30eadad8b22f5b3ffa875144bf

          SHA1

          3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

          SHA256

          6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

          SHA512

          3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb

          Filesize

          24B

          MD5

          2f7423ca7c6a0f1339980f3c8c7de9f8

          SHA1

          102c77faa28885354cfe6725d987bc23bc7108ba

          SHA256

          850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

          SHA512

          e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb

          Filesize

          11.3MB

          MD5

          135e8a7cdbbb3ad2f618eb8e0790bace

          SHA1

          eb2073ef975dc16bb5c722d74de8e027259cc4ed

          SHA256

          c515d01109511f89a5fcb1641caa97dc791abab954a6c97045e05006b9d96360

          SHA512

          28e7d687bbd685f710cad4b72aa8656abb5de691eff1d1f20585f4641df631c94bf4b8ae623c96003071ae65074a101e70a019c405cbcbb7b822aaa5ed89b687

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb

          Filesize

          504KB

          MD5

          f82f623a57d2081167b0ef4080e75c95

          SHA1

          73998e34ff150988dbf9c9e01737534a59f33db3

          SHA256

          9c010467f93834859acc2c97720dfd1295874688fc7ca8e69df6cd564bb38008

          SHA512

          a0d2fd8588563e02ea96ffbfce58777b511d16c088fd0973cec0a7235799b6a6a8317079c839045ca88c76dd9827b3a1f43b4b5a1d754c80bd35251a1610b52c

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb

          Filesize

          145KB

          MD5

          2dce35e0e73afe5c923dac3a8e70ed0a

          SHA1

          338987e4f0c8567a12b341f5ba0ffd451971b8e8

          SHA256

          c87a818b2963577afc3c513357c33da4a49ae63aa63228435961f3abbc72ea43

          SHA512

          8044eb28c01d2cda2744c21e67dcaa543d0ec40b54d721bc0e5655d90ca993d1c20e01b641b339ffae36de4279de2b5ad817339edb95d4f48fb3464a0bddf217

        • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb

          Filesize

          12.6MB

          MD5

          a8cc3331c745b403aeaf36ba094f7be3

          SHA1

          a004d36cfe62bc2d9bdf3b17cfb6da6d23ee935d

          SHA256

          0bb2b53b30a14e9cf259c42639b3bc5800c21153af4ae320efd66b14f6a76bb2

          SHA512

          ff813d36fe0993a81933d2fcdd557886180da688ecae88c82e74de38b8e00bdfb1726aa626fca3567d3e194345aacbc13db7226fc47c86528b3b5279ccc1d632

        • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat

          Filesize

          10KB

          MD5

          8abff1fbf08d70c1681a9b20384dbbf9

          SHA1

          c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6

          SHA256

          9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658

          SHA512

          37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

        • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys

          Filesize

          107KB

          MD5

          83d4fba999eb8b34047c38fabef60243

          SHA1

          25731b57e9968282610f337bc6d769aa26af4938

          SHA256

          6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c

          SHA512

          47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

        • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe

          Filesize

          8.8MB

          MD5

          c81029e817a7812ff9de07a9460b1936

          SHA1

          796fe3b557afc10de9dc6a217a39fe151698dcc0

          SHA256

          62d826fc76a6f192ed7666404416a549794cefcacd35e21c864f65409291ccd9

          SHA512

          433277ace204e04497df4536e522a97d371ae741e8c02cb20e25cb9c2f29589c6339458444018f6f779ea22fb062f980283451684b1b8e0d2cb96e6fc203f5f9

        • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe

          Filesize

          2.7MB

          MD5

          e04e61828c9fffcee59cd90ef155c90f

          SHA1

          7a97b65f11d2b3f30d8e2dde4c44bdf16f3d3b24

          SHA256

          05d4d87f43646f7ca2e50520d8850e8808748a508c2761838d5fb92d66d6ce35

          SHA512

          04792b998628cde88bc2601534678e55b2d6fde290496e5af08a2955a992ca3bb767bd025dca4373abc55141de8d270f62f628e51c887de54035bbee10379ce9

        • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

          Filesize

          291KB

          MD5

          a80ac5d8cd6fe7a2163a8ea1e02f1a21

          SHA1

          dd514fc8b861e3f58712350759401b53e7f72f31

          SHA256

          d627a2eea7f79567e7d67c32dc07a784f1580702ad4681eaaff00cd22f09fdd6

          SHA512

          c91f1da039e366906764806185b50ec1e1f459cf805892bad1a2482f79bdb339258ee125baf4784bef740af21716955f9dad29c9640a31f55f983f5d3975f093

        • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

          Filesize

          621B

          MD5

          9c23605f60135e873ab1793e107dd14a

          SHA1

          beb9f5e8bf1223e8c8f87ba5b614f9726e666c7f

          SHA256

          39660c4545cfbff29100e6a2ebe1138260de033091984217b952aaa846c72630

          SHA512

          cdc17b8d22a62e7375014e255ebfc4d90b904f58b95c5ac9b6c904649e33a267915719b2d003c53757d59ac85c3182cc99c7dbb49e3dbd14ca70e9b3ba821d8a

        • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json

          Filesize

          784B

          MD5

          7fdfaab79c0fbe43ac9e27fd5e3e2d97

          SHA1

          9d04ce26d1317b1cfa2e2814924a68da639c72a1

          SHA256

          bf3a2a98b0343531f9a34a25c1dc7e923c9714b8983ac22ce364ac3ef50a293e

          SHA512

          fadc61d426ae45fbf7433d029bb2ad9193e2883c9c139668229e5373195cc7c84e49b36bceadd7703f986685bae9f49108efb446312c694522808d68b9957883

        • C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat

          Filesize

          10B

          MD5

          755abb3f76f49f90ee1de815b3b52111

          SHA1

          4e6cb5881c6adfcef9f33393a9a0f54b23670db0

          SHA256

          601e29ba551f05ae6e290dd32077030e93e9aa26a9d9c6b0fc08b19e65fba71a

          SHA512

          caa16034c067cc68be0f7b20f31c0e8a1172c71aa780796454acb3f8afabd89eacded830085d3a4314ddd426e88d664b34ff4be747dfe8a6d712a45430c252f6

        • C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe

          Filesize

          2.2MB

          MD5

          b39ba8b6310037ba2384ff6a46c282f1

          SHA1

          d3a136aab0d951f65b579d22334f4dabbebdb4a4

          SHA256

          3ecbcb6c57af4456111f5f104b8fb8a317cdb0f16e98412249f7a2d62bca584d

          SHA512

          a8b98f47c30503029f2dc80398dacd5f8fc07db562d04c56b8c7902bebf11517223350c41850b81aca770ebc9e68fc365921bd6cce34b57b2c945f1c51b538b7

        • C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll

          Filesize

          3.1MB

          MD5

          6e3bb32d3350e4438bf47220b65b319e

          SHA1

          a113d724edf80282abb958116cc486574f0d3639

          SHA256

          045548918d1dc7cf58ab3022a30918b8fd40382b193cde5e1e4b360df2a0fbb0

          SHA512

          8eed12b08d11af06334f624435ef817ed031fb9dc854e35f9079960ed7083f372d82b6b8b27fd9164b3038ccf6bd2e7304d77a722341452675e6c7fcf1836659

        • C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll

          Filesize

          2.8MB

          MD5

          2bbf63f1dab335f5caf431dbd4f38494

          SHA1

          90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0

          SHA256

          f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364

          SHA512

          ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5

        • C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf

          Filesize

          1KB

          MD5

          5d1917024b228efbeab3c696e663873e

          SHA1

          cec5e88c2481d323ec366c18024d61a117f01b21

          SHA256

          4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8

          SHA512

          14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

        • C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll

          Filesize

          113KB

          MD5

          2ccb84bed084f27ca22bdd1e170a6851

          SHA1

          16608b35c136813bb565fe9c916cb7b01f0b20af

          SHA256

          a538caf4ac94708ddb4240d38b1b99914ca3e82283f0d8a2290be28fc05eaccb

          SHA512

          0fd66d241bdebd0052f4972e85b42639e3c5a40affe23170b84bc4068dff8e84446898a77ebf7cc0bef97454abb788faccce508a68bc5e717980ef26d8436986

        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.cat

          Filesize

          11KB

          MD5

          db15fc0cef63a21761699d4005f64e1f

          SHA1

          b647b7dc78ee038e1be11532c0e22557de8b4622

          SHA256

          3f6a2862854fcef6cb23e9757a958e6ecdbab7a7bcd0d29fe90c23518c3262c4

          SHA512

          fcf2447cd276568562060655b9999d63a48593bef0666e4010fce0a0da77d5c92c2a902e9282cfc04f4f01d8543435935b8ac62c64935fe69d6b6e7d2086a417

        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.inf

          Filesize

          2KB

          MD5

          8155859a66fabfd034cb1f635ee84654

          SHA1

          b371b79bba7a9d34fd71227bbd4847d0a6939111

          SHA256

          c031327df2e0222fb1820e38786e4826a7fa06ad72b4d2a0e35d6a94c20e9044

          SHA512

          863c4d36e07a972732f8c85351ab15ec40d1d389cb5a846417d4061a3b85841f14584b014fb7239eee7a26de7246f297be21abbcd4d9b307d7ad30e5f8c9511d

        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\farflt.sys

          Filesize

          205KB

          MD5

          f09d077c76694c1de6aa0a17fb2547a5

          SHA1

          2127fdeae34a8b3581ea5330114ca29ae14c9c85

          SHA256

          b0b6c9062d3281d651e487a95d91c8f94d730609f271f10d0b64f0f70bf40ea9

          SHA512

          9a6f2f117108ef8bd80533524c87f28278c260d819f7c47ddb72201d08f114839be771adb38c478b14f6babaefe59c6aefe8925a41e144589456b35ab84bb7a6

        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.cat

          Filesize

          11KB

          MD5

          a32881b0be849d96da6b6bb6d7be8890

          SHA1

          5d10d9005ccdb722fce6c2b8ab29fca0dad60e36

          SHA256

          45db7e4a12a3565dccc019f1337f71d58d1969841354cc6b6e867f43352c2615

          SHA512

          38bb2887a3814ad64a7af6c327fdc37f7e086778f3bb7fdd0fad64914ffec868a7eb21b2af29912f1a711509f6f2f35e49cbb7638b3f48b1054a5684eed7d81b

        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.inf

          Filesize

          3KB

          MD5

          5a9717e1385703e8f06b27aa10a69e87

          SHA1

          84ee67a9167b5eb6560711b9871de98898ad07a5

          SHA256

          47b7c516bb57c612de19f0ca865590af95b6e32bf873a0fef9e011b2c5b483d4

          SHA512

          dd3c7278c2c11ad15a55fae6d19b96dadd92f85b7f0c8ce934298258af00bb5c052a84a98499b8867b0f43704fb307c67d03692ca69dda4d814c6c17dd73df44

        • C:\Program Files\Malwarebytes\Anti-Malware\sdk\mbamchameleon.sys

          Filesize

          228KB

          MD5

          1258a8e1beab105aa96c93aa34dd9ef8

          SHA1

          a435a462a0976135e2257b46e52b576fabac3d34

          SHA256

          d86b9b20788b6bff70a1a4c4111b2ea33b9ec705cc6b8fe869362fc3899820a3

          SHA512

          8feb56e3d5d67484c97f20348899673d1b8aafad35cd339bd6c459194fa0f0f9e07b0a7063615b010378a2788cd11ef9e3744253a24c8fcd0d960d0cada77546

        • C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat

          Filesize

          9B

          MD5

          0f3424c6eaa7c9cdffeee6e889207745

          SHA1

          dfbb6b2a66321a58d42ba80093626eb6b94091a5

          SHA256

          9138e494a5722b302415b9c7c96ff733dbc73de9252eac0630eea445b87bac7f

          SHA512

          29c694945586d4bffa43c49cef3c67d86054825d80ae8a643aa4d0171deba24de6ce097001722e5d24928dc14f24a5d40fb00f31362f15a036ea9b861982a920

        • C:\Program Files\Malwarebytes\Anti-Malware\version.dat

          Filesize

          48B

          MD5

          13bb9c0f6e9cb8368cd2ac408a6b126f

          SHA1

          944a1a96efd1abcd2ef73926f37912ad4ad3dfec

          SHA256

          b4283c645f3950a1b9ccf53f35c1ec81ce53007c92461ebd2f73caeed0ad5eb3

          SHA512

          a080f3667338dd6a5afc2ffb9a09dea6b45feb27a21d0444bc337fed6e1d86dd8922506816840541b68c261629692dbc0b0621e8a31cde8e3e13d44b21b955c3

        • C:\ProgramData\Malwarebytes\MBAMService\LOGS\mbae-default.log

          Filesize

          1KB

          MD5

          76a62df48f7e997f52f93365da74b239

          SHA1

          9ac423de6f74978ab186252d9f667749808fe343

          SHA256

          6cbe53c46e9626dd084b6fe4b7a15d15127c6fb9c606531474a49b0b4b277467

          SHA512

          a8d6a1286c382e0824c8b973541990d10a733d53b0b2568e670c70974046240ab9545f85c04c969305511d8761266463c304c49e6ca1d7771121f312a1d43f66

        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

          Filesize

          47KB

          MD5

          82452900d306f8740b867dcff6bfb538

          SHA1

          cffad09a5405635f0b04376091886c43c4404394

          SHA256

          e29d7ea99d6bcd55b9a0a5b1fb3fbcb974fe94f30dab227b168d2ef8ce0b4759

          SHA512

          5fca1860c6cfb1fe2073af59c0ff3c27cf58e66a7f9aeb30e14485a7678e8319d2f511cd21715bcb7a980be70d299b5fe0f8cffaf4162ac0bf12d84854f32e10

        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

          Filesize

          66KB

          MD5

          e347376183e8f1121af87f9b8e9adf68

          SHA1

          8bb79d12f12dd1f260074feacab08b4e23b41ec9

          SHA256

          ff798f8cca16fc9da109183f5c299cb140068db9016dadfd4dbe97d97c0db122

          SHA512

          e00266594c91ce4b066017e1ab45bfac914d72cdef07ae179178a53adabeac43c64465080fe3cf73857629c7ed273e80e6a742b27ef0428423eecef227038c32

        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

          Filesize

          66KB

          MD5

          f5eb1f9af739c9d0b9b0dd281f5b3fcf

          SHA1

          65dc7d83931d3512c86765ee070b5efa52b13d36

          SHA256

          cad5bae69c7acde064ba795137f5971b0bea12f034aee6c0617327ddf1034550

          SHA512

          26fe5ebd4b79d27aac372d0510f3772b4e8583ad88f6698bf3063e617f6a45daafd1ab0bbdbc0cb5055be8f6fce5f0ed4563f73aaf8ada50a1d0dfa8c191da91

        • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json

          Filesize

          89KB

          MD5

          9b8d837159825b8f0e86d9699230335d

          SHA1

          9aefcf84432934b2e3561be1b9e0beb797aece90

          SHA256

          a72ba07ebe020c7f5824d9b77210c2cfc93b39b834011e8f434136262e9cb9a7

          SHA512

          ebbccb29edf118b2b00601617f9a5156307d0758950a109ac4bb6bfd2a72386d534a71946692f82e04b3142306857514868e20f8a58e260559396064670c3fa7

        • C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

          Filesize

          878B

          MD5

          fed1422c2c936393ca1e02e2bb9cb91f

          SHA1

          3b5bf82dc9c02f57f9fb7a19124ae719e97c7aa6

          SHA256

          cac0e9c51ba67ee30d6c194031e8f6c2597ebb601ecd0d75a631b80edf401c87

          SHA512

          2e7de9bff5a3a02ebe5c0d4af063dcb430f6fc05db6a89bd94830e57a5adbe5c8a12f59244ef64f478315bbc7df552bec7f44c6041f692866cb64059e354b9d4

        • C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json

          Filesize

          879B

          MD5

          123be841f10e198703a707494b608e59

          SHA1

          1343e30d877da35809d7ec1cf9a2da6aee45b094

          SHA256

          93e4bc7612be71e6e8c22bfdb9b44cc1298afed7744e612cb0799ccde300c64f

          SHA512

          464ff331e5fb3e8a1ac6aa7eb937297f9ba8779dfb3f2a0a8caeda586e6ded863328ce13ddfb415da4e110a1115a77c12dc725f390e06b9cb0f62cb1b8069e1f

        • C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json

          Filesize

          847B

          MD5

          be34dce702551f43a7d8314a5ffb43b4

          SHA1

          fe5e0d299673b2512fe48dc7e195779cf7c1cb02

          SHA256

          43c6434f31ece0f8005c0d313492e1f233da0e38af546440e6b5d5588b3289de

          SHA512

          9294afe589d502cc658bc1cd5601b25b8f790c44087a3278de2eaea91e1e5f16445e285182f635df7978f3ef72e0a0fe7e0a3121c9ebfc7261aef4aab1cb7d2d

        • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json

          Filesize

          883B

          MD5

          c1ed7f3bdfecadbcc919e3e0a8f37cf1

          SHA1

          e94d468f6f857582039e50efbcfe6d61ac4ea12a

          SHA256

          d20f501cf9ccaacbea751fc5b1ca4b290c31084800e04b15719214bf56bddc27

          SHA512

          99fe74ada15890b8ad15cf38fe959b16da83c07ff8de81e8f56b09e933ec64f9e5777169fa1d9f1a0f8c3909a2ee1bf510fb1aab34bb7f7c64447ab59686da88

        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

          Filesize

          11KB

          MD5

          24ed46ab72bfc490297bd0d7efc749b4

          SHA1

          c67371cad61f4f650af4917e2316bf6a4baa189f

          SHA256

          f327868bbf1c331395fe9c76936b7da080ae19f123ce99190d7349bb1555d921

          SHA512

          f8911c82048696ad443758fccd027ed33c434359a375847cc1ef949a1de604547f0918537d91545a60d6b84a5fb2ea212eb07f873d77145f5adf367056bfa502

        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

          Filesize

          12KB

          MD5

          49ba08581049a84cc1a5ea0bcde730fd

          SHA1

          3cee8224922514f11e3a2b22d4008dc7ee00e637

          SHA256

          ca78b9b3b06542b7191716cc972c79cba76a8850303066ba722e8d20a2cb31f8

          SHA512

          134e6ec995abdbb593aa973f29cb60e06b23309ee9fd6c2cc652e1b85d22bb5679b4ed54e35ed2e8dd50352ae7351080cd9667924ae1a16e9a67a9849261028f

        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

          Filesize

          12KB

          MD5

          d053eb3f03bbdd8a23e0efe93c4bb6a9

          SHA1

          ac18587af91511d3e971384371646acdeb4b7a26

          SHA256

          bf35a35c35b01a3f31c1cedb46493e86c985347fc33e64e5d890f991532b11c6

          SHA512

          126f8ff667afb953655e8ef2a9802ecb04edcfd011247fc41cebc9a85b72a5ec38d3a762c45a2e3562c996ad89540d81ab40fe6d83ea89f41327ecf237c7f19b

        • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json

          Filesize

          12KB

          MD5

          e7ebb04939abc2f4d8421afcb5c0ba19

          SHA1

          d81a5216f06a633fc4ed494f2ecfd31cb796fc78

          SHA256

          f1e727071acffc91228fcd1849a51a2f914f2631c5b0e1c0ce5eb6dc1cb825e5

          SHA512

          b14c855356df6162b17da602fd84d0101f5c669b77fa48b681d261c03e0185781e91eda0604039a329b3164a497813f1b75ad0287f95722a83d0798054187626

        • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

          Filesize

          2KB

          MD5

          8757a92af1b99b34664f84cc659dfb57

          SHA1

          49b7c655b00f39015a847138d8ffbe8b35cddfa2

          SHA256

          a1f6a65a6b09f894638989192f9698d2d80143f797ff576a1e07c57dffd3c836

          SHA512

          9babcfa1a83f0bba507830e26849005ad75079c675f37974eb50bfdd4f4939c262407137de7554a4f05540448391cbbe2604616c30c1a78b70c75b0896697a04

        • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json

          Filesize

          2KB

          MD5

          096000c3a7756736abd04d73c24679a9

          SHA1

          32cbf5e9f76acb80c3b2b6c4f316c920eaff3aa3

          SHA256

          6cb6e8889c0744a1d98db99e1a51b229dfd221aeb9fd3476911840a156c72f2a

          SHA512

          f8fcf336f1beae588e1f09f6306db1665b5c9ea59c55e056e8ac03a7d7068d00393bcabb8f6c3c3d0be50350f8d5b2f85838a8e0e00cae01f6737f6a70336c8a

        • C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json.bak

          Filesize

          814B

          MD5

          e10d263f654d1e5404ec6375833a67e6

          SHA1

          625eecac3198b11bc24b4cd38af2e8c0e96b9962

          SHA256

          6818d4be6c8e1304184fe6a5b1acfc049aa9b8ddc7c1b434b1137f259920e9cc

          SHA512

          0660750d44673c806109c979477641ec5aaad38ff86eeae97086defa80c807a03384ac50cce99bdf07314512b2d6079597c7b81340899e3c34faaa0f5e6151b9

        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

          Filesize

          1KB

          MD5

          9d979d73f6795137abfa1406c634915e

          SHA1

          07bc38815c08fe24daafe2b3217f58d7ebc11aea

          SHA256

          7dd7b59492825e2efb92d48a73c7d96221f3e8fbffbe58596272b3d3e4ba6bbc

          SHA512

          d21447fd0e06ee999f1f4128e6dc57d8d389bf80f37341d2a5384dc337d48733c2c98b9f7d23a237420dcdaac678b0f35726eafe1932f233bf057025c3dcd152

        • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json

          Filesize

          1KB

          MD5

          80b3a576b11654fdcf78b59ef65cd649

          SHA1

          3f3b5bc08d83f8f1af1a7ecad670698ace715b2f

          SHA256

          43ecf1117183dc21c834f332ce171725e5b91273cf67c24a0e77264206f41e17

          SHA512

          e55fa8018d4a971f2f47f4a13d672bc0c02e468108d3588a32e1ea21819f2c05acba50741dcfbd37e03654cb9639a92844d92a51897736506d9843bb778cb1d7

        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

          Filesize

          2KB

          MD5

          a99ca36f178e02dde3f19318a5c972b6

          SHA1

          14132729bc122fe9b28ab7bbc0f938e6982e0b7c

          SHA256

          96c279ac36b7657a7d0bc004d83bdd8ded4be43c6f9008134a5f15a5ce8d76d4

          SHA512

          59e66134038b731031cebcb8b8c57380d220a599752ec886b6d2a8a8dec4664fd4ed8e950c2f431a2f128ae128f0460698513914861234d5880ee00fb6085927

        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

          Filesize

          5KB

          MD5

          2ecc09cdd23fe494e793352ab8860b8d

          SHA1

          56e1d86474af61aa02edc0034806f1511b6e98b9

          SHA256

          b7629e9e53d2d77b1d80b55961d908a78f6e7e18771615f9c8432911ea2507c8

          SHA512

          9e0c4376e773bc83f76c2ff5cf9c422c9d14bea8e9ae1be3ca2e5af61fec2689d28b8b0f7ef91743b8c79ebc8642b63b3232808264501a490093bb849d3abd3b

        • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json

          Filesize

          7KB

          MD5

          c9ab64a1572d6ed06209d0c335e01144

          SHA1

          dbfecd732d4222c00073359c07e2d6c98d5e8b64

          SHA256

          8be4e3ea4f40a09c4298636027c46eeee3aaedb8db9220a99c3f2d36932988fd

          SHA512

          ba19e8de6c94e42f1fc68dbfcb59c67e83478c4580da8d627c08a8b8ec402cab382e218774db72e65036eacf1b1a0cefa934df9542fd3537138ade69726ac523

        • C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

          Filesize

          11KB

          MD5

          78839cd7afd36d12b98f3fbc0941bd62

          SHA1

          ec371f36a4556ce6f2e802ec167f9ae9c9f801a7

          SHA256

          1c215e6980454e4333808f183431ccbfe6763e6ff367334ffc400be9ba9a0062

          SHA512

          412afcfb37761213e3e25ccc255458a0d6b8066c0c8e506560c55974078b0d581d2fbe5b428095a4de91c13c5a6d36b83523c0b64e3617e974208f011e232b29

        • C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json

          Filesize

          11KB

          MD5

          b455488ae145b53ad559502f1b35cd98

          SHA1

          15ec6da32ca6a2dd5acfb437fa1d8ad84f5e3f16

          SHA256

          2371b8cdda3ce37998f3d707a42dd47247c4937010cec4c02823a4b49528a6ac

          SHA512

          9c702d4d0dd269ac6acc76a704c36152a81feca686b6472af4465afd5ad8a3b3da60c93493f707c253db1a54b54605dfb69d6886678966b14b29ad62b04fd5a4

        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

          Filesize

          1KB

          MD5

          d4e7455f46e7419b116f4b0043395887

          SHA1

          c2dd96662c5c652d2092b33272bd79982be9328b

          SHA256

          6d39ef38464f9058f755b2f522a66e9d2d617e990b8fa1b1371aa5996460c9ec

          SHA512

          1ae138075b362c67a5bd7f2f10441ec8fc612fcab37edd638497ee95b9ca9766a1518e58f1d3add03e3793768c4bffe2c55b54526634e42cf5c79c03fe9a86c6

        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

          Filesize

          1KB

          MD5

          3f772c31522cbc7275e19ddcb4ea54d6

          SHA1

          b55575dc5faa0700e28da56d4015c69c8e41cadd

          SHA256

          0b60f4df6be6e836a0fd04b387e4ad0dc541376d05cdfd5a51ab0957b260a8df

          SHA512

          5a2e40da5e2827d350c4355d99dc439bba1a00d935ea56043dfddcf974db958402a7bd2a8f17086fa09a84712a508def282b1cda274d0c4bff926adb44a2d269

        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

          Filesize

          1KB

          MD5

          47faf43cc8d05134ba0340075dd53dfa

          SHA1

          f0edcd0a0da923d5855201aa61c39c41c3f1101d

          SHA256

          07e4852cc1857df8a957f02d76cb78850264067dd5bc8951cee4835d17822345

          SHA512

          02082947385666a5ab03097f1b5cea8f90ae577523becdb33164e94154457ac02540f6ed02c65082b51331279b211fd16ea71bf3467616ad24e7f9d8b1c27426

        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

          Filesize

          1KB

          MD5

          80a2af998e87ab1f8dae524e243d2c04

          SHA1

          01b93130c9d78e1f9d1865882ad5a383d9f3d255

          SHA256

          e6febd33220c0ac2b2736fdb5904c8fa2394c7dbf3278ec5c947a3fc8027d9f2

          SHA512

          a9598f7e69da46ffd33524c7c27b795797a1103cdc9503ed5836252f632779d9b461b77300c3cf3e65beb0d42da277a78acc6c6af0e0c251f385a96df8124c1f

        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

          Filesize

          1KB

          MD5

          436f5c800b23dad51bf3816a32329d37

          SHA1

          033d22caa561e79c5a3a88ea88f75f159318e1fa

          SHA256

          9618f7d21971eb7ff0e34ad6962baf7ae608ec36ea61bff0cddb1538d4e2c0bc

          SHA512

          ede20f4d50090cb364d4018fd5e9ba583e4ff36fb258db5551acad16fba165dd8cd9fec516cad05051d42f69549c39ccfad133ffb0e256b61e2e8201f1941c08

        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

          Filesize

          1KB

          MD5

          344e13e53710d084376aed8405519a07

          SHA1

          82220f8c5dd4d18804ef5c69572f39b90e487e41

          SHA256

          ed81a553f49b0c1b8b34d0ad07e2164f8c1a9a80faaf72e5d0ef84a0bdbb4543

          SHA512

          fda65d86f79eef9db03c51eea46bfe7fd27d71673225909f6bc52719aa3a9a471c103ee7ca43154fc9fb64a8d238d42fe86e523f8b76017fa7ed5328b15921e7

        • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json

          Filesize

          1KB

          MD5

          c626900340cb9531146cd66909a6e989

          SHA1

          d8ca7f85054f20bc47d1829e7c0a46358093b133

          SHA256

          a27dc6a4590b2a1afe774d6e20cb4571bb7c0603a1b75826b4171744006e1841

          SHA512

          54c3149d30dafb9140969e70df9aeea271e8cccab8f0bbf24b3f35e323256729dac4d870571eb001af582d71535332f501a394198e364a512dc2e019c39e9fd2

        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

          Filesize

          1KB

          MD5

          0f4b048c3cb7d55d8a2fd1900cb31ea8

          SHA1

          982aa2e37365e9588714e6642aa938699d9a2afd

          SHA256

          0dd4c8b6b1cafc040a3d1c58d1f79839cfa3ae68572e36eacf5a2b2df4e15844

          SHA512

          111ad1eaf2017fa95aa742e26317713b71508bf80c7a44fff8a729a317b38165674ec0719626cfe6babe77331046057338c95af2647bbff27fed3ccb2bfe224f

        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

          Filesize

          1KB

          MD5

          11b9136cbca4cf028de98f80304e4102

          SHA1

          bf47140bcaf5e9eddb185b12648cb91e14ce8390

          SHA256

          24374b20e2125b740b2a99729127801ad92788227d47166a43ffa4f5513cdd37

          SHA512

          4cb937d947613566ccf124b10455a17ad0f90b12606b02bd063875f9689e1d9dbcec49f3fe430a9e965c374c5ae3a85b19692b07c9a566cfa42df7bee17c4253

        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json

          Filesize

          1KB

          MD5

          5016e0371c04c67f2602dac4b083ea91

          SHA1

          f157af54179de13deb30357fdbf28374a1687181

          SHA256

          3f0c5804cbec7757070af9a2b01f7b705a1b900607751f0d0303c9187cc58b45

          SHA512

          16617cea821cd0f8292d20fd4bc5863ceb9a7d607dd42b40f7aeb1afd1363531eb26cbb2b7ca2f30fb9067f20f78c62f4306aba99646fec791c1d62aa02b64b0

        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

          Filesize

          1KB

          MD5

          907663f2da2847fe8b959b3ed3ef7efc

          SHA1

          386e5084844d8e0cb25c195584ec2d46307cfec5

          SHA256

          371dcaf5d8172c8022213f10c3d456efc2e7b0ceb6a542047e3d1f6bd268438d

          SHA512

          b33d12b77d9237546b7e3d80f3253c50701360a217b5b324cf218a9a28de3cb9e97f72a94a45f4a6b4104da78819b0e47594c5fd03ea77670c62ca00a15aae12

        • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak

          Filesize

          1KB

          MD5

          88d2e37a2a9a5d78f0c5d71f92103e4a

          SHA1

          f76c19ba39ee58b4a19bbaaeed23aa033c162617

          SHA256

          5a56d28df9c4ccdca825fcb2f82982b4ce7cda750ce0ba44bc74e72d0e2bf648

          SHA512

          f60be68da3b121dd74cbd629847cb8872ce509a43ef5c5dff5314eb3ea67efcb7096e54aa0ab8e29acf7817a3c7c6a47bf7a283fde620cd29e49c7c782915f8b

        • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

          Filesize

          1KB

          MD5

          e5fdd7b48a769f8319102d7c3711e418

          SHA1

          65ced76d36ede6ff6bbf4dd9a8bb37cd69a4d7d4

          SHA256

          438aed6d3615e8170c975e37103012b6121cc07d5f194a2a9d030bcd3b32f9b7

          SHA512

          d22c24b242ab17dace14d4d2faa4232aa846e55ea0eb53215a806b2345d56c6547f16cb0aebb2564f2274139e01f635ba763353773a85a5a220c4ea39636b6a3

        • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json

          Filesize

          1KB

          MD5

          ecc6e5e3f2a656dff2e86849041c8769

          SHA1

          591b77727e304759a63137e2751717896e512b9e

          SHA256

          dfbf3c21b2f70c72e010ba2955fbfeb35538b43d2cff1a509983abb4b711545d

          SHA512

          bfaec740697fb753bf1eba50dbc49e1598c1b23636a3abdaf0239b8c2b92c4b20c802da9819b68a728efee41ebccde802b6890c7e0aac7b91ccec1c687eb2239

        • C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json

          Filesize

          125B

          MD5

          b623b311a72cb7d33f475deea9c6f3a0

          SHA1

          ced4eb019a4e8e36cfe1f5fb6130fdca1bb4024b

          SHA256

          b3b7b01c12633c6a5fb758ce5eea54adf4cd3bed75edd42fa16df0992c62e616

          SHA512

          693ed3c925858d9c54710209a08a45c6c51e10a876165de233f2633dec0716cf0053c867ea9d25b2bada52c882752cf4a1f9c431b2da9242b3164c595946b6fd

        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll

          Filesize

          4.5MB

          MD5

          f802ae578c7837e45a8bbdca7e957496

          SHA1

          38754970ba2ef287b6fdf79827795b947a9b6b4d

          SHA256

          5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b

          SHA512

          9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe

          Filesize

          1.8MB

          MD5

          974e7d396ee57c31500a959f87b4c1c7

          SHA1

          2bf6f9283053b2ca67890e18750f653a2b6a724d

          SHA256

          672abcf78608ccc77baf6170daa49160903baf15ebdb04cf4bbc8cc916637735

          SHA512

          616ee561576c1bbb0a944fd34ff65232c8acf1b3c6fe41356a9158445994430503b91439b02042810833887eb91b6417fa34d0819f3eb2680f68b9dd210665fb

        • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll

          Filesize

          524KB

          MD5

          60c9b632f13990ff5fb9ddeeae3644a8

          SHA1

          4daf3300db713890453d7cf906841dc0e190a92f

          SHA256

          7a603a228fba7494ac05d95a44759936a8c61cf26410700f6c14bcb774bbfee2

          SHA512

          727a6f7283b07f6a0cd51cabff17c4fb0bbd268c6af5a044814c8f1974bd84ab0d06b39bda7bc460d919a189ca9eef314d2e89698c663d7b17ec16419f9ae2c4

        • C:\Users\Admin\AppData\Local\Temp\2025-07-03_0d1d290c899f25fae7c444139f97cf4b_amadey_black-basta_darkgate_elex_hijackloader_luca-stealer_swisyn.exe 

          Filesize

          2.7MB

          MD5

          43dc0bee6e91d28d0e2d2a40664dc5ee

          SHA1

          206f2b1b32692e684145a9aac41317ea71fd1220

          SHA256

          09f8b72ebed762dd7c8cee790e339be81ada29db13dd9f46feafd1428c40da98

          SHA512

          e5a37824f8ade100a754f9ff66403ea046c71fdaba34f33ddf9915194c243ff4fb6a1be53691a32d509d86033d373e6b5f4a7b9913f111852998f4386ebfa7a5

        • C:\Windows\Resources\Themes\explorer.exe

          Filesize

          135KB

          MD5

          e89132cad94e9ee8384f77ce3692dbf1

          SHA1

          497e073bf76280da52ad57110d1b0959fe104d7d

          SHA256

          c9a54b4026c2d45db5058ce1318a3ed40398ce60e437521d31ca7edb713576b7

          SHA512

          35c816ac1bbff095058197b19320cac0ea93c64eba1a4f9c78a5b0a1787ee3004a34f73bb4d22935ad70ece941e21303fd2ed6587aeff7f4271879844f7a7b30

        • C:\Windows\Resources\Themes\icsys.icn.exe

          Filesize

          135KB

          MD5

          3a9a9d1df35512985fbc6b2c889d024b

          SHA1

          3d382450205a0e9ebcb162457d994ca2a2dd837c

          SHA256

          ce682e251a5442e17eda77d7c35d7eafbd00e3a9f68cc16a0e52e65dcecf6f7b

          SHA512

          434c4bd728a8ca33621e7ef20d41da00af01985eafee4278dc3911d9c345be2ee72847724141e5fe320aceccf2f2ca265a35662f63ad16ac993474fa8781ffce

        • C:\Windows\Resources\spoolsv.exe

          Filesize

          135KB

          MD5

          ab9ba46a10b9e89b6b771f840956af0b

          SHA1

          ab19473d5ee6f653f13197f04df2e1891d5e3001

          SHA256

          173a6569adcafdbd334ed845699a6396d469a4750c1246cfe85930d376db25ef

          SHA512

          980d912e29298e3d2920250f55ed3039ddd2d16eb763fe262f685b125aecf038a254234b9f7a72a65d86b3a61573aefb0f0c4a43ae5cce1513e9ee8974657855

        • C:\Windows\Resources\svchost.exe

          Filesize

          135KB

          MD5

          7622063cc600a3ef87b6fdf321fd94b9

          SHA1

          0062a5869877bac15ec4cbb5a9d1a16a2225ec94

          SHA256

          c632904f6b8423a77ced85588d3440945f412b87bbe00e1fbc2ddea658f9911c

          SHA512

          3d2ceb37c8194846c1fb742e5dbb17778b98178af26b517d5f01787daaef2202adcd4f5f56de41ea11d6b6472dba6858e8f7365b993f3dcbb6c6c227a9074f60

        • C:\Windows\System32\CatRoot2\dberr.txt

          Filesize

          40KB

          MD5

          5082bbd2d0a5f351d760a86eb1a7e4db

          SHA1

          96d26ebd87bafe0fe7adbd0625ef92bae2749681

          SHA256

          df87ee16adb1075a1607b520fdd59d1f82f54bbd3f8256b86c194b49ee1224c9

          SHA512

          a5257e5b0e642189b7965489209fd0a6df9a9250dbcf4302a6258ef0615904ab243cee8278ed399287487131a880a268c5446f9af268e2858106048af214364e

        • C:\Windows\System32\catroot2\dberr.txt

          Filesize

          40KB

          MD5

          d3f4844fbebdd9a5fd247110f1fd74c0

          SHA1

          6e74a8a699518d03ff94831095fc8a58c59f3632

          SHA256

          e26fa8ee8ead69c98236022fdb8ca14ec299344a2927abb50d73e674aae9c378

          SHA512

          c78c9346e6618ad534131cded109a900a5aac02d36bb7c6a19140822bc79a35aa47db5b9a25d814c7f83bedc5a961d7c9adfa4fdaa9706b856cf9eb890adce54

        • C:\Windows\System32\drivers\mbamswissarmy.sys

          Filesize

          237KB

          MD5

          9d1296e9af8ad4ce9b8f161bbe2185f9

          SHA1

          8f2fa73c857cb53bfe5d35281be06bf11a45efaa

          SHA256

          59232d92bc9488780dd4350e502c652b3c15d7c19ecda5fdc863968518cc0002

          SHA512

          65517117dc05e9469cf4935cb8b8e727074fcc3d72c0a771976c4e8f9f1273df6497e058472872aab31051ec088cb31a9d38307149606c33dd93268e9df3646a

        • C:\Windows\Temp\MBInstallTempa083468357ce11f0aeb26a8e820be205\7z.dll

          Filesize

          1.6MB

          MD5

          3430e2544637cebf8ba1f509ed5a27b1

          SHA1

          7e5bd7af223436081601413fb501b8bd20b67a1e

          SHA256

          bb01c6fbb29590d6d144a9038c2a7736d6925a6dbd31889538af033e03e4f5fa

          SHA512

          91c4eb3d341a8b30594ee4c08a638c3fb7f3a05248b459bcf07ca9f4c2a185959313a68741bdcec1d76014009875fa7cbfa47217fb45d57df3b9b1c580bc889d

        • C:\Windows\Temp\MBInstallTempa083468357ce11f0aeb26a8e820be205\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json

          Filesize

          372B

          MD5

          d94cf983fba9ab1bb8a6cb3ad4a48f50

          SHA1

          04855d8b7a76b7ec74633043ef9986d4500ca63c

          SHA256

          1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

          SHA512

          09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

        • C:\Windows\Temp\MBInstallTempa083468357ce11f0aeb26a8e820be205\ctlrpkg\mbae64.sys

          Filesize

          154KB

          MD5

          95515708f41a7e283d6725506f56f6f2

          SHA1

          9afc20a19db3d2a75b6915d8d9af602c5218735e

          SHA256

          321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

          SHA512

          d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

        • C:\Windows\Temp\MBInstallTempa083468357ce11f0aeb26a8e820be205\dbclspkg\MBAMCoreV5.dll

          Filesize

          6.7MB

          MD5

          48176305c4c9c09b0cd416dfbe4595e7

          SHA1

          ee3017b3e1a2423cbde0c2ffb72ebcd5a47742a3

          SHA256

          ae48d10f8af483c5c7a1035cca83a815adf5cd24f5ff9f5bf37b178ffbc824b8

          SHA512

          10aeccf58eddc4679aef0939dea010a028176c1310a5593600f887c3fc7d9718a6ad52eff920f96c0797a53f1303d5cd50ac5ff1d1a3ab8babb61d82c8a5246f

        • C:\Windows\Temp\MBInstallTempa083468357ce11f0aeb26a8e820be205\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.36\mscordaccore.dll

          Filesize

          1.3MB

          MD5

          3050af9152d6bb255c4b6753821bc32c

          SHA1

          7a20c030a6473422607661ffa996e34a245b3e2d

          SHA256

          97468531d7009e36c338b47fb19e0c6bf210f013610f413c852a4cc27e84b514

          SHA512

          ad07c4b0bb995e80a1718d74992afdeb6c2c4f217e72f361691e2d04dae9be9cd8e55b50fd7172d73755b02b6105c00a3b67534ba9469d92f9e0fbaab8e8f1a9

        • C:\Windows\Temp\MBInstallTempa083468357ce11f0aeb26a8e820be205\servicepkg\MBAMService.exe

          Filesize

          9.1MB

          MD5

          146e3f89bf318664fc556097eec62865

          SHA1

          c2d9a1402c7909de2abfe3e9cc0883f1c9ed7800

          SHA256

          e661413f899c3f5c792198eafd52ff15273c64675ca048b91b0f69e048ac5ea0

          SHA512

          1dc57614e1ec78617630e6ecda188b9c9b979cb251821ba1201a52187bd2d87ffc8c8bb3f7b6edb44ac2f7771abe2d3bdf21bccf3c50cc1332d92c260de69de6

        • C:\Windows\Temp\MBInstallTempa083468357ce11f0aeb26a8e820be205\servicepkg\mbamelam.cat

          Filesize

          11KB

          MD5

          bd4ceae54af081d6b1dd91ff584c5d61

          SHA1

          5ade462d66e042da58bb1447d1b31f1aad901b68

          SHA256

          64416d564725416c6869ea951878a2734b1f6940b11f7961a897c45f0d8c6625

          SHA512

          37e7abd312f694ee2c8ea54ecf50ed12c16684f1007c61d9a6d1d01cba958be511c5e4e11cd7393a5cd57349fda1c552bebca42962137e0d11695c195761ebb0

        • C:\Windows\Temp\MBInstallTempa083468357ce11f0aeb26a8e820be205\servicepkg\mbamelam.inf

          Filesize

          2KB

          MD5

          5d8c05cc4f9b4304d57ea10b87f2dcf0

          SHA1

          2cabe3d39aa5ec16c54c7818284a2ee235d2ddbd

          SHA256

          e26c2d3347e5f077da92713c9df3cd3eae438fb7e29810bd5c3afe567d2d3125

          SHA512

          55bff23fee9852f229246b71721b3659c916079787935d400a97641449dfda752fc8fbf36f9ea3dc4028f05daeb9006a99660284a61aa5d5a466af0ee966c738

        • C:\Windows\Temp\MBInstallTempa083468357ce11f0aeb26a8e820be205\servicepkg\mbamelam.sys

          Filesize

          21KB

          MD5

          8da81aa1f6b89ce1d2e216e3ea351c59

          SHA1

          4baf79cbade9a5584630a540e6368d547579fb12

          SHA256

          ded569e249e590314d095f740c6b8934a5a797e4f3edbe0f78eac9d333f12a2a

          SHA512

          6d611bbd9d480ef2defd745fd06c4ab86e181267cf689d9d0e124edbaf22fd30fbe2310879cc7bb6dde5bae72c4feea1d329cdecfbf101d95634f85dd0769119

        • memory/1796-51-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/3100-0-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/3100-52-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/3556-50-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/4344-62-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/4548-4194-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/4604-49-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/5276-61-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/5896-19-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/5896-4193-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

        • memory/6020-3210-0x00000266A6160000-0x00000266A66B2000-memory.dmp

          Filesize

          5.3MB

        • memory/6020-4129-0x00000266A6160000-0x00000266A66B2000-memory.dmp

          Filesize

          5.3MB

        • memory/6020-4195-0x00000266A6160000-0x00000266A66B2000-memory.dmp

          Filesize

          5.3MB

        • memory/6020-4196-0x00000266A6160000-0x00000266A66B2000-memory.dmp

          Filesize

          5.3MB

        • memory/6020-4202-0x00000266A6160000-0x00000266A66B2000-memory.dmp

          Filesize

          5.3MB