Overview

overview

10

Static

static

10

MBSetup.exe

windows10-1703-x64

10

Analysis

  • max time kernel
    76s
  • max time network
    77s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01-07-2024 08:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MBSetup.exe

  • Size

    2.5MB

  • MD5

    4e19e70399076ab58d1160d0fa2664ec

  • SHA1

    e7ca7e0f1895c6bf60a14d6fbb0ccd4fb10a3134

  • SHA256

    b9ee60f31be0b7dc3f814c8abbc7caacb6a3e1dc7eb1504b8e831dd42277f8d8

  • SHA512

    f6338b52cb5a80d960e6b1ec72a28538614782a75d0270cb89e911160c0a0e8e3a4d0f93fb902c70c37cc5f4da0529043776e2c0b59287096f976addb7e584d8

  • SSDEEP

    49152:6VCZ7CYG91YEzNIbd18dStQyfvE0Z3R0nxiIq2dd0ZyWmX4:eCZ7CXQEzNwABKtQRq2RX4

Score
10/10
defense_evasiondiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Drops file in Drivers directory 6 IoCs
  • Modifies RDP port number used by Windows 1 TTPs
  • Sets service image path in registry 2 TTPs 2 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Impair Defenses: Safe Mode Boot 1 TTPs 2 IoCs
    defense_evasion
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Downloads MZ/PE file
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in System32 directory 64 IoCs
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 5 IoCs
  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 22 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 21 IoCs
    evasionspywaretrojan
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3160
      • C:\Users\Admin\AppData\Local\Temp\MBSetup.exe
        "C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"
        2⤵
        • Suspicious use of NtCreateUserProcessOtherParentProcess
        • Drops file in Drivers directory
        • Checks BIOS information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:5064
      • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
        "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1932
        • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
          "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe"
          3⤵
          • Executes dropped EXE
          PID:5508
    • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
      "C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe"
      1⤵
      • Drops file in Drivers directory
      • Impair Defenses: Safe Mode Boot
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Modifies data under HKEY_USERS
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
        "C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe" /installmbtun
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2936
      • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
        "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe" /Service /Protected
        2⤵
        • Drops file in Drivers directory
        • Drops file in Windows directory
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        PID:1484
    • \??\c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:520
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "9" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf" "9" "4ba9030c7" "0000000000000174" "Service-0x0-3e7$\Default" "0000000000000178" "208" "C:\Program Files\Malwarebytes\Anti-Malware\mbtun"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:1988
    • C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
      "C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe"
      1⤵
      • Drops file in Drivers directory
      • Sets service image path in registry
      • Checks BIOS information in registry
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Modifies Internet Explorer settings
      • Modifies data under HKEY_USERS
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:828
      • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
        "C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe" nowindow
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:364

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Event Triggered Execution

    1
    T1546

    Component Object Model Hijacking

    1
    T1546.015

    Privilege Escalation

    Boot or Logon Autostart Execution

    1
    T1547

    Registry Run Keys / Startup Folder

    1
    T1547.001

    Event Triggered Execution

    1
    T1546

    Component Object Model Hijacking

    1
    T1546.015

    Defense Evasion

    Modify Registry

    3
    T1112

    Impair Defenses

    1
    T1562

    Safe Mode Boot

    1
    T1562.009

    Subvert Trust Controls

    1
    T1553

    Install Root Certificate

    1
    T1553.004

    Credential Access

    Unsecured Credentials

    1
    T1552

    Credentials In Files

    1
    T1552.001

    Discovery

    Query Registry

    6
    T1012

    System Information Discovery

    6
    T1082

    Peripheral Device Discovery

    2
    T1120

    Lateral Movement

    Remote Services

    1
    T1021

    Remote Desktop Protocol

    1
    T1021.001

    Collection

    Data from Local System

    1
    T1005

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\7z.dll
      Filesize

      1.7MB

      MD5

      b9bab3b367c53472908741b774fce358

      SHA1

      987e358915e7bb78491a65073189642f88d0d823

      SHA256

      77a4eb913e5bc068fe1479f6da9bd2b31303b6d23c7e353dde2984fa373273f2

      SHA512

      60b3858901df2ad51db7efde8673fd17c529c09029247d6bfb6565031d53d00b1d554ba558b0440a00c961204b0bb812d0f9ceef16a7fc1934f6b1a5efa91745

      Download Submit
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\BrowserSDKDLL.dll
      Filesize

      5.4MB

      MD5

      956b145931bec84ebc422b5d1d333c49

      SHA1

      9264cc2ae8c856f84f1d0888f67aea01cdc3e056

      SHA256

      c726b443321a75311e22b53417556d60aa479bbd11deb2308f38b5ad6542d8d3

      SHA512

      fb9632e708cdae81f4b8c0e39fed2309ef810ca3e7e1045cf51e358d7fdb5f77d4888e95bdd627bfa525a8014f4bd6e1fbc74a7d50e6a91a970021bf1491c57c

      Download Submit
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
      Filesize

      6.6MB

      MD5

      af90150f1e491048599c39a64014f093

      SHA1

      185528c8652fd1ad9f5a706870aa9e3129855b41

      SHA256

      b2185815e7724eaecc7cb35cbb4667948a4d93697de5dd2bc058e4c604a90735

      SHA512

      ac72684392ff795f10c8e18761a9ae8fb5fbc7f50bb4a4fb17457c1612a9525b9b9193f68fac5af309aff64cf569539b7d6bd363c0070bfe0765d3362bff0d35

      Download Submit
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CloudControllerImpl.dll
      Filesize

      5.0MB

      MD5

      d071fdd70e6c320bf6096740ae37f345

      SHA1

      a9b0e5a33ed426eb4cfa3c820b7edf512f6d2187

      SHA256

      28d80c2f0af4294180fe431e8bcefabcf4c2fd2ac1b2f35f9e24d03f88652a40

      SHA512

      b6b68a5e995f1c1a48c6af47800457d2dbb11a4e4366adfa328cd560c41eb060135e90c421722de8b07765caec117e856ba3615ad1f53b7e461e649d00759f51

      Download Submit
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\LicenseControllerImpl.dll
      Filesize

      4.8MB

      MD5

      4a6bd96ef1a04a332a98af3cd9505507

      SHA1

      1bd6a43804226c32573283a9ad3848608f383591

      SHA256

      4a90709d539ca3194cf64ecff60896f0a8cc959f0cb4a83e5330c6c06951b8a2

      SHA512

      c806faef29d979d0b0b7d0de3484508a1fd5737dfa73b54eba6a9ff351a3c11d00609da41ab8060b067ff02b18a4313a20df04e5593aab366fee8db271791550

      Download Submit
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
      Filesize

      4.2MB

      MD5

      80202b21a6f3df9d0d54f20a381df93c

      SHA1

      6915dcc75d0b84e5db40656d6382cb217a1996c2

      SHA256

      4217a62ea3df3bd98e40d205b4fb5f9673c340c366551adb771ff3e34e7bdcfc

      SHA512

      8d691deae1f7c5243d045940f7f728a874e72550859b291119c9b951bd95232980dc2a1b3c19154c723c42e0aa93747a046f747bbc305941594477a39c2925f1

      Download Submit
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
      Filesize

      5.3MB

      MD5

      dc0faa2c37fe59718247f09c5e6c2259

      SHA1

      9874a8326e30ff36bcef268a61aed8970ad68aec

      SHA256

      23feea6a672a097ae98ee9dfcc19fdd233a2a6b35caf62be773ad9b17ce0afd7

      SHA512

      3cbca3cb26d1c8c29edb421c9e131b55e0c20c0cf446b7b65c6b7d209a003a870ee63d6a3b725eaa660f6d8d8c9a0b0a3f90045e3c255957ebee3005f650594e

      Download Submit
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\TelemetryControllerImpl.dll
      Filesize

      5.1MB

      MD5

      8c0dc4b519228df594105f9fe7aaa0f9

      SHA1

      a1682e4c5ab80bfdb52c3234dc7172838f7c8594

      SHA256

      a2810cab5f9e7ce85be8ae7ba9d30e909e1e322bf10a84e651e16db39b251796

      SHA512

      c0a7393d665b6006496b698f250cd86c09ec5601fdb297ee7483ad560427b37cbe75b3d1bf4c711433a5f324a1a1bd9699738efb2daa61c26b9c3ba6963e663f

      Download Submit
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\UpdateControllerImpl.dll
      Filesize

      4.3MB

      MD5

      3dab92561baa80cfd65cb12206f67909

      SHA1

      c1af27bc59a047e1f6bfddced3c922f9a1c0c5d7

      SHA256

      18bc533cc8f6995644aaf7d453c745a9ed696a1472033219b9cab6adccd8fc48

      SHA512

      2bd06382f4a32f32a7ee548356775d2e3db382e07587dd6622be722f843f8f5c8cee0b131061142fb9605dc503435729410e1853895a0a8856db0776bfecea1f

      Download Submit
    • C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\pkgvers.dat
      Filesize

      75B

      MD5

      bc90971491e2f373c149f860770b1e36

      SHA1

      d98d102c76b390abf6075fbb36c758774073276a

      SHA256

      0a09e867eca56ffdad8dfd82baab8fb9ea5b421cfb511fb4999227fe5c348d7d

      SHA512

      0b79235967f0f8e482e82aa4fc65b9b272b64d6fe79133c0f9d58920b6b851d0e1da47a330ad1026ab1b9b3eb323c39f47b4f8e4d1f73d966fdd7c931676a6ec

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.nm
      Filesize

      335KB

      MD5

      798d54180b5ccf6bfc7b3ac3ca7a8692

      SHA1

      b9fc711891a29f4071e52f01cdebe5f39c32fbf7

      SHA256

      2be7e1944b8dcef324cbe2dbe67d3b9a4c1fe0e21648bbb62f6b4a5f231ae5f9

      SHA512

      fd6281e8d4124c7955d855164c613ff037441e4d25c50475cf0fa1e6390192f0b555cd486f1e0226f12a0abeabde55f6137616bb4bda445a1abc769475aa160d

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\Global.sr
      Filesize

      18.1MB

      MD5

      ce31c3152b73b47c80036200bd99a201

      SHA1

      0a03382521cab929fbc16684a076fa05a0ea4b2f

      SHA256

      5d1386e468eff96e3f426436f26085aa7f67f89c6b8b2b11c24c0162e75009d3

      SHA512

      f840b77c0fea295f4886dae0a35953b38cb3534cfa2595ff0582cded5a7fc9ea7341e7a1c20ee6854f3b3cb83a8b8b9145ba6ade2e58c41f6aa3eb570dbdf9af

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\cfg.bin
      Filesize

      1KB

      MD5

      69ac80ec518ddfcb3428c91e1064f4ec

      SHA1

      0d28ef92f3b27a70dffaa780999dfdfca078de1f

      SHA256

      9345fe4378ab8bc156b8e87d59f76f5dbde8f2a554941d5697c1c5d7bab508d9

      SHA512

      6e91f24aae10fe9f872a9ac7c62a8ef86f9ceae7ef47d06d38d355f31d874d00a36527c08682b28ff4bd31040bfa5b2738ebc3dd732b74a01a0e764c549134ea

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\clean.mbdb
      Filesize

      13KB

      MD5

      d7fa70868aba18b29aadbb3791e5a240

      SHA1

      32013abcecdb481206ba8cc31074a7c6e01bd5ab

      SHA256

      a7aa30910865baa9fe530c65644c6813ab401160f32d6c6e5f45a2073fbea4c5

      SHA512

      4bc81c56b26f8c47b5489419a99a6b3eec2e45f9fb2a53e11f8f268ff5c014f10d8c4e8fc100e4a653392a6e0cf354c8c095d6ea789558c0db9e2616bd7cc6a3

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dbmanifest2.dat
      Filesize

      924B

      MD5

      64f5fa257474e87c85570a8d59455b07

      SHA1

      c32dd61440aec978c44b0d938076c365a4f17b1a

      SHA256

      6168e0206b76a9c73dc015dfd407dada33375fc676f9c9343062c9ffcfa0ada8

      SHA512

      467a04f1fab57cf049c6c7c4c9449f160d7bccec985c50daaae737ada6b4c6bd83d46b4e4c6b7b1d21d6ff4ff31e898510d38784818927ebd6181149e9b95ea7

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\dynconfig.dat
      Filesize

      39KB

      MD5

      10f23e7c8c791b91c86cd966d67b7bc7

      SHA1

      3f596093b2bc33f7a2554818f8e41adbbd101961

      SHA256

      008254ca1f4d6415da89d01a4292911de6135b42833156720a841a22685765dc

      SHA512

      2d1b21371ada038323be412945994d030ee8a9007db072484724616c8597c6998a560bc28886ebf89e2c8919fb70d76c98338d88832351823027491c98d48118

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\exclusions.txt
      Filesize

      23KB

      MD5

      aef4eca7ee01bb1a146751c4d0510d2d

      SHA1

      5cf2273da41147126e5e1eabd3182f19304eea25

      SHA256

      9e87e4c9da3337c63b7f0e6ed0eb71696121c74e18a5da577215e18097715e2f

      SHA512

      d31d21e37b0048050b19600f8904354cff3f3ec8291c5a7a54267e14af9fb88dfb6d11e74a037cc0369ade8a8fb9b753861f3b3fb2219563e8ec359f66c042db

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\mbdigsig2.dat
      Filesize

      514B

      MD5

      fa3163ca6b0762dfb5555183179a5085

      SHA1

      a8f1e529e695f3aecc94b520bd70bdf683f72e30

      SHA256

      326efa763a639e6f2bbcf2c853fe4b6f8ed41f2428c52bcf251fbbfacd633562

      SHA512

      1fb1b9211f305427284188c10369b9098ed7e532432dc9420834efc4240c1e84f53ed589b63c96c1c2c6f07374926f307922ca4dbdd1a47f47a192581be3313f

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\prot.mbdb
      Filesize

      24B

      MD5

      546d9e30eadad8b22f5b3ffa875144bf

      SHA1

      3b323ffef009bfe0662c2bd30bb06af6dfc68e4d

      SHA256

      6089fbf0c0c1413f62e91dc9497bedc6d8a271e9dc761e20adc0dccf6f4a0c1f

      SHA512

      3478f5dcf7af549dd6fe48ad714604200de84a90120b16a32233b6d44fa7240f5f4e5fe803f54b86bbdfd10fa1bfdd88fb85eb6a78e23e426933f98d0a2565ec

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rdefs.mbdb
      Filesize

      24B

      MD5

      2f7423ca7c6a0f1339980f3c8c7de9f8

      SHA1

      102c77faa28885354cfe6725d987bc23bc7108ba

      SHA256

      850a4ea37a0fd6f68bf95422d502b2d1257264eb90cc38c0a3b1b95aa375be55

      SHA512

      e922ac8a7a2cde6d387f8698207cf5efbd45b646986a090e3549d97a7d552dd74179bd7ac20b7d246ca49d340c4c168982c65b4749df760857810b2358e7eb69

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\rules.mbdb
      Filesize

      9.7MB

      MD5

      130134d1ebbb577c205b75c39a6ce11b

      SHA1

      0bf58708f028cbf54226a8b6789e3f156c5886ac

      SHA256

      a49656c296631a18abe2a55f08d9849e35d39f9063060283cef1b112a7aeb947

      SHA512

      2096bee12f4dcfe698a9cce72f2f4b096c8d005f141c3f266ab3b1981c2fc6aafb0dc10cd70412f9f8c4fb52cdabfaa65fdb433bf6999e1c6888aa0edf202a70

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\scan.mbdb
      Filesize

      877KB

      MD5

      b9b982d3ed5c1764e2b3fe909cc5743e

      SHA1

      ab3e6511da7fd5ca7e421683b081847cf3a71719

      SHA256

      f0affc8a1d3a3611d479b6a7631986ad2aff8aecc47da537446f5c4947efc965

      SHA512

      d80904d3c6ca20e8d366f6e6b23c632c350bb43313ce42eabc848e898981ecc1f4ac5e89dfc9e0d0fbd4d91a2ea3b3e3a8cbc0ec80938d4fc82ceba6d1d9d4ea

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\tids.mbdb
      Filesize

      169KB

      MD5

      19a7895ed7c5161ae125fa24ff2c53a4

      SHA1

      39bf1bf106187fb8f97f1e21ed48e9fbf2a3bbb8

      SHA256

      8f2322a04fe7ff6731edfbe99ae62773dd74f52d64bac096974227a829c187f4

      SHA512

      641b205e0b26e82f044bbae496aafd1d4d36023c9cfda35682faa811701385913f112adbdf68a0bbdd8b74778162f5fb4fd3219e4b32ef24b1bc8477c5b00b90

      Download Submit
    • C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\wprot2.mbdb
      Filesize

      25.0MB

      MD5

      929e3ce1e0444661058313372917ab3e

      SHA1

      863c46dd3165e1629e68d22eb14c5a10c14c2dad

      SHA256

      788099344d8e5c3098d629928dd2cde08d26c72b0974fd63ec03d3f38f1bd6ad

      SHA512

      98c996887b5dc72203a656d0110b3aaeae297a350704524d306120be911183e78203ceac3ff5f091215a24679c700e7ebadd6e5a186897a659209b7cfe4b8a96

      Download Submit
    • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.cat
      Filesize

      10KB

      MD5

      8abff1fbf08d70c1681a9b20384dbbf9

      SHA1

      c9762e121e4f8a7ad931eee58ee60c8e9fc3ecb6

      SHA256

      9ceb410494b95397ec1f8fa505d071672bf61f81cc596b8eccd167a77893c658

      SHA512

      37998e0aee93ff47fe5b1636fce755966debe417a790e1aebd7674c86c1583feef04648a7bc79e4dedaabb731051f4f803932ac49ea0be05776c0f4d218b076f

      Download Submit
    • C:\PROGRA~1\MALWAR~1\ANTI-M~1\mbtun\mbtun.sys
      Filesize

      107KB

      MD5

      83d4fba999eb8b34047c38fabef60243

      SHA1

      25731b57e9968282610f337bc6d769aa26af4938

      SHA256

      6903e60784b9fa5d8b417f93f19665c59946a4de099bd1011ab36271b267261c

      SHA512

      47faab5fff3e3e2d2aea0a425444aa2e215f1d5bf97edee2a3bb773468e1092919036bcd5002357594b62519bf3a8980749d8d0f6402de0e73c2125d26e78f1e

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\MBAMInstallerService.exe
      Filesize

      8.6MB

      MD5

      8ef5fe48aa57a5c252d9bc09bc21d17a

      SHA1

      b1d73d06719c32163427ce69cabfd18630f20386

      SHA256

      75348e3dae5d4e878df0655583cc00281d7eab72b0b7a708dbd6fb9206315ffa

      SHA512

      7f8eac31a7cb9af960069785360e50686976f8f99ae709b0cfee6ed078dc9eaa80ba93ae1ea6d65998ca668e721162dbab237103c92ea38a76f6c8400e25d291

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
      Filesize

      2.9MB

      MD5

      46f875f1fe3d6063b390e3a170c90e50

      SHA1

      62b901749a6e3964040f9af5ddb9a684936f6c30

      SHA256

      1cf9d3512efffaa2290c105ac8b7534026604067c9b533e7b7df2e017569a4ec

      SHA512

      fdfb348061158f8133380e9a94215f4bfc0f6ce643a129d623cb8034c49144f1489de56cd076da645478506d9fbddc7590fe3d643622210084b15fdf0d16b557

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
      Filesize

      288KB

      MD5

      23f1360ae0e948d300f0f62b53200093

      SHA1

      e44fd6f0248e0a02525ee67664d83b535d9cb7d3

      SHA256

      40dfe0689b744e0812ce857f7221ff85431ca37315d9b4f75ca40892af5870da

      SHA512

      6e34d2546626736aa26b369a86745bdb9816138244fba3d5b5e29de4585cf4e66d52c35b5c5a577f252b62a137e340dd9de36c08a06f5395baec5a726ffb5222

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
      Filesize

      621B

      MD5

      b39fe86a45c385dfa421f122df55e42d

      SHA1

      a1fca829db44c01484194df7af8ffd7f3dbb35dc

      SHA256

      cd6121afac3c6044a76682488e1691cc9c340ac3beb5f79c4c3c4bd8f7a6a3a3

      SHA512

      4ce636cc824bb6a417a89ec6d0f4d53769633ed5201ecac1115b5148f2779bd7390e06258b485b099ca54336d5e7be66217745587a4c4d48293febd7fd0faac7

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\ServiceConfig.json
      Filesize

      654B

      MD5

      29f6897dc8ad310a9ac93f0a1a72df89

      SHA1

      fca3d895d2b15eabc38ca70940777eab89f3de7a

      SHA256

      36ee00252114e011a6d1d103795e2ba63a14162cd69289e1f807c85b9f7b5a6b

      SHA512

      0908d6fe4c3e9adf2509a7fbe38f7a66500b94ad2b5d4ae9a5f7ffa5cd55f96649a8403516f077746342a7ebd80cefa76c90166f45952304dcc35e17af6315d5

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\ctlrvers.dat
      Filesize

      8B

      MD5

      dbee8e7bbcba63adfa242c00f228afb0

      SHA1

      6aae8d9e4053cb52a2f1b6847e65ec6335dbc0fc

      SHA256

      c01415842abaa4bb6ada941a44c132a4a41c55097fb7e931decd04e8b5d6d380

      SHA512

      1e82896df024fe6a2390e415bcf8dd92f71125639daebed99e115bd9ac219b5667201d29c6b2390a2fcd505c3780ba112ddfca128137b665da0cfdbd4d63f038

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\mb5uns.exe
      Filesize

      3.8MB

      MD5

      d289d84c0406750cef937bdcdbd32740

      SHA1

      89a8a040a62bc0d2c2809177773f6a10bb83fae9

      SHA256

      e21d1060a4a2ad8d0cc781d0ec252b497d96915b648fbc9d1ab46ab750c8d00d

      SHA512

      c8abdac9756ba299ecd3285a134219ccc222acc9f005a71eae85fd815a93b17b8857ac1e446a8122755e8702a39b76c13df962ba79f45855c752e3347311e09b

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
      Filesize

      2.7MB

      MD5

      b7e5071b317550d93258f7e1e13e7b6f

      SHA1

      2d08d78a5c29cf724bc523530d1a9014642bbc60

      SHA256

      467de01d7cee7ec54166b80658ff22f9feebdb1c24eaf1629cf40e4124508064

      SHA512

      9c35293c95c1a9141740ac99315605964aa37c4a42d3a11cae9e5649ff1427a9480d3d5e7f763212cf13db3511c5ea3c84e68f95f0067fe6339a9d3fb7b27c54

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\mbtun.dll
      Filesize

      2.8MB

      MD5

      2bbf63f1dab335f5caf431dbd4f38494

      SHA1

      90f1d818ac8a4881bf770c1ff474f35cdaa4fcd0

      SHA256

      f21a980316bd4c57c70e00840ab76d9ad412092d7d2d6a2cff4f1311f7c05364

      SHA512

      ebb9834323329dc01ba2c87e5fad1083a4cb86f5ed761cb63299ac5336a9843a1aadd42fbed706797c2295117af1c00f96806422338352653c8e0255fecc2fd5

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\mbtun\mbtun.inf
      Filesize

      1KB

      MD5

      5d1917024b228efbeab3c696e663873e

      SHA1

      cec5e88c2481d323ec366c18024d61a117f01b21

      SHA256

      4a350fc20834a579c5a58352b7a3aa02a454abbbd9eecd3cd6d2a14864a49cd8

      SHA512

      14b345f03284b8c1d97219e3dd1a3910c1e453f93f51753f417e643f50922e55c0e23aab1d437300e6c196c7017d7b7538de4850df74b3599e90f3941b40ab4a

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\offreg.dll
      Filesize

      114KB

      MD5

      f782f049b0e8c13b21f8e10e705bd7e5

      SHA1

      5c11f955e3983c50ea46b5d432c97c9148ac8e9f

      SHA256

      16c450a310edbea07f578f31368f168ec338011cd117406898593e86ebb83dae

      SHA512

      eed29c42b14ff26a030f53d61d6dc8e3971e478dc7646b26189f14f16699b6bedc170c4bcc37efe2e8f3048bde37480033b49eaf1a4712b88464f5da0efc18f2

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\srvversion.dat
      Filesize

      9B

      MD5

      5e0e2d584de048ec8e1d96a8402b9074

      SHA1

      bc939970e17845f19b5487ebc0f1962aa4f5a756

      SHA256

      2b7b5bc2a6db622fd284281cd712081dc0a8c2650ac55133a96d2a719306f41a

      SHA512

      8481bc8a5a7188e3d242f426d9daee162ed372101327ef6c452bdabb64cc3b5c38814715705d8341303a3ae1b377e6a0c77b8e0d7258376f563af8f9d21131f9

      Download Submit
    • C:\Program Files\Malwarebytes\Anti-Malware\version.dat
      Filesize

      47B

      MD5

      04fe1374c8e10c1d728a540ee3640ec7

      SHA1

      edca8b0714a579ae3046b479258e19913f52c733

      SHA256

      81e54b0f1b273680cdbe326b30a11d9915bd7af67c81e56dcb749d5ba8142d7c

      SHA512

      d40e717286190acb7ad6626976ff3d9950df20c551ef2777b6cd2df8694225ea85c74b66194b18582890e1bf1f51e85ee0be94bb588c683cc8d380667e0ffb04

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
      Filesize

      1KB

      MD5

      95537c804e23c37eb30e0bad675d54a7

      SHA1

      c9823a59e32210d7d05c9541a83728fbc3cd9f27

      SHA256

      2e3e7b6490335a06390d422c63790edd16f1af76ac8a036df6f378455bf63879

      SHA512

      5f4a19e2436d38d522560acabeb2e470b2b1cab1ce54539a168175e51f6153610c5762a95b698573baf4e98db09d02c09403a6c3eca191f07a190bb34ddb4ac7

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
      Filesize

      47KB

      MD5

      84461f8e95eeee297a4bbcde1dbda6b8

      SHA1

      7b1fe23af19d38bfbc51da1d4b72060d6c98473e

      SHA256

      1a0df1c3434363bf8d6062b615c92ccf391b86ed7c4f2a90396cd685cb0b67bd

      SHA512

      7506e27a6512f15d23d2a4e9114d7387101296001657da2da5ea51cda7353c72888197b136a1cc03d53d1d611a363f01b096092d118d0e4f93b67de57a91c6e5

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
      Filesize

      66KB

      MD5

      8fcfbbcd69c767fb62e66a1c1ef592bc

      SHA1

      e8a272e180e20d275f523b953dc9b35e8f0bc418

      SHA256

      d9ede3e9135fa9c3385a0758abe95f37d71c9585d7ef228236640bd48bc96008

      SHA512

      7fd289d4f4f4079d5405951bc411f4d183309b5e920b460e98a4be64085ab4721a6ae23ff634dc7bf872f03d559e9992c20055545135f73adb68bf2a5ffd8097

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\AeConfig.json
      Filesize

      66KB

      MD5

      9015a746326464eeb38fd1cba6d95bc4

      SHA1

      01f637913438273386298cb0caadef5ee520b9f6

      SHA256

      fab0e1bb571a1d0ead12821ae0b9420ce998bf58495c08989169acb915689028

      SHA512

      da9e7dfc7990551b26930bbf38fc7c84536bf53d3e58c366cc5b848ec4a6740fe66e7aff0e460a6532e377f3773f7bb9fd649cc5c2ff4de3a6b07a9fea8a1866

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\ArwControllerConfig.json
      Filesize

      607B

      MD5

      9a7abdc691ab8077615874789b9b9829

      SHA1

      b8ae41cf0f58204323d9068c5d03eb26c6099a73

      SHA256

      1c1dfae9768a0191c6e94ebf68ec25d1b9e8383c3ac09a5e1e39ae3312e0951a

      SHA512

      9689549b068e87da4e52b053a205aaf4be18cdd6457e67db425b41380da9ef075924fc548aafaea27694606590e7fd353104afef850381a2a061995e57a8994a

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
      Filesize

      847B

      MD5

      cc2ca28e42173f54665550c014235da8

      SHA1

      a41cd876d06b2266683d91b849423ce7519b14ac

      SHA256

      43bb4dd3145f97367ac4e689f58e3ce6e323e7fa9edb85f6a27c7acc9fbd10ce

      SHA512

      d6ff73ec24c431f1149aefe5101dc5b1c7ae39fa726121835e84737401bc20703f84beb3f57b384ab872764a51bea33501b5bb37d1c47e5f2e934c69d1f16d1c

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\CleanControllerConfig.json
      Filesize

      846B

      MD5

      7c3dfdbe9cef11d7349e04e02be3b040

      SHA1

      79ed8698d370f1dde8bc537c4bc9ede4675f35ea

      SHA256

      e0bd24aa5e9c4b65f3e4e58e929d72150ae28b8faf0a7000d44257854649e4d4

      SHA512

      ad760853bd32ead710bb597cfa2e8dee4af3fb758f20ae34a494df10f9e19a49cca8663148d7fd9c0bf6477c90314c19a6c5f08e3da1b8b9777c3cede38f63a2

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\CloudConfig.json
      Filesize

      827B

      MD5

      5a74fa12f05911d3955e8b726e89438c

      SHA1

      a70e33f60f7b74dc5bda55c012f0e2493ed6211b

      SHA256

      ffabc6c2d55e55292e004e628159a112ffa9556aa3683787bec32b9eb8f6a8de

      SHA512

      5bfb7941ef4f191bf600ffd4be9bd13156954d1fa06c3bd614d1cb60b11fc2b4be28dc4d3ff4d2fbe4f64a82948cab4bdd7e859bd97e004806be4d88e430cb3b

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
      Filesize

      11KB

      MD5

      17a9774ef44d16ee90683b9c72e17b95

      SHA1

      1bd66f8e23b30259161afb84da527bf94bc68341

      SHA256

      ec33c730baf5910274651264f4cbf58599107745ee71f028c2e9691de2ce50a0

      SHA512

      4ff25fb3c6955fc4a8f706325243a2fab5c54082144282ad958207f13eff7409c3eb6b5df38a470251bda1803f38ed87c87d7d102f5ef31c681df007bf7612c0

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
      Filesize

      11KB

      MD5

      56a118fab355e60b1b68d19a343a2918

      SHA1

      236039869ec80fcad9e81a644bf4af6b6b8c1819

      SHA256

      2196eecd759c8199c0157f46adf3ed15fbaf77d5b9a159d3c6b8377cc1b0fa78

      SHA512

      74bf9437e3eba55dcf7fce5ae39520d77be1d098a600a178468c97754f1657531c6cb2fe0a1636984769b2a7fc3838bbebbab347a77729f45602f5c4b07e83a3

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
      Filesize

      11KB

      MD5

      a4cdbfdd21ca9b84b0e6302423416cb7

      SHA1

      b8534c2d5bc4fb7721b62cfc0773d6bfc331e24b

      SHA256

      676fa2cb74a81fd739d29c49d76523899cd5795abd1cd5d376765ba1a1aa2ad0

      SHA512

      f98242fcc1cd223ba11efeb9192497195f10fe71a4f7d40828c46a3226296c811af32e2a92c85d3e7d74f6e733c66ffd42f133576b5858287679f875f66a379d

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
      Filesize

      11KB

      MD5

      4252d2c7a40cd395d7c5a481a222e652

      SHA1

      f52b1bb5c2166ac25a495296d5cca7d9d88863fe

      SHA256

      e322930a3b4c10866a90947a26b225f70031605c124e6b2f9d3d8d63c48ed2ab

      SHA512

      2f38959ffe806ba301eadcd30b4cffbfcc76a2a286701173e39ce02f8ba76d26474fa024625ad6e509a18e9c4a4527379c279db226cac08cf30128a1d5d2c235

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
      Filesize

      1KB

      MD5

      0979a670226b9ec8adcf7f1667f2669b

      SHA1

      e9e4704fd2a1c0639754a2270ffbbc51bc6ad7a7

      SHA256

      c7090372d42a44fd6e792ca1211c5f592fa204cdd2656c55d3de0cd106fcab9e

      SHA512

      edbdbe16cb05cc1e9eed97a0163284291ad332b544becce9f222c5136ac8f98cc7e1a0d403610cfa81a918267e0fa2f3b9a8137338ab42dd42a00cc1cba76bc2

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\MwacControllerConfig.json
      Filesize

      2KB

      MD5

      fe7be1241e8cef3410d91def4d382789

      SHA1

      184338b5c4212f854a10ff80f63d36b0e18053c3

      SHA256

      ebe68b511dd33e6d70d61e87bdb5d39b02eb822f0b696f58fdafe10f1b2e36c7

      SHA512

      121486a47d5a6607a9240d133b790e17f5fe79ac22883abb1f3dc911c07caaa5c5e43a387994540ed7b3c0af40439aca4e5440eb4c85b0debbddeae1e4f510ed

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
      Filesize

      814B

      MD5

      a32d4359764b07fb042943ab8ea562e7

      SHA1

      7fc28657d55fd79fcba0640294328e2eaea164be

      SHA256

      615bb38e97925a8a8c3d979d86a30c93e0409976bc893e1ec128528a32fcdae3

      SHA512

      ebe19c8219665888b44350eb804068f221c5b86119decb559ac405a73d74d08b1c5f6b9f07d231ca54d916717f0d986384744e7514beabadcaa8b8e9ca930680

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\PoliciesConfig.json
      Filesize

      816B

      MD5

      c1c5e1b0de9e4ad7a4faa8c63cbe53b1

      SHA1

      b0958699f472a8e4dd81b015095f805a1eebdeab

      SHA256

      7600216f931453ccd6d7a333587609b0b879202f4b0a2d9a2c09cc686be0f048

      SHA512

      ce40a019be71dbc11dccdaee223fa9d6f379c9ab536fb0f575a619c2141265b828fb662c65270e4311a6130dc4a6dc8652d85fb2d10368e4a58ff40442c8cfa6

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\RtpConfig.json
      Filesize

      1KB

      MD5

      e4f7e313507c333c2348f7f075af7029

      SHA1

      f1df00ad09b4abbcde9db7eb59fbf8d51169db5e

      SHA256

      ed106b5072cd5e8480ccc2f0ae9cedde069f4ec6814accab53a40f8e688efbb1

      SHA512

      a2dd4c1dc81c598a7cd6c5e31f52dbb67b2b240784a44c4bf4f46c75b73275ecbce279f44f56fdfac64cbe2f1b19005b96b070021ed4e616221adcf4e9f56810

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
      Filesize

      2KB

      MD5

      1a6ba357dbc90837397d3ff21c712ad3

      SHA1

      52fdaf17027f6ee6af2148b4f5552b9047409998

      SHA256

      43f741ba1070a81a9b1d88e3b3666a3e432302d56a29bd9c4123b44d5e755fc2

      SHA512

      bc13949db9dea8c9394f21d2b7900470cc489af120b5e2367675ded29e8fb814ad2d91683fad8b10d0afcb64d60ec52f4040acfcf0842e02e62a966c1eee4439

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
      Filesize

      4KB

      MD5

      9cfd36be33df9d92388fe9b30e90cf94

      SHA1

      84d50c424b82d0ba9af4d8e1cdf1da63c7d64273

      SHA256

      8e9b3514de18a2dad0fd6ba868697b6b9c158a4e813b00367ed7f2d4919fb25f

      SHA512

      eac5e10caf3834b370da33ac05c17087db253b964c5ca24e2013756db9e306cd32572d7b95a71d3489a719ebab6587ae1ba583b0967cf653207e6f74c2c65404

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\SpConfigFile.json
      Filesize

      11KB

      MD5

      6116076f4bc7e993d46f347ebce9a85f

      SHA1

      185215bc4488af76a14ac492d640251d30465b83

      SHA256

      bca5355dd2564e136a1a507a439d899d3d730b1a40d5ef7f22dfd6266b93ced9

      SHA512

      33635d03fc898c54a8f0df63885a9bc0e16c08666bbd11423d5d7efc6b8dad22e18167d176138dcf71ee462f6ae76c23286f8f00cdc3907648adc5847db2cc00

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
      Filesize

      1KB

      MD5

      05f4e16f9ac8df864be67751f24c1bde

      SHA1

      c3ac9adecd1862ab9ff802e5cfda4c8bf6009d73

      SHA256

      7ac0f4f4aea48c783e4dc69f1e75180d03debe8c5428e26be1dc01b3e9412bce

      SHA512

      5a5ba645ccf86d9b34094d89ea833dd16b73404e2ec8d5fe05ef9c8357f205cad99c9a2483e6458bfeaac07e787a628280fbfb1e050e9918d477039e18303bc9

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
      Filesize

      1KB

      MD5

      4d4dce0b08021c4bf2bca0b4eaa17524

      SHA1

      69a033ced032164bfc4dc5127a0bdae041bbc143

      SHA256

      ad92ad09446cf975bf86cc0fbcafb62a3055ab59b30129cb544682d3072142e9

      SHA512

      2e2b2884f9f63ec3215acd7e95562485f22f81df202257c332bd49dc9ec6c6e2e5e57d61fb8612c865a88e2910cf0a66dbd2376b0349bddc3c0d335e0e81141e

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
      Filesize

      1KB

      MD5

      07791f49839ce575303a6e623a7d000e

      SHA1

      34c33837e03979c35b62b502f60aff377e663f2a

      SHA256

      6a7365aa6b0e37cb2c10627b7354be7ab486761dd07f92dd70b317c1e42a87ae

      SHA512

      f7b1678093caa0585997e42e18bf187ca8ec05e19697d63ae4fa6e08676c925866cd05bfe938cdf371a2b8a426d62e65ee38730c9ed393e5a023b26a922635d5

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\TelemCtrlConfig.json
      Filesize

      1KB

      MD5

      3bf5ffcbe89858be286b5e0a3b0890e3

      SHA1

      e9b60b06e436e111af7881ee44d13d7300e3f3a5

      SHA256

      64bf0671538e3fbc86581e7e44722dbc6017afc18b1bec2cf5468c2c2d18b6e3

      SHA512

      08c8a3cea9e9a20e86b270d1d64b99413cac444aecb01bc18699d737d4c4151445553a7e732122151271406e023a0bee627426c30de5c8f63bfd3f633d99594f

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
      Filesize

      1KB

      MD5

      e09c287975c8310ff25f2b37be2350a0

      SHA1

      e612cf4993711a28f19a11280aadaf7840d9932b

      SHA256

      b72b4b445bd19a020d09125abe138939021661a3ba953e0fe7d63aac46ffe092

      SHA512

      0f3f29398233a67362860b50c0c007b4259e9da2afafd99ffa07d7727f6a033ffd67624536ed59b148d5deb2d34e66f20f05885db63149891ef86f5f4d2cde10

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
      Filesize

      1KB

      MD5

      932e491696b8616da1feece02a854f8c

      SHA1

      0bdc57c02a1687eaa535b7d44dd48caadbaef47d

      SHA256

      c9b5b92c60b346941436219f220beb43852c628a308a1b90fd39041fc1defce1

      SHA512

      a1e69a06dc85d2793fa72b9be9b1f876b1e639599ed5505865dd5732519ed14622054da6b6ce7d28ec3f642ccf076a612cc13a6dddf9dfc18704d03de5f12e68

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
      Filesize

      1KB

      MD5

      e14ed9758ff75d496526e499d8b07e20

      SHA1

      9aa8cf2f31b522a66c50d54cad42ed9f16bb15ec

      SHA256

      f3c557c982c6710c3dd13ef0138d07cd4333c455af0e804ff71531beed244e45

      SHA512

      78c606902002aa7647fb4f56bc13299375a6cab77031d2a738dea9238b5563b2292130c3723046a74ade7497f2c1aa3511f9fca7a7218124a53ca197ed2f5aea

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
      Filesize

      1KB

      MD5

      d3865108d5bcd3031d0ccb1f5aec1565

      SHA1

      c804863d80aeacf2e50c0594da1ff72e62507f6b

      SHA256

      3060dcda814ff0cbd5c512dc472f4bfacdcb96b17a6fd5c08d8a1a37ea2ff7fe

      SHA512

      91b5f4b8eb0fb38629f6869fb84218509d8d3ccde437a69214e6b8a3fcb42eb4d08229219571a86ff2dc32e5e73ee3f452961298c0ffa6e98696738cca58aa6f

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json
      Filesize

      1KB

      MD5

      8f0f68395b92228457e858538db35370

      SHA1

      43d133fa49e2f69f895bdad2bb13147fbdec7214

      SHA256

      f9e7a260abb53f0c306affdb6daaaf99545be46642542e127135d6f40b0b554d

      SHA512

      3b0e8de41f2aa70092fab193e5575b452c686e946f4cc661796ce75f54c3f69620ff194be7e9d15347e0ea2b7149406ea61356ff5c22447b9d98ddeb6b108522

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
      Filesize

      1KB

      MD5

      020ee9ea535b0c08d269ef1cb02ae584

      SHA1

      714ae336d629107d2e5ee053d664c87e5ee384ac

      SHA256

      3c93e52913bbd750b5ba4367ce87283f8e94479388dbb4a9595bb9ba59ded588

      SHA512

      43b8bc88d247057900635d2251d222189aaa7a26665585a95d01aea9c4bdef36a60a02a5d2505874575eb0c888504071217e76f8679f8f8add38ac6fbc73b73c

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json.bak
      Filesize

      1KB

      MD5

      aab13b9fabb35a61412a289842f4c743

      SHA1

      12a72b65f28aa11d491bed047cfe5db674373c7e

      SHA256

      32b0c050c97f53ff581f3dca0d61358e71542e73b9b88d870109d433d5c062cf

      SHA512

      efe4b808484c03d5bd68af6adc9d2945e5f08d51954c4c525f6d47c46a324a7b42b2fa369127e5d5e63367a0d3e0bf94f55725b1abe9b681260aebb7261806f2

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
      Filesize

      1KB

      MD5

      5d0ad85d3ab3be974bee1e7aaaf4765c

      SHA1

      b47139e9358a4bbf0fbc71f6577b46056c861b17

      SHA256

      6d7e9c652ec6f81fc92083b8bcd31bec9f6064930191858732989085fb077a0e

      SHA512

      d1ed3dc15232661e883461b187d10e92035fc5b130f5897b5982c7206607590a5d5e032bbaded79a6a8b1e63b018125ca6d5492070e17e42985f98c9c51f4f34

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\VPNControllerConfig.json
      Filesize

      1KB

      MD5

      d450869bdc8e756fd7b74f93cc8b0153

      SHA1

      c1b58c90c6c69869688f7eb57b083c090a63f80b

      SHA256

      a588ea9e5d1cddf8d4845c3e8e76af86963ab6183385e9aed64f8bda282a86c6

      SHA512

      86a5a86345f7fe8bfdcee28b7dec2782898bb0344ca90806b2e0bfa74bc751b0a66b2de95cfa317838a481a5768dfd84da63b095ea3ded341f175a499b05b409

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\config\VPNServerListConfig.json
      Filesize

      125B

      MD5

      a4186c879c0ce30d0a99fed911fa6bbb

      SHA1

      7a4757904bf6a939604c04263ebe43fa150f7dbb

      SHA256

      f8039e5039e74b88f3ff12da4f926c1916742e93c90db9705ec97a63e384843b

      SHA512

      acf6fe010779d84b4d0fca38de7d6cf084ea0f8009f13a19cc7b83c78c3a37abbc3e7304ee462d1ea6d3c3102a2355bc2c0e0ed9d6ef1efd4edd0e8227b0b36f

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\Actions.dll
      Filesize

      4.5MB

      MD5

      f802ae578c7837e45a8bbdca7e957496

      SHA1

      38754970ba2ef287b6fdf79827795b947a9b6b4d

      SHA256

      5582e488d79a39cb9309ae47a5aa5ecc5a1ea0c238b2b2d06c86232d6ce5547b

      SHA512

      9b097abeafe0d59ed9650f18e877b408eda63c7ec7c28741498f142b10000b2ea5d5f393361886ba98359169195f2aceeee45ff752aa3c334d0b0cc8b6811395

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\ig.exe
      Filesize

      1.8MB

      MD5

      ffe5a249402aecd1d0b141012ef5b3cf

      SHA1

      9fe9b21390d35a0f82097fddaf1ee18e91fd2f2d

      SHA256

      1acc1c8c918e0ac6cdb4fc41d96339959d42a71947a02f573686ee091606ac57

      SHA512

      1f7427472ca3f8a9abf06d761595fadca59b77ccea93477e6d71546a1385d654817cb356585dc05499ef87f61c504511399620852e95a46601f31fc6fa05f2d7

      Download Submit
    • C:\ProgramData\Malwarebytes\MBAMService\lkg_db\sample.dll
      Filesize

      528KB

      MD5

      ad5afe7fe3eac12a647f73aeb3b578bf

      SHA1

      29c482e6b9dd129309224b51297bff65c8914119

      SHA256

      7d2c7bc745e07d54f1c26c06d7438eb40ec6f5d17dfa15928b67d447f4c63747

      SHA512

      5be9f8384cc22bb7d69d8e532e7025675db16777b2d01ca1819a6e3d8c7daaaaa23d842d338d55d74eb9973e230a8f9a11ce7524667fee09b18fbdcb5a49289f

      Download Submit
    • C:\Windows\System32\CatRoot2\dberr.txt
      Filesize

      93KB

      MD5

      c51c25ab4e724ac4c3edb83dee1f050e

      SHA1

      a7f436da8784124e6730499997a7e1b048208cf2

      SHA256

      3d1027e5714f59232f011b6344b485b37ba4b5e188e688e6ade7165f5d632bde

      SHA512

      f4b73c0fb37605d0c20497f5f1ac7736e6fd1ba78b09c4893b7ca57213fa2b18e1af86d2f331da30622a1fded9f6520f8183e2c62569a6b3c0ec6f89b9ed36d0

      Download Submit
    • C:\Windows\System32\drivers\mbamswissarmy.sys
      Filesize

      233KB

      MD5

      4b2cc2d3ebf42659ea5e6e63584e1b76

      SHA1

      0042da8151f2e10a31ecceb60795eb428316e820

      SHA256

      3db4366ccb9d94062388000926c060e2524c7d3ee4b6b7c7cf06f909f747fc6c

      SHA512

      804d64d346b3dbb1ce3095a5d0fa7acc5da0bf832c458e557dac486559fe53144f15f08c444fea84a01471fd5981e68801a809b143c56b5b63e3e16de9db0d98

      Download Submit
    • C:\Windows\Temp\MBInstallTemp900689cb378511ef8fed6a02b38d1b32\ctlrpkg\Malwarebytes_Assistant.runtimeconfig.json
      Filesize

      372B

      MD5

      d94cf983fba9ab1bb8a6cb3ad4a48f50

      SHA1

      04855d8b7a76b7ec74633043ef9986d4500ca63c

      SHA256

      1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

      SHA512

      09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

      Download Submit
    • C:\Windows\Temp\MBInstallTemp900689cb378511ef8fed6a02b38d1b32\ctlrpkg\mbae64.sys
      Filesize

      154KB

      MD5

      95515708f41a7e283d6725506f56f6f2

      SHA1

      9afc20a19db3d2a75b6915d8d9af602c5218735e

      SHA256

      321058a27d7462e55e39d253ad5d8b19a9acf754666400f82fe0542f33e733c6

      SHA512

      d9230901adeecb13b1f92287abe9317cdac458348885b96ef6500960793a7586c76ae374df053be948a35b44abe934aa853975a6ccd3788f93909903cc718c08

      Download Submit
    • C:\Windows\Temp\MBInstallTemp900689cb378511ef8fed6a02b38d1b32\dbclspkg\MBAMCoreV5.dll
      Filesize

      6.3MB

      MD5

      0ccbda151fcaab529e1eeb788d353311

      SHA1

      0b33fbce5034670fbd1e3a4aeac452f2a2ae16eb

      SHA256

      2a6ac5a8677bd1b410420183169b9ca9ec87dbb78ce0f11ebac2bfa022df7c70

      SHA512

      1bf9b8849b27491ecadfb4caf4e61926f9a0a8479c247a2281ba2d7c1ae0587251330ee29cc053630047e279ef6b52d3a125e21144b9688f1328f101bfc3c2e9

      Download Submit
    • C:\Windows\Temp\MBInstallTemp900689cb378511ef8fed6a02b38d1b32\dotnetpkgtmp\shared\Microsoft.NETCore.App\6.0.28\mscordaccore.dll
      Filesize

      1.3MB

      MD5

      3143ffcfcc9818e0cd47cb9a980d2169

      SHA1

      72f1932fda377d3d71cb10f314fd946fab2ea77a

      SHA256

      b7fb9547e4359f6c116bd0dbe36a8ed05b7a490720f5a0d9013284be36b590b7

      SHA512

      904800d157eb010e7d17210f5797409fea005eed46fbf209bca454768b28f74ff3ff468eaad2cfd3642155d4978326274331a0a4e2c701dd7017e56ddfe5424b

      Download Submit
    • C:\Windows\Temp\MBInstallTemp900689cb378511ef8fed6a02b38d1b32\servicepkg\MBAMService.exe
      Filesize

      8.5MB

      MD5

      31804b530a429b25e5763de3e7e5238b

      SHA1

      4d8eb7342a2bad8318ac51a02b7b55f978178422

      SHA256

      1541c57f87f24610dff7a77af7e932992ef574d16ef3c5e7007255776951ee3a

      SHA512

      efb6d78ad79c6edd8378640d2e6082320936b20462279ace63b127602009b06cc7097c822706cdbdbf9603e33372bfb5c8492c0319030a687589def37ba3c416

      Download Submit
    • C:\Windows\Temp\MBInstallTemp900689cb378511ef8fed6a02b38d1b32\servicepkg\mbamelam.cat
      Filesize

      10KB

      MD5

      60608328775d6acf03eaab38407e5b7c

      SHA1

      9f63644893517286753f63ad6d01bc8bfacf79b1

      SHA256

      3ed5a1668713ef80c2b5599b599f1434ad6648999f335cf69757ea3183c70c59

      SHA512

      9f65212121b8a5d1a0625c3baa14ef04a33b091d26f543324333e38dcdb903e02ccc4d009e22c2e85d2f61d954e0b994c2896e52f685003a6ef34758f8a650c7

      Download Submit
    • C:\Windows\Temp\MBInstallTemp900689cb378511ef8fed6a02b38d1b32\servicepkg\mbamelam.inf
      Filesize

      2KB

      MD5

      c481ad4dd1d91860335787aa61177932

      SHA1

      81633414c5bf5832a8584fb0740bc09596b9b66d

      SHA256

      793626d240fd8eefc81b78a57c8dfe12ea247889b6f07918e9fd32a7411aa1c3

      SHA512

      d292e028936412f07264837d4a321ecfa2f5754d4048c8bcf774a0e076e535b361c411301558609d64c71c1ce9b19e6041efa44d201237a7010c553751e1e830

      Download Submit
    • C:\Windows\Temp\MBInstallTemp900689cb378511ef8fed6a02b38d1b32\servicepkg\mbamelam.sys
      Filesize

      20KB

      MD5

      9e77c51e14fa9a323ee1635dc74ecc07

      SHA1

      a78bde0bd73260ce7af9cdc441af9db54d1637c2

      SHA256

      b5619d758ae6a65c1663f065e53e6b68a00511e7d7accb3e07ed94bfd0b1ede0

      SHA512

      a12ccf92bead694f5d3cba7ff7e731a2f862198efc338efc7f33a882fe0eb7499fb3fb533538d0a823e80631a7ca162962fbdfd78e401e3255672910b7140186

      Download Submit
    • \Program Files\Malwarebytes\Anti-Malware\ActionsShim.dll
      Filesize

      2.2MB

      MD5

      13ee270968b2eaf9d45770e831412c0a

      SHA1

      6f4bfee0efd52db649a9378298148fd5ae5001e1

      SHA256

      81a28988d59a8e75b771456f61aa3029f334f2a492da70f53bd93403122e2951

      SHA512

      36f9339f15bd1982fe196eaf23ed879db5fdf1cc1c41683a915d1ee9718053720c9794e77d093a51adf9c20f58b2f5191abeecef41ea87746933c845be48bcde

      Download Submit
    • \Windows\Temp\MBInstallTemp900689cb378511ef8fed6a02b38d1b32\7z.dll
      Filesize

      1.6MB

      MD5

      4da585f081e096a43a574f4f4167947e

      SHA1

      38c81c6deae0e6d35c64c060b26271413a176a49

      SHA256

      623e628393bc4b8131c1f4302b195429dfa67e890d3325ceaa56940660052b1b

      SHA512

      0fe168bf1661691dbaa103e478dd7e46b476db094bf1938bf1ad12ddb8a8f371bf611ff504d2eb3ac319862444cc64a27ebee8735aa3752aa32a399b09427243

      Download Submit